Jump to content

Larry_D

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Everything posted by Larry_D

  1. Gringo, Thank you for your time and expertise in helping me clean up the malware that I managed to pick up. I did donate because your time and effort is very much appreciated, it also means a lot to have a clean computer without having to do a complete back up of files and reinstall everything. Take care, Larry
  2. ESET scan results; C:\TDSSKiller_Quarantine\02.07.2013_13.28.15\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.VZ trojan
  3. Gringo, Happy 4th of July! The computer hungup on a reboot, I did a hard power off. It was slow to boot back up, but I suspect it is rebuilding temp files. It eventually booted up and seems to be working like it should be. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.04.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: LWD-LAPTOP [administrator] Protection: Enabled 7/4/2013 3:59:56 AM mbam-log-2013-07-04 (03-59-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219601 Time elapsed: 12 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:15:04 AM, on 7/4/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\U.S. Cellular Broadband Connect\AvqAutorun.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Admin\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3 O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}] "C:\Program Files\U.S. Cellular Broadband Connect\AvqAutorun.exe" "C:\Program Files\U.S. Cellular Broadband Connect\mphonetools.exe" /OnPlug=%s O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: MPT Service - Unknown owner - C:\Program Files\U.S. Cellular Broadband Connect\mptserv.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9710 bytes
  4. I ran ComboFix with the imbeded script, there weren't any problems running it, other than forgetting to disable my McAfee beforehand (I probably should have waited till after my first cup of coffee . I rebooted and am not getting any errors or unusual messages, got on the internet and browsed without incident. Ran my McAfee update to completion. I'm not seeing anything to complain about... ComboFix 13-07-02.01 - Admin 07/03/2013 7:30.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3453.2543 [GMT -5:00] Running from: c:\users\Admin\Desktop\2013 Malware\ComboFix.exe Command switches used :: c:\users\Admin\Desktop\2013 Malware\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 ))))))))))))))))))))))))))))))) . . 2013-07-03 12:39 . 2013-07-03 12:39 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-07-03 12:39 . 2013-07-03 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-02 18:35 . 2013-07-02 18:35 -------- d-----w- C:\TDSSKiller_Quarantine 2013-07-02 11:10 . 2013-07-02 11:10 -------- d-----w- c:\windows\ERUNT 2013-07-02 11:10 . 2013-07-02 11:10 -------- d-----w- C:\JRT 2013-06-29 22:03 . 2013-06-29 22:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-29 14:16 . 2013-06-29 14:16 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-02 18:37 . 2009-09-13 04:47 185856 ----a-w- c:\windows\system32\drivers\netbt.sys 2013-06-29 22:03 . 2012-08-31 00:25 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-29 22:03 . 2011-02-01 20:37 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-29 14:54 . 2012-04-05 15:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-29 14:54 . 2011-05-19 15:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 19:50 . 2011-02-03 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}"="c:\program files\U.S. Cellular Broadband Connect\AvqAutorun.exe" [2009-10-19 73728] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-15 50688] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2010-11-15 67128] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM] 2009-12-03 06:00 847872 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-04-06 17:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-299159482-988141774-3347236119-1000] "EnableNotificationsRef"=dword:00000002 . S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:54] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 02:04] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 02:04] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-03 07:39 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-07-03 07:41:28 ComboFix-quarantined-files.txt 2013-07-03 12:41 ComboFix2.txt 2013-07-03 03:13 . Pre-Run: 64,988,405,760 bytes free Post-Run: 65,071,824,896 bytes free . - - End Of File - - 8860D2858EDBAB14C508D7C4353C2411 5C616939100B85E558DA92B899A0FC36
  5. I got ComboFix to run. Right off the bat it said it found a Rootkit.ZeroAccess, which it said was a nasty little bugger, and to try internet access and if that was no good, then I needed to run it again. That wasn't necessary. ComboFix completed a bunch of stages, last I saw was about 50. It hung up, I hard power off and it came back up ok. Internet access seems good, Garmin Lifetime updater is still not working (but I suspect that just needs to be reinstalled), and I'm still getting the EEvent Manager error about the System cannot find the path specified, I click ok on that message and it repeats 4 times (this one concerns me). I think that's it for the most part. ComboFix 13-07-02.01 - Admin 07/02/2013 21:32:59.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3453.2758 [GMT -5:00] Running from: c:\users\Admin\Desktop\2013 Malware\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\hpe423D.dll c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\bmp7F75.tmp c:\windows\$NtUninstallKB59503$ c:\windows\$NtUninstallKB59503$\1302308336\L\00000004.@ c:\windows\$NtUninstallKB59503$\1302308336\L\201d3dde c:\windows\$NtUninstallKB59503$\1302308336\L\6715e287 c:\windows\$NtUninstallKB59503$\1302308336\L\76603ac3 c:\windows\$NtUninstallKB59503$\1302308336\L\ogejidap c:\windows\security\Database\tmp.edb c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 ))))))))))))))))))))))))))))))) . . 2013-07-03 02:47 . 2013-07-03 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-03 02:47 . 2013-07-03 02:47 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-07-02 18:35 . 2013-07-02 18:35 -------- d-----w- C:\TDSSKiller_Quarantine 2013-07-02 11:10 . 2013-07-02 11:10 -------- d-----w- c:\windows\ERUNT 2013-07-02 11:10 . 2013-07-02 11:10 -------- d-----w- C:\JRT 2013-06-29 22:03 . 2013-06-29 22:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-29 14:16 . 2013-06-29 14:16 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-02 18:37 . 2009-09-13 04:47 185856 ----a-w- c:\windows\system32\drivers\netbt.sys 2013-06-29 22:03 . 2012-08-31 00:25 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-29 22:03 . 2011-02-01 20:37 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-29 14:54 . 2012-04-05 15:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-29 14:54 . 2011-05-19 15:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 19:50 . 2011-02-03 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}"="c:\program files\U.S. Cellular Broadband Connect\AvqAutorun.exe" [2009-10-19 73728] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-15 50688] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2010-11-15 67128] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM] 2009-12-03 06:00 847872 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-04-06 17:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-299159482-988141774-3347236119-1000] "EnableNotificationsRef"=dword:00000002 . S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:54] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 02:04] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 02:04] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-Netvue - c:\program files\Codeheadz\Netvue\Netvue.exe SafeBoot-44575280.sys SafeBoot-82136964.sys MSConfigStartUp-PCMService - c:\program files\Dell\MediaDirect\PCMService.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1300) c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\U.S. Cellular Broadband Connect\mptserv.exe c:\windows\system32\msiexec.exe c:\windows\system32\STacSV.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-07-02 22:12:59 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-03 03:12 . Pre-Run: 64,819,044,352 bytes free Post-Run: 65,069,211,648 bytes free . - - End Of File - - AF1D37054C19ECFD396CCC36F92AE24D 5C616939100B85E558DA92B899A0FC36
  6. Hi Gringo, everything is so time consuming, and then I just found out my last reply apparently did not save... I ran the TDSSKiller and RogueKiller. The TDSSKiller found 1 file to cure, my computer hung up on the reboot, I had to do a hard power off.   RogueKiller ran ok, except it did not create the file name you specified on the desktop (RKreport[2].txt), it created two files name RKreport[0].txt, I'm including both of them below. After running the processes, my internet explorer appears to be doing ok, I did a couple google searches and went to web sites without being redirected. However my Garmin Lifetime updater appears to be broken. I believe something about System.UnauthorizedAccess. I also am getting an EEvent Manager message about the specified path not being available. I click Ok, and receive the same EEvent Manager messages a total of 4 times. Also, my McAfee update is now working. I have tried to save my reply twice now, so I am attaching the logs in one file. TDSSKiller and RogueKiller Logs.rtf
  7. Good morning Gringo! I disabled my McAfee, and I am running Combofix, it's been running for almost 2 hours. The info box for Combofix says it typically runs for 10 minutes and may double that for badly infected machines. The hard drive light is flickering, and task manager shows CPU activity for swxcacls.3xe (Freeware implementation of XCACLS), and the memory usage also is slowly increasing, it is now at 57,784. I have not received any errors when starting or running it. Do I need to be patient and let it run longer? Thanks, Larry
  8. Here are the adwcleaner and junk ware removal logs; Adwcleaner Log below # AdwCleaner v2.303 - Logfile created 07/02/2013 at 06:01:03 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : Admin - LWD-LAPTOP # Boot Mode : Normal # Running from : C:\Users\Admin\Desktop\2013 Malware\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Users\Admin\AppData\Local\Conduit Folder Deleted : C:\Users\Admin\AppData\Local\Coupon Companion Plugin Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [1668 octets] - [02/07/2013 06:01:03] ########## EOF - C:\AdwCleaner[s1].txt - [1728 octets] ########## Junkware Removal Log below ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista Home Basic x86 Ran by Admin on Tue 07/02/2013 at 6:11:00.25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/02/2013 at 6:13:12.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There seems to be no change in the way my computer is behaving. I got an unwanted web site that poped up, and it is taking forever for a wanted web site to open (in fact Google never did open, I gave up).
  9. I noticed my computer was slower than usual, then I started getting redirected to unknown web sites. That's when I knew there was a problem. I tried updating my McAfee anti-virus, and got an error message (The ordinal 1112 could not be located in the dynamic link library WSOCK32.DLL). I then ran anti-malwarebytes and it found a Trojan.FakeMS and deleted it, subsequent scans have turned up nothing, but I am still being redirected on Internet Explorer. My Java was out of date, I have since updated it. I am on a different computer. Thank you in advance for any help you may offer. I copied and pasted the Anti-Malware log, and the DDS.scr logs below.... Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.29.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: LWD-LAPTOP [administrator] 6/29/2013 4:24:12 PM mbam-log-2013-06-29 (16-24-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216884 Time elapsed: 11 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-299159482-988141774-3347236119-1000\$R63CCE0DA (Trojan.FakeMS) -> Quarantined and deleted successfully. (end) Below is the DDS.txt log; DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.25.2 Run by Admin at 19:11:39 on 2013-07-01 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3453.2531 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\SYSTEM32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Windows\system32\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\U.S. Cellular Broadband Connect\mptserv.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\U.S. Cellular Broadband Connect\AvqAutorun.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBA.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell uSearch Bar = Preserve BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - <orphaned> uRun: [WorkForce 630(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigba.exe /fu "c:\windows\temp\E_SDC72.tmp" /EF "HKCU" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Netvue] c:\program files\codeheadz\netvue\Netvue.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dscactivate] c:\dell\dsca.exe 3 mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}] "c:\program files\u.s. cellular broadband connect\avqautorun.exe" "c:\program files\u.s. cellular broadband connect\mphonetools.exe" /OnPlug=%s mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll LSP: mswsock.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{1A61FE8B-0DB9-45F4-9009-8F353BD146C7} : DHCPNameServer = 192.168.0.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-2-28 72680] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-2-28 33960] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-2-28 171272] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-1-3 54544] S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2011-1-3 22032] S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-1-3 12048] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-1-3 160400] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-1-3 115216] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-1-3 160400] . =============== Created Last 30 ================ . 2013-06-29 22:03:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-29 14:16:55 -------- d-sh--w- c:\windows\system32\%APPDATA% . ==================== Find3M ==================== . 2013-06-29 22:03:14 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-29 22:03:14 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-29 14:54:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-29 14:54:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:13:26.26 =============== Below is the Attach.txt log; . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 11/15/2007 4:49:14 AM System Uptime: 7/1/2013 6:56:47 PM (1 hours ago) . Motherboard: Dell Inc. | | 0KY766 Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Microprocessor | 1800/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 61.032 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.429 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0027 Manufacturer: Microsoft Name: isatap.{BE309BD6-766E-4A24-BB81-BC6F17E6B991} PNP Device ID: ROOT\*ISATAP\0027 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center ATI PCI Express (3GIO) Filter Driver Avanquest update Bonjour Broadcom Management Programs Browser Address Error Redirector Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Conexant HDA D330 MDC V.92 Modem D3DX10 Dell System Customization Wizard Dell Touchpad Dell Wireless WLAN Card Digital Line Detect Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 630 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 Garmin Communicator Plugin Garmin Lifetime Updater Garmin POI Loader Garmin USB Drivers Garmin WebUpdater Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP ENVY 110 series Basic Device Software iTunes Java 7 Update 25 Java Auto Updater Java SE Runtime Environment 6 Logitech Desktop Messenger Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.75.0.1300 McAfee AntiSpyware Enterprise Module McAfee VirusScan Enterprise Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mobile PhoneTools Modem Diagnostic Tool Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.3 PANTECH USB Modem V2 Picasa 3 PowerDVD Product Documentation Launcher QuickSet QuickTime Remote Control USB Driver Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skins Sonic Activation Module TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wmoiper TurboTax 2012 wrapper U.S. Cellular Broadband Connect Update for Microsoft .NET Framework 3.5 SP1 (KB963707) User's Guides Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) WOT for Internet Explorer . ==== End Of File ===========================
  10. Larry, Sounds good. I will perform the clean up procedures, and read through the recommended topics. Thank you for all your help, it is so much better to be able to recover a pc than to have to recover files and rebuild it from scratch. For a free service you have been exceptional, it is well worth a donation. Hopefully you do not hear back from me... Larry
  11. It's running good, seems better than it has for a while.
  12. Ok, got combofix to run, and here are the results. ComboFix 11-01-31.02 - Terra 02/04/2011 12:05:12.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1935 [GMT -6:00] Running from: c:\documents and settings\Terra\Desktop\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winlogon.exe.exe . ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 ))))))))))))))))))))))))))))))) . 2011-02-04 01:41 . 2008-04-14 11:00 17280 ----a-w- c:\windows\system32\drivers\mraid35x.sys 2011-02-04 01:37 . 2008-04-14 11:00 17280 ----a-w- C:\mraid35x.sys 2011-02-03 18:42 . 2011-02-03 18:42 -------- d-----w- c:\documents and settings\Terra\Application Data\Malwarebytes 2011-02-03 18:34 . 2011-02-03 18:34 -------- d-----w- c:\documents and settings\Terra\Local Settings\Application Data\BVRP Software 2011-02-03 16:12 . 2011-02-03 16:12 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes 2011-02-03 16:12 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-03 16:12 . 2011-02-03 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-03 16:12 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-03 16:12 . 2011-02-03 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-03 16:11 . 2011-02-03 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-02-03 16:00 . 2011-02-03 16:00 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\BVRP Software 2011-02-03 16:00 . 2009-10-27 07:28 22032 ----a-w- c:\windows\system32\drivers\PTUMWCDF.sys 2011-02-03 16:00 . 2009-10-27 07:28 115216 ----a-w- c:\windows\system32\drivers\PTUMWNET.sys 2011-02-03 16:00 . 2009-10-27 07:28 12048 ----a-w- c:\windows\system32\drivers\PTUMWFLT.sys 2011-02-03 16:00 . 2009-09-09 09:01 10440 ----a-w- c:\windows\system32\ptumwcit.dll 2011-02-03 16:00 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWVsp.sys 2011-02-03 15:59 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWMdm.sys 2011-02-03 15:58 . 2009-10-27 07:28 54544 ----a-w- c:\windows\system32\drivers\PTUMWBus.sys 2011-02-03 15:58 . 2009-11-09 10:03 112144 ----a-w- c:\windows\system32\ptumwmcp64.dll 2011-02-03 15:58 . 2009-11-09 10:03 100880 ----a-w- c:\windows\system32\ptumwmcp.dll 2011-02-03 15:58 . 2009-10-21 21:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2011-02-03 15:58 . 2011-02-03 15:58 -------- d-----w- c:\program files\PANTECH 2011-02-03 15:58 . 2010-03-03 00:38 38144 ----a-w- c:\windows\system32\drivers\BVRPMPR5.SYS 2011-02-03 15:57 . 2011-02-03 15:57 -------- d-----w- c:\program files\Common Files\Avanquest software Shared 2011-02-03 15:57 . 2011-02-03 16:01 -------- d-----w- c:\program files\U.S. Cellular Broadband Connect 2011-02-03 15:47 . 2011-02-03 15:47 -------- d-----w- c:\documents and settings\Larry\Application Data\Epson 2011-01-17 21:31 . 2007-03-29 00:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll 2011-01-17 21:31 . 2006-12-20 00:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll 2011-01-17 21:31 . 2003-12-17 07:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll 2011-01-17 21:31 . 2007-09-07 23:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll 2011-01-17 21:31 . 2006-12-20 00:20 77824 ----a-w- c:\windows\system32\EBAPI.dll 2011-01-17 20:51 . 2011-02-03 15:47 -------- d-----w- c:\documents and settings\Larry\Application Data\Gtek 2011-01-17 20:51 . 2011-01-18 00:16 -------- d-----w- c:\documents and settings\User 2011-01-17 20:51 . 2011-01-17 20:51 -------- d-----w- c:\documents and settings\Guest\Application Data\Gtek 2011-01-17 20:50 . 2011-01-17 20:51 -------- d--h--w- c:\documents and settings\Terra\Application Data\GTek 2011-01-17 20:49 . 2011-01-17 20:51 -------- d--ha-w- c:\documents and settings\All Users\Application Data\GTek 2011-01-17 20:49 . 2011-01-17 20:51 -------- d-----w- c:\program files\Linksys EasyLink Advisor 2011-01-17 19:18 . 2008-12-01 19:00 457611 ----a-w- c:\windows\system32\ensppui.dll 2011-01-17 19:18 . 2008-12-01 19:00 457611 ----a-w- c:\windows\system32\enppui.dll 2011-01-17 19:18 . 2008-12-01 18:58 474892 ----a-w- c:\windows\system32\ensppmon.dll 2011-01-17 19:18 . 2008-12-01 18:58 474892 ----a-w- c:\windows\system32\enppmon.dll 2011-01-17 19:18 . 2008-06-18 17:49 249344 ----a-w- c:\windows\system32\enspres.dll 2011-01-17 19:18 . 2008-06-18 17:49 249344 ----a-w- c:\windows\system32\enpres.dll 2011-01-17 19:18 . 2011-01-17 19:18 -------- d-----w- c:\program files\EpsonNet 2011-01-17 18:35 . 2011-01-17 18:35 -------- d-----w- c:\documents and settings\Terra\Application Data\Leadertech 2011-01-17 18:32 . 2011-01-17 18:32 -------- d-----w- c:\documents and settings\Terra\Local Settings\Application Data\ABBYY 2011-01-17 18:26 . 2011-01-17 18:33 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint 2011-01-17 18:26 . 2011-01-17 18:26 -------- d-----w- c:\program files\Common Files\ABBYY 2011-01-17 18:26 . 2011-01-17 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY 2011-01-17 18:22 . 2011-01-17 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2011-01-17 18:15 . 2011-01-17 21:31 -------- d-----w- c:\program files\Common Files\EPSON 2011-01-17 18:15 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-17 18:15 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-17 18:09 . 2009-09-17 06:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2011-01-17 18:09 . 2009-05-01 06:00 15872 ----a-w- c:\windows\system32\escdev.dll 2011-01-17 18:09 . 2009-05-01 06:00 128392 ----a-w- c:\windows\system32\esdevapp.exe 2011-01-17 18:08 . 2011-01-17 18:34 -------- d-----w- c:\program files\epson 2011-01-12 00:40 . 2011-01-12 00:40 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-04 01:04 . 2008-11-25 11:33 90112 ----a-w- c:\windows\DUMP2d0b.tmp 2010-11-18 18:12 . 2008-11-25 17:59 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-14 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll . ((((((((((((((((((((((((((((( SnapShot@2011-02-03_19.33.44 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 10:00 . 2008-04-14 10:00 17280 c:\windows\system32\drivers\x-mraid35x.sys + 2008-04-14 10:00 . 2008-04-14 12:42 507904 c:\windows\system32\winlogon.exe - 2008-04-14 10:00 . 2008-04-14 10:00 507904 c:\windows\system32\winlogon.exe + 2008-04-14 10:00 . 2008-04-14 12:42 1033728 c:\windows\explorer.exe - 2008-04-14 10:00 . 2008-04-14 10:00 1033728 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SoundMan"="SOUNDMAN.EXE" [2002-09-28 47104] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}"="c:\program files\U.S. Cellular Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728] c:\documents and settings\Larry\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Terra\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-2-14 49254] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-14 113664] NETGEAR WPN311 Wireless Assistant.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2005-4-19 4521984] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"= R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 5:07 PM 759048] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/25/2008 2:21 PM 67904] S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [11/25/2008 5:51 AM 45696] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/25/2008 2:21 PM 64432] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2/3/2011 9:58 AM 54544] S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2/3/2011 10:00 AM 22032] S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2/3/2011 10:00 AM 12048] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2/3/2011 9:59 AM 160400] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2/3/2011 10:00 AM 115216] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2/3/2011 10:00 AM 160400] . Contents of the 'Scheduled Tasks' folder 2011-02-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyServer = http=127.0.0.1:8992 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-04 12:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-02-04 12:12:33 ComboFix-quarantined-files.txt 2011-02-04 18:12 ComboFix2.txt 2011-02-03 19:35 Pre-Run: 75,754,127,360 bytes free Post-Run: 75,739,336,704 bytes free - - End Of File - - A06D72F9CB33713F84F69661C9F3535A 2011-02-04 18:46:06 . 2008-04-14 12:42:40 507,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.exe.vir 2011-02-03 19:34:33 . 2011-02-03 19:34:33 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat 2011-02-03 19:31:14 . 2011-02-04 18:09:21 10,227 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-02-03 19:21:51 . 2011-02-04 18:04:18 102 ----a-w- C:\Qoobox\Quarantine\catchme.log 2011-02-03 15:58:07 . 2011-02-03 15:58:07 148,736 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\hpeF.dll.vir 2008-04-14 10:00:00 . 2008-04-14 10:00:00 3,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nt.dll.vir
  13. I got a small window stating that pev.exe has encountered a problem and needs to close. I clicked on do not send info to microsoft. A combofix windows opened that says Please wait. ComboFix is preparing to run. It does not appear to be doing any more and my hard drive activity light is not showing any activity.
  14. I'm getting the warm and fuzzy feeling again.... I rebooted normal, and am preparing to run a new combofix. I'll report back.
  15. I do not have that folder, but I do have a folder with source files. The files are named winlogon.ex_ and explorer.ex_ Note the _. Can I use those files?
  16. LD, No luck with the chkdsk /r. I copied the mraid35 files from my other pc, still no luck. My PC still will not boot. I have SP 3 installed, could this have been a problem? I can access the files on the hard drive via a boot up cd. Here are the results from the combofix log and the combofix quarantine logs; ComboFix 11-01-31.02 - Terra 02/03/2011 13:28:35.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2067 [GMT -6:00] Running from: c:\documents and settings\Terra\Desktop\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\hpeF.dll c:\windows\system32\nt.dll c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 ))))))))))))))))))))))))))))))) . 2011-02-03 18:42 . 2011-02-03 18:42 -------- d-----w- c:\documents and settings\Terra\Application Data\Malwarebytes 2011-02-03 18:34 . 2011-02-03 18:34 -------- d-----w- c:\documents and settings\Terra\Local Settings\Application Data\BVRP Software 2011-02-03 16:12 . 2011-02-03 16:12 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes 2011-02-03 16:12 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-03 16:12 . 2011-02-03 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-03 16:12 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-03 16:12 . 2011-02-03 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-03 16:11 . 2011-02-03 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-02-03 16:00 . 2011-02-03 16:00 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\BVRP Software 2011-02-03 16:00 . 2009-10-27 07:28 22032 ----a-w- c:\windows\system32\drivers\PTUMWCDF.sys 2011-02-03 16:00 . 2009-10-27 07:28 115216 ----a-w- c:\windows\system32\drivers\PTUMWNET.sys 2011-02-03 16:00 . 2009-10-27 07:28 12048 ----a-w- c:\windows\system32\drivers\PTUMWFLT.sys 2011-02-03 16:00 . 2009-09-09 09:01 10440 ----a-w- c:\windows\system32\ptumwcit.dll 2011-02-03 16:00 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWVsp.sys 2011-02-03 15:59 . 2009-10-27 07:28 160400 ----a-w- c:\windows\system32\drivers\PTUMWMdm.sys 2011-02-03 15:58 . 2009-10-27 07:28 54544 ----a-w- c:\windows\system32\drivers\PTUMWBus.sys 2011-02-03 15:58 . 2009-11-09 10:03 112144 ----a-w- c:\windows\system32\ptumwmcp64.dll 2011-02-03 15:58 . 2009-11-09 10:03 100880 ----a-w- c:\windows\system32\ptumwmcp.dll 2011-02-03 15:58 . 2009-10-21 21:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2011-02-03 15:58 . 2011-02-03 15:58 -------- d-----w- c:\program files\PANTECH 2011-02-03 15:58 . 2010-03-03 00:38 38144 ----a-w- c:\windows\system32\drivers\BVRPMPR5.SYS 2011-02-03 15:57 . 2011-02-03 15:57 -------- d-----w- c:\program files\Common Files\Avanquest software Shared 2011-02-03 15:57 . 2011-02-03 16:01 -------- d-----w- c:\program files\U.S. Cellular Broadband Connect 2011-02-03 15:47 . 2011-02-03 15:47 -------- d-----w- c:\documents and settings\Larry\Application Data\Epson 2011-01-17 21:31 . 2007-03-29 00:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll 2011-01-17 21:31 . 2006-12-20 00:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll 2011-01-17 21:31 . 2003-12-17 07:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll 2011-01-17 21:31 . 2007-09-07 23:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll 2011-01-17 21:31 . 2006-12-20 00:20 77824 ----a-w- c:\windows\system32\EBAPI.dll 2011-01-17 20:51 . 2011-02-03 15:47 -------- d-----w- c:\documents and settings\Larry\Application Data\Gtek 2011-01-17 20:51 . 2011-01-18 00:16 -------- d-----w- c:\documents and settings\User 2011-01-17 20:51 . 2011-01-17 20:51 -------- d-----w- c:\documents and settings\Guest\Application Data\Gtek 2011-01-17 20:50 . 2011-01-17 20:51 -------- d--h--w- c:\documents and settings\Terra\Application Data\GTek 2011-01-17 20:49 . 2011-01-17 20:51 -------- d--ha-w- c:\documents and settings\All Users\Application Data\GTek 2011-01-17 20:49 . 2011-01-17 20:51 -------- d-----w- c:\program files\Linksys EasyLink Advisor 2011-01-17 19:18 . 2008-12-01 19:00 457611 ----a-w- c:\windows\system32\ensppui.dll 2011-01-17 19:18 . 2008-12-01 19:00 457611 ----a-w- c:\windows\system32\enppui.dll 2011-01-17 19:18 . 2008-12-01 18:58 474892 ----a-w- c:\windows\system32\ensppmon.dll 2011-01-17 19:18 . 2008-12-01 18:58 474892 ----a-w- c:\windows\system32\enppmon.dll 2011-01-17 19:18 . 2008-06-18 17:49 249344 ----a-w- c:\windows\system32\enspres.dll 2011-01-17 19:18 . 2008-06-18 17:49 249344 ----a-w- c:\windows\system32\enpres.dll 2011-01-17 19:18 . 2011-01-17 19:18 -------- d-----w- c:\program files\EpsonNet 2011-01-17 18:35 . 2011-01-17 18:35 -------- d-----w- c:\documents and settings\Terra\Application Data\Leadertech 2011-01-17 18:32 . 2011-01-17 18:32 -------- d-----w- c:\documents and settings\Terra\Local Settings\Application Data\ABBYY 2011-01-17 18:26 . 2011-01-17 18:33 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint 2011-01-17 18:26 . 2011-01-17 18:26 -------- d-----w- c:\program files\Common Files\ABBYY 2011-01-17 18:26 . 2011-01-17 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY 2011-01-17 18:22 . 2011-01-17 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2011-01-17 18:15 . 2011-01-17 21:31 -------- d-----w- c:\program files\Common Files\EPSON 2011-01-17 18:15 . 2008-04-14 06:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-17 18:15 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-17 18:09 . 2009-09-17 06:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2011-01-17 18:09 . 2009-05-01 06:00 15872 ----a-w- c:\windows\system32\escdev.dll 2011-01-17 18:09 . 2009-05-01 06:00 128392 ----a-w- c:\windows\system32\esdevapp.exe 2011-01-17 18:08 . 2011-01-17 18:34 -------- d-----w- c:\program files\epson 2011-01-12 00:40 . 2011-01-12 00:40 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:12 . 2008-11-25 17:59 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2008-04-14 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2008-04-14 10:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2008-04-14 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2008-04-14 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl . ------- Sigcheck ------- [-] 2008-04-14 . D2E35BCDFBAB9D0390F140E6B50DB6C6 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . 5C6DF4D9091F6551A60E8AACE7B1B07D . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SoundMan"="SOUNDMAN.EXE" [2002-09-28 47104] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}"="c:\program files\U.S. Cellular Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728] c:\documents and settings\Larry\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Terra\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-2-14 49254] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-14 113664] NETGEAR WPN311 Wireless Assistant.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2005-4-19 4521984] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"= R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 5:07 PM 759048] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/25/2008 2:21 PM 67904] R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2/3/2011 9:58 AM 54544] R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2/3/2011 10:00 AM 12048] R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2/3/2011 9:59 AM 160400] R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2/3/2011 10:00 AM 115216] R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2/3/2011 10:00 AM 160400] S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [11/25/2008 5:51 AM 45696] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/25/2008 2:21 PM 64432] S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2/3/2011 10:00 AM 22032] . Contents of the 'Scheduled Tasks' folder 2011-02-03 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {8A60E961-A8BB-488B-96E5-E078265AD1D5} = 166.181.191.17 166.181.127.17 . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-03 13:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-02-03 13:35:41 ComboFix-quarantined-files.txt 2011-02-03 19:35 Pre-Run: 75,722,969,088 bytes free Post-Run: 75,744,952,320 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BDD0B3A36EC748B34768A6C7DEBB7C5E 2011-02-03 19:34:33 . 2011-02-03 19:34:33 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat 2011-02-03 19:31:14 . 2011-02-03 19:31:14 10,399 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-02-03 19:21:51 . 2011-02-03 19:21:51 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2011-02-03 15:58:07 . 2011-02-03 15:58:07 148,736 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\hpeF.dll.vir 2008-04-14 10:00:00 . 2008-04-14 10:00:00 3,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nt.dll.vir Any hope of salvaging this?
  17. Hey, didn't expect you back for a while. I do not have the XP OS disk, however I do have a utility disk based on BART which I can boot from and am now running chkdsk /r. I did power up my other PC and copied the mraid35x file from it. I will wait to see what happens with the chkdsk /r first, and then try replacing the file. This may take a while, I'll get back once it is done. Thank you.
  18. Actually.. I forgot I cannot get into recovery console, I get the mraid35x.sy_ is corrupted message..... recovery console will not run
  19. I have a 3rd PC with XP, I believe they are the same SP and all. If need be I probably can copy some files from one PC to the other. ComboFix installed the recovery console. I'll run the chkdsk /r.
  20. last known = reboot enable vga mode = reboot disable restart on failure = BSOD recovery console = mraid35x.sy_ corrupt file safe mode = reboot I'm not getting a warm and fuzzy feeling at this point.
  21. I ran ComboFix and my PC found a couple of issues, it broke explorer, I had to manually reset the PC, upon restart it gets to the XP splash screen and loops back to the beginning. I did try to start windows as normally and it gave me a message that file MRAID35X.SY_ is corrupted. I'm on my other computer and cannot access the combofix log file to include that info.
  22. MBAM found a few items and cleaned them. I did not run the ATF Cleaner first, does that matter? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/3/2011 12:49:32 PM mbam-log-2011-02-03 (12-49-32).txt Scan type: Quick scan Objects scanned: 174415 Time elapsed: 5 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\uuauthxs (Trojan.FakeAlert.Gen) -> Value: uuauthxs -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  23. I'm logged in as my wife and (knock on wood) things seem to be ok.....
  24. It came up clean. 2011/02/03 12:19:53.0734 2976 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/03 12:19:54.0390 2976 ================================================================================ 2011/02/03 12:19:54.0390 2976 SystemInfo: 2011/02/03 12:19:54.0390 2976 2011/02/03 12:19:54.0390 2976 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/03 12:19:54.0390 2976 Product type: Workstation 2011/02/03 12:19:54.0390 2976 ComputerName: CABIN-2 2011/02/03 12:19:54.0390 2976 UserName: Larry 2011/02/03 12:19:54.0390 2976 Windows directory: C:\WINDOWS 2011/02/03 12:19:54.0390 2976 System windows directory: C:\WINDOWS 2011/02/03 12:19:54.0390 2976 Processor architecture: Intel x86 2011/02/03 12:19:54.0390 2976 Number of processors: 1 2011/02/03 12:19:54.0390 2976 Page size: 0x1000 2011/02/03 12:19:54.0390 2976 Boot type: Normal boot 2011/02/03 12:19:54.0390 2976 ================================================================================ 2011/02/03 12:19:54.0765 2976 Initialize success 2011/02/03 12:19:57.0593 2852 ================================================================================ 2011/02/03 12:19:57.0593 2852 Scan started 2011/02/03 12:19:57.0593 2852 Mode: Manual; 2011/02/03 12:19:57.0593 2852 ================================================================================ 2011/02/03 12:19:58.0781 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/03 12:19:58.0843 2852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/03 12:19:59.0046 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/03 12:19:59.0140 2852 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/02/03 12:19:59.0328 2852 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/03 12:19:59.0593 2852 ALCXWDM (4ec917cce82c6c28b1529b15ecf90c7a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/02/03 12:19:59.0906 2852 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 2011/02/03 12:20:00.0078 2852 AR5211 (f6f31f142a2ff302b8d1ecda9fe14a6b) C:\WINDOWS\system32\DRIVERS\WPN311.sys 2011/02/03 12:20:00.0375 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/03 12:20:00.0515 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/03 12:20:00.0625 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/03 12:20:00.0718 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/03 12:20:00.0843 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/03 12:20:00.0984 2852 BVRPMPR5 (ced1d7aba4eeaadd5d2985c5fce7f57d) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2011/02/03 12:20:01.0140 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/03 12:20:01.0250 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/03 12:20:01.0328 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/03 12:20:01.0421 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/03 12:20:01.0578 2852 cirrus (a7d38b7c4c69c72dfa98129cac1f9f1b) C:\WINDOWS\system32\DRIVERS\cirrus.sys 2011/02/03 12:20:02.0000 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/03 12:20:02.0109 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/03 12:20:02.0218 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/03 12:20:02.0281 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/03 12:20:02.0359 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/03 12:20:02.0500 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/03 12:20:02.0593 2852 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/03 12:20:02.0765 2852 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys 2011/02/03 12:20:02.0937 2852 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys 2011/02/03 12:20:03.0109 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/03 12:20:03.0203 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/03 12:20:03.0296 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/03 12:20:03.0390 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/03 12:20:03.0484 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/03 12:20:03.0578 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/03 12:20:03.0656 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/03 12:20:03.0750 2852 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/02/03 12:20:04.0031 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/03 12:20:04.0234 2852 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys 2011/02/03 12:20:04.0468 2852 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/03 12:20:04.0625 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/03 12:20:04.0906 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/03 12:20:04.0968 2852 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/02/03 12:20:05.0281 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/03 12:20:05.0500 2852 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/03 12:20:05.0625 2852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/03 12:20:05.0687 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/03 12:20:05.0718 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/03 12:20:05.0796 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/03 12:20:05.0875 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/03 12:20:05.0968 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/03 12:20:06.0031 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/03 12:20:06.0093 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/03 12:20:06.0187 2852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/03 12:20:06.0265 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/03 12:20:06.0343 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/03 12:20:06.0593 2852 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/02/03 12:20:06.0812 2852 mfeapfk (d0813cf480e3d38a265f3be86522bf3b) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/02/03 12:20:06.0890 2852 mfeavfk (04440cc0f5f89933babd585cc5f2f70e) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/02/03 12:20:06.0984 2852 mfebopk (f6e257c31e0c354a2ed22bf5026c2466) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/02/03 12:20:07.0062 2852 mfehidk (79fae8ce9a478f79b74873a810c8227e) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/02/03 12:20:07.0156 2852 mferkdet (f21bf10a3784e52eec925bb5f7d3fffa) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/02/03 12:20:07.0234 2852 mfetdik (f2d4d0f8e230257a0be36df803b549d1) C:\WINDOWS\system32\drivers\mfetdik.sys 2011/02/03 12:20:07.0359 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/03 12:20:07.0468 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/03 12:20:07.0546 2852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/03 12:20:07.0640 2852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/03 12:20:07.0765 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/03 12:20:07.0843 2852 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/03 12:20:07.0984 2852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/03 12:20:08.0093 2852 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/03 12:20:08.0390 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/03 12:20:08.0500 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/03 12:20:08.0640 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/03 12:20:08.0703 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/03 12:20:08.0812 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/03 12:20:08.0890 2852 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2011/02/03 12:20:09.0015 2852 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/03 12:20:09.0093 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/03 12:20:09.0156 2852 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/03 12:20:09.0250 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/03 12:20:09.0296 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/03 12:20:09.0375 2852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/03 12:20:09.0531 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/03 12:20:09.0609 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/03 12:20:09.0953 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/03 12:20:10.0093 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/03 12:20:10.0234 2852 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/02/03 12:20:10.0406 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/03 12:20:10.0593 2852 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/03 12:20:10.0765 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/03 12:20:10.0828 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/03 12:20:10.0984 2852 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/02/03 12:20:11.0062 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/03 12:20:11.0156 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/03 12:20:11.0234 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/03 12:20:11.0312 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/03 12:20:11.0437 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/03 12:20:11.0546 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/03 12:20:12.0078 2852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/03 12:20:12.0156 2852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/03 12:20:12.0250 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/03 12:20:12.0328 2852 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys 2011/02/03 12:20:12.0625 2852 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys 2011/02/03 12:20:12.0859 2852 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys 2011/02/03 12:20:13.0093 2852 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys 2011/02/03 12:20:13.0343 2852 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys 2011/02/03 12:20:13.0593 2852 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys 2011/02/03 12:20:14.0125 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/03 12:20:14.0265 2852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/03 12:20:14.0328 2852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/03 12:20:14.0406 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/03 12:20:14.0484 2852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/03 12:20:14.0593 2852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/03 12:20:14.0703 2852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/03 12:20:14.0812 2852 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/03 12:20:14.0921 2852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/03 12:20:15.0171 2852 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/02/03 12:20:15.0328 2852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/03 12:20:15.0406 2852 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/03 12:20:15.0484 2852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/03 12:20:15.0625 2852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/03 12:20:15.0796 2852 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/02/03 12:20:15.0906 2852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/03 12:20:16.0000 2852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/03 12:20:16.0078 2852 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/03 12:20:16.0343 2852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/03 12:20:16.0406 2852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/03 12:20:16.0531 2852 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/03 12:20:16.0781 2852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/03 12:20:16.0890 2852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/03 12:20:16.0984 2852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/03 12:20:17.0078 2852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/03 12:20:17.0187 2852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/03 12:20:17.0421 2852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/03 12:20:17.0562 2852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/03 12:20:17.0718 2852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/03 12:20:17.0796 2852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/03 12:20:17.0859 2852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/03 12:20:17.0937 2852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/03 12:20:18.0015 2852 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/03 12:20:18.0078 2852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/03 12:20:18.0140 2852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/03 12:20:18.0218 2852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/03 12:20:18.0312 2852 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/03 12:20:18.0390 2852 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/03 12:20:18.0468 2852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/03 12:20:18.0609 2852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/03 12:20:18.0703 2852 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/03 12:20:18.0921 2852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/03 12:20:19.0328 2852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/03 12:20:19.0390 2852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/03 12:20:19.0843 2852 ================================================================================ 2011/02/03 12:20:19.0843 2852 Scan finished 2011/02/03 12:20:19.0843 2852 ================================================================================ 2011/02/03 12:20:57.0453 2996 Deinitialize success
  25. Logged in with my id. Ran TDSSKiller, it found a malicious obect. Here's the log; 2011/02/03 11:52:21.0294 0900 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/03 11:52:22.0060 0900 ================================================================================ 2011/02/03 11:52:22.0060 0900 SystemInfo: 2011/02/03 11:52:22.0060 0900 2011/02/03 11:52:22.0060 0900 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/03 11:52:22.0060 0900 Product type: Workstation 2011/02/03 11:52:22.0060 0900 ComputerName: CABIN-2 2011/02/03 11:52:22.0060 0900 UserName: Larry 2011/02/03 11:52:22.0060 0900 Windows directory: C:\WINDOWS 2011/02/03 11:52:22.0060 0900 System windows directory: C:\WINDOWS 2011/02/03 11:52:22.0060 0900 Processor architecture: Intel x86 2011/02/03 11:52:22.0060 0900 Number of processors: 1 2011/02/03 11:52:22.0060 0900 Page size: 0x1000 2011/02/03 11:52:22.0060 0900 Boot type: Normal boot 2011/02/03 11:52:22.0060 0900 ================================================================================ 2011/02/03 11:52:22.0450 0900 Initialize success 2011/02/03 11:52:24.0654 2284 ================================================================================ 2011/02/03 11:52:24.0654 2284 Scan started 2011/02/03 11:52:24.0654 2284 Mode: Manual; 2011/02/03 11:52:24.0654 2284 ================================================================================ 2011/02/03 11:52:25.0935 2284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/03 11:52:25.0997 2284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/03 11:52:26.0091 2284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/03 11:52:26.0185 2284 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/02/03 11:52:26.0404 2284 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/03 11:52:26.0732 2284 ALCXWDM (4ec917cce82c6c28b1529b15ecf90c7a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/02/03 11:52:27.0060 2284 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 2011/02/03 11:52:27.0201 2284 AR5211 (f6f31f142a2ff302b8d1ecda9fe14a6b) C:\WINDOWS\system32\DRIVERS\WPN311.sys 2011/02/03 11:52:27.0513 2284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/03 11:52:27.0576 2284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/03 11:52:27.0669 2284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/03 11:52:27.0826 2284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/03 11:52:27.0904 2284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/03 11:52:28.0013 2284 BVRPMPR5 (ced1d7aba4eeaadd5d2985c5fce7f57d) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2011/02/03 11:52:28.0169 2284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/03 11:52:28.0310 2284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/03 11:52:28.0373 2284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/03 11:52:28.0451 2284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/03 11:52:28.0560 2284 cirrus (a7d38b7c4c69c72dfa98129cac1f9f1b) C:\WINDOWS\system32\DRIVERS\cirrus.sys 2011/02/03 11:52:28.0966 2284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/03 11:52:29.0060 2284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/03 11:52:29.0185 2284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/03 11:52:29.0248 2284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/03 11:52:29.0373 2284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/03 11:52:29.0544 2284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/03 11:52:29.0638 2284 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/03 11:52:29.0826 2284 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys 2011/02/03 11:52:30.0013 2284 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys 2011/02/03 11:52:30.0201 2284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/03 11:52:30.0295 2284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/03 11:52:30.0513 2284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/03 11:52:30.0716 2284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/03 11:52:30.0841 2284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/03 11:52:30.0935 2284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/03 11:52:31.0013 2284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/03 11:52:31.0060 2284 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/02/03 11:52:31.0138 2284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/03 11:52:31.0248 2284 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys 2011/02/03 11:52:31.0529 2284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/03 11:52:31.0701 2284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/03 11:52:31.0935 2284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/03 11:52:32.0045 2284 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/02/03 11:52:32.0404 2284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/03 11:52:32.0592 2284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/03 11:52:32.0701 2284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/03 11:52:32.0826 2284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/03 11:52:32.0888 2284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/03 11:52:32.0967 2284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/03 11:52:33.0045 2284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/03 11:52:33.0107 2284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/03 11:52:33.0201 2284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/03 11:52:33.0295 2284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/03 11:52:33.0373 2284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/03 11:52:33.0467 2284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/03 11:52:33.0514 2284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/03 11:52:33.0732 2284 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/02/03 11:52:34.0045 2284 mfeapfk (d0813cf480e3d38a265f3be86522bf3b) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/02/03 11:52:34.0123 2284 mfeavfk (04440cc0f5f89933babd585cc5f2f70e) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/02/03 11:52:34.0201 2284 mfebopk (f6e257c31e0c354a2ed22bf5026c2466) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/02/03 11:52:34.0264 2284 mfehidk (79fae8ce9a478f79b74873a810c8227e) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/02/03 11:52:34.0373 2284 mferkdet (f21bf10a3784e52eec925bb5f7d3fffa) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/02/03 11:52:34.0467 2284 mfetdik (f2d4d0f8e230257a0be36df803b549d1) C:\WINDOWS\system32\drivers\mfetdik.sys 2011/02/03 11:52:34.0592 2284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/03 11:52:34.0748 2284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/03 11:52:34.0826 2284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/03 11:52:34.0935 2284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/03 11:52:35.0029 2284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/03 11:52:35.0092 2284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/03 11:52:35.0264 2284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/03 11:52:35.0373 2284 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/03 11:52:35.0686 2284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/03 11:52:35.0779 2284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/03 11:52:35.0857 2284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/03 11:52:35.0936 2284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/03 11:52:36.0092 2284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/03 11:52:36.0139 2284 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2011/02/03 11:52:36.0279 2284 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/03 11:52:36.0373 2284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/03 11:52:36.0436 2284 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/03 11:52:36.0529 2284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/03 11:52:36.0592 2284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/03 11:52:36.0732 2284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/03 11:52:36.0873 2284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/03 11:52:36.0983 2284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/03 11:52:37.0139 2284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/03 11:52:37.0248 2284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/03 11:52:37.0420 2284 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/02/03 11:52:37.0592 2284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/03 11:52:37.0748 2284 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/03 11:52:37.0920 2284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/03 11:52:37.0983 2284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/03 11:52:38.0139 2284 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/02/03 11:52:38.0201 2284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/03 11:52:38.0264 2284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/03 11:52:38.0342 2284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/03 11:52:38.0420 2284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/03 11:52:38.0545 2284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/03 11:52:38.0623 2284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/03 11:52:39.0045 2284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/03 11:52:39.0123 2284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/03 11:52:39.0217 2284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/03 11:52:39.0280 2284 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys 2011/02/03 11:52:39.0623 2284 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys 2011/02/03 11:52:39.0717 2284 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys 2011/02/03 11:52:39.0983 2284 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys 2011/02/03 11:52:40.0233 2284 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys 2011/02/03 11:52:40.0483 2284 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys 2011/02/03 11:52:41.0014 2284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/03 11:52:41.0077 2284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/03 11:52:41.0155 2284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/03 11:52:41.0248 2284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/03 11:52:41.0342 2284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/03 11:52:41.0420 2284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/03 11:52:41.0514 2284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/03 11:52:41.0655 2284 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/03 11:52:41.0764 2284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/03 11:52:41.0936 2284 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/02/03 11:52:42.0077 2284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/03 11:52:42.0170 2284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/03 11:52:42.0233 2284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/03 11:52:42.0342 2284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/03 11:52:42.0530 2284 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/02/03 11:52:42.0655 2284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/03 11:52:42.0749 2284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/03 11:52:42.0827 2284 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/03 11:52:43.0061 2284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/03 11:52:43.0124 2284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/03 11:52:43.0280 2284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/03 11:52:43.0670 2284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/03 11:52:43.0795 2284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/03 11:52:43.0889 2284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/03 11:52:43.0983 2284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/03 11:52:44.0077 2284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/03 11:52:44.0249 2284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/03 11:52:44.0467 2284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/03 11:52:44.0577 2284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/03 11:52:44.0655 2284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/03 11:52:44.0749 2284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/03 11:52:44.0827 2284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/03 11:52:44.0905 2284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/03 11:52:45.0046 2284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/03 11:52:45.0124 2284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/03 11:52:45.0202 2284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/03 11:52:45.0264 2284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/03 11:52:45.0342 2284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/03 11:52:45.0421 2284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/03 11:52:45.0530 2284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/03 11:52:45.0608 2284 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/03 11:52:45.0827 2284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/03 11:52:46.0233 2284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/03 11:52:46.0311 2284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/03 11:52:46.0514 2284 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/03 11:52:46.0530 2284 ================================================================================ 2011/02/03 11:52:46.0530 2284 Scan finished 2011/02/03 11:52:46.0530 2284 ================================================================================ 2011/02/03 11:52:46.0577 2408 Detected object count: 1 2011/02/03 11:53:25.0517 2408 \HardDisk0 - will be cured after reboot 2011/02/03 11:53:25.0533 2408 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/03 11:53:34.0252 2328 Deinitialize success
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.