Jump to content

saltyliam

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. saltyliam
    Hi all; unless anyone has any different advice for me, I think I'm going to just reformat the hard drive. This thing is way too much of a pain, and I've been over a week without a half-decent computer. Also, any advice on some good anti-virus software so I don't get infected in the future? Thanks
  2. saltyliam
    Hi Screen; here is my ComboFix log: ComboFix 11-10-10.04 - Harry Ballsonia 10/10/2011 15:14:56.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2588 [GMT -7:00] Running from: c:\documents and settings\Harry Ballsonia\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Harry Ballsonia\Application Data\C5sQJ6dEKgZhXkVOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\DE8R9YwUeOtPySiOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\hrzONtxA0v2b3m5Open Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\NddEKK8gRZqhXwOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\pGaHsKfLgXjCkBzOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\PqUeIrPyAuDOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\q6KfLgXjCOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\qG5aQdK8fZhXjVlOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\qycS1ibD3n4Q6W7Open Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\V6dEK8gRZhXkVlBOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\wonF4amH5QTqYerOpen Cloud AV.ico c:\documents and settings\Harry Ballsonia\Application Data\xlNx0c2b3n5Open Cloud AV.ico c:\program files\Toolbar c:\windows\$NtUninstallKB9501$ c:\windows\$NtUninstallKB9501$\1011943226 c:\windows\$NtUninstallKB9501$\2911008608\@ c:\windows\$NtUninstallKB9501$\2911008608\bckfg.tmp c:\windows\$NtUninstallKB9501$\2911008608\cfg.ini c:\windows\$NtUninstallKB9501$\2911008608\Desktop.ini c:\windows\$NtUninstallKB9501$\2911008608\keywords c:\windows\$NtUninstallKB9501$\2911008608\kwrd.dll c:\windows\$NtUninstallKB9501$\2911008608\L\hlmmrqan c:\windows\$NtUninstallKB9501$\2911008608\U\00000001.@ c:\windows\$NtUninstallKB9501$\2911008608\U\00000002.@ c:\windows\$NtUninstallKB9501$\2911008608\U\80000000.@ c:\windows\$NtUninstallKB9501$\2911008608\U\80000032.@ c:\windows\system32\d3d9caps.dat c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected Restored copy from - The cat found it c:\windows\system32\drivers\cdrom.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 ))))))))))))))))))))))))))))))) . . 2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\system32\xircom 2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\system32\wbem\snmp 2011-10-10 22:24 . 2011-10-10 22:24 -------- d-----w- c:\windows\srchasst 2011-10-04 05:08 . 2011-10-04 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-04 05:08 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-04 05:01 . 2011-10-04 05:01 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\PqUeIrPyAuD 2011-10-04 05:01 . 2011-10-04 05:01 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\waJdKfZhXjVlBz0 2011-10-04 04:57 . 2011-10-04 04:57 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\xlNx0c2b3n5 2011-10-04 04:57 . 2011-10-04 04:57 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\JoFpHsJdL 2011-10-03 04:52 . 2011-10-03 04:52 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-03 04:41 . 2011-10-03 04:41 -------- d-----w- c:\program files\tdsskiller 2011-10-03 04:13 . 2011-10-03 04:13 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\pGaHsKfLgXjCkBz 2011-10-03 04:13 . 2011-10-03 04:13 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\KQ6E8RhXUeOxy1b 2011-10-03 04:11 . 2011-10-03 04:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-10-03 04:11 . 2011-10-03 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2011-10-03 03:17 . 2011-10-03 03:17 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2011-10-03 01:29 . 2011-10-03 01:29 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qL8gTZqjY 2011-10-03 01:29 . 2011-10-03 01:29 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\hrzONtxA0v2b3m5 2011-10-03 01:19 . 2011-10-03 01:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\V6dEK8gRZhXkVlB 2011-10-03 01:19 . 2011-10-03 01:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\QONyxA0uv2b3m5Q 2011-10-03 00:41 . 2011-10-04 05:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-03 00:35 . 2011-10-03 00:35 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\Malwarebytes 2011-10-03 00:27 . 2011-10-03 00:27 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\C5sQJ6dEKgZhXkV 2011-10-03 00:27 . 2011-10-03 00:27 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\AONyxA0uv2b3 2011-10-03 00:19 . 2011-10-03 00:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\r9gTZqjYC 2011-10-03 00:18 . 2011-10-03 00:18 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\RCkVzNx0v2b3m5Q 2011-10-03 00:18 . 2011-10-03 00:18 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\DE8R9YwUeOtPySi 2011-10-03 00:17 . 2011-10-03 00:17 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\q6KfLgXjC 2011-10-03 00:17 . 2011-10-03 00:17 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\eQJ6dKgZhwUlBx 2011-10-02 21:37 . 2011-10-02 21:37 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qycS1ibD3n4Q6W7 2011-10-02 21:37 . 2011-10-02 21:37 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\D0uvS2oF3m5Q6E8 2011-10-02 21:19 . 2011-10-02 21:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\wonF4amH5QTqYer 2011-10-02 21:19 . 2011-10-02 21:19 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\gTXwjUCelBzNc1v 2011-10-02 21:13 . 2011-10-02 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-10-02 20:59 . 2011-10-02 20:59 -------- d-----w- c:\documents and settings\Administrator 2011-10-02 20:47 . 2011-10-02 20:47 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\qG5aQdK8fZhXjVl 2011-10-02 20:47 . 2011-10-02 20:47 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\IYCkIVrOtAuSiFp 2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\xvSS2oobF4pG5QJ 2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\NddEKK8gRZqhXw 2011-10-02 20:36 . 2011-10-02 20:36 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe 2011-10-02 20:36 . 2011-10-02 20:36 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\TooobF4pm5sQdL8 2011-09-25 20:24 . 2011-09-25 20:24 -------- d-----w- c:\program files\Veetle 2011-09-25 20:21 . 2011-09-25 20:21 -------- d-----w- c:\program files\StreamTorrent 1.0 2011-09-25 20:21 . 2011-09-25 20:21 -------- d-----w- c:\documents and settings\Harry Ballsonia\Application Data\StreamTorrent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-30 19:42 . 2011-05-26 20:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-09 09:11 . 2010-03-13 00:44 599552 ----a-w- c:\windows\system32\crypt32.dll 2011-07-15 13:29 . 2010-05-04 14:20 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-14 20:32 . 2011-04-16 08:32 44 ---h--w- c:\program files\74b06f26.tmp 2011-09-30 19:44 . 2011-04-15 08:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-15 399736] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-11-20 4352976] "AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-11-20 963784] "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-20 376288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672] "dUVVrllONtx0uS28234A"="c:\windows\system32\GRRZqhhYCw.exe" [2011-10-02 2400768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-07 128512] . c:\documents and settings\Harry Ballsonia\Start Menu\Programs\Startup\ Auto Shutdown.lnk - c:\program files\Auto Shutdown\AutoShutdown.exe [2011-4-18 468480] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-4-19 81997] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, credssp.dll, digest.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"= . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [11/20/2009 1:07 AM 617984] S3 TrueSight;TrueSight;\??\c:\documents and settings\Harry Ballsonia\Desktop\TrueSight.sys --> c:\documents and settings\Harry Ballsonia\Desktop\TrueSight.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\documents and settings\Harry Ballsonia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133 FF - ProfilePath - c:\documents and settings\Harry Ballsonia\Application Data\Mozilla\Firefox\Profiles\3rhjld7a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) HKU-Default-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe SafeBoot-87682320.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-10 15:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f9,b3,f2,bc,a1,64,d6,fa,7b,2e,bd,1a,86,e6,6e,32,5a,76,aa,1f,3d, 45,86,03,45,3f,f3,f3,e6,71,64,6a,e9,13,c0,31,bb,dd,2e,ff,5c,54,c4,61,04,e4,\ . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f9,b3,f2,bc,a1,64,d6,fa,7b,2e,bd,1a,86,e6,6e,32,5a,76,aa,1f,3d, 45,86,03,45,3f,f3,f3,e6,71,64,6a,e9,13,c0,31,bb,dd,2e,ff,5c,54,c4,61,04,e4,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4052) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2011-10-10 15:27:43 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-10 22:27 . Pre-Run: 282,012,975,104 bytes free Post-Run: 282,291,728,384 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff . - - End Of File - - CC97EA6596E68469EA63F12ACE95B297 And here's another DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by Harry Ballsonia at 15:31:21 on 2011-10-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2482 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [dUVVrllONtx0uS28234A] c:\windows\system32\GRRZqhhYCw.exe dRun: [ctfmon.exe] ctfmon.exe dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\autosh~1.lnk - c:\program files\auto shutdown\AutoShutdown.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\documents and settings\harry ballsonia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133 TCP: Interfaces\{B783288D-04CF-4CBE-8C10-06B545FDE227} : DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SecurityProviders: schannel.dll, credssp.dll, digest.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\harry ballsonia\application data\mozilla\firefox\profiles\3rhjld7a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll . ============= SERVICES / DRIVERS =============== . R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-4-9 10872] S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000] S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-11-20 617984] S3 TrueSight;TrueSight;\??\c:\documents and settings\harry ballsonia\desktop\truesight.sys --> c:\documents and settings\harry ballsonia\desktop\TrueSight.sys [?] . =============== Created Last 30 ================ . 2011-10-10 22:25:09 -------- d-----w- c:\documents and settings\harry ballsonia\application data\nOtP0GHKL 2011-10-10 22:25:08 -------- d-----w- c:\documents and settings\harry ballsonia\application data\avF4pmH5sJdLgZh 2011-10-10 22:24:04 -------- d-----w- c:\windows\system32\xircom 2011-10-10 22:24:04 -------- d-----w- c:\windows\system32\wbem\snmp 2011-10-10 22:24:04 -------- d-----w- c:\windows\srchasst 2011-10-10 22:09:38 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-10-10 22:06:46 98816 ----a-w- c:\windows\sed.exe 2011-10-10 22:06:46 518144 ----a-w- c:\windows\SWREG.exe 2011-10-10 22:06:46 256000 ----a-w- c:\windows\PEV.exe 2011-10-10 22:06:46 208896 ----a-w- c:\windows\MBR.exe 2011-10-04 05:08:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-04 05:08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-04 05:01:20 -------- d-----w- c:\documents and settings\harry ballsonia\application data\PqUeIrPyAuD 2011-10-04 05:01:18 -------- d-----w- c:\documents and settings\harry ballsonia\application data\waJdKfZhXjVlBz0 2011-10-04 04:57:15 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xlNx0c2b3n5 2011-10-04 04:57:14 -------- d-----w- c:\documents and settings\harry ballsonia\application data\JoFpHsJdL 2011-10-03 04:52:08 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-03 04:41:05 -------- d-----w- c:\program files\tdsskiller 2011-10-03 04:13:59 -------- d-----w- c:\documents and settings\harry ballsonia\application data\pGaHsKfLgXjCkBz 2011-10-03 04:13:58 -------- d-----w- c:\documents and settings\harry ballsonia\application data\KQ6E8RhXUeOxy1b 2011-10-03 04:11:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2011-10-03 04:11:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-10-03 03:17:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qL8gTZqjY 2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\hrzONtxA0v2b3m5 2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\V6dEK8gRZhXkVlB 2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\QONyxA0uv2b3m5Q 2011-10-03 00:41:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-03 00:35:55 -------- d-----w- c:\documents and settings\harry ballsonia\application data\Malwarebytes 2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\C5sQJ6dEKgZhXkV 2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\AONyxA0uv2b3 2011-10-03 00:19:03 -------- d-----w- c:\documents and settings\harry ballsonia\application data\r9gTZqjYC 2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\RCkVzNx0v2b3m5Q 2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\DE8R9YwUeOtPySi 2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\q6KfLgXjC 2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\eQJ6dKgZhwUlBx 2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qycS1ibD3n4Q6W7 2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\D0uvS2oF3m5Q6E8 2011-10-02 21:19:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\wonF4amH5QTqYer 2011-10-02 21:19:00 -------- d-----w- c:\documents and settings\harry ballsonia\application data\gTXwjUCelBzNc1v 2011-10-02 21:13:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qG5aQdK8fZhXjVl 2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\IYCkIVrOtAuSiFp 2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xvSS2oobF4pG5QJ 2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\NddEKK8gRZqhXw 2011-10-02 20:36:27 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe 2011-10-02 20:36:27 -------- d-----w- c:\documents and settings\harry ballsonia\application data\TooobF4pm5sQdL8 2011-09-25 20:24:38 -------- d-----w- c:\program files\Veetle 2011-09-25 20:21:54 -------- d-----w- c:\program files\StreamTorrent 1.0 2011-09-25 20:21:54 -------- d-----w- c:\documents and settings\harry ballsonia\application data\StreamTorrent . ==================== Find3M ==================== . 2011-09-30 19:42:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll 2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\sysprs7.dll 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth2.dll 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth1.dll 2011-04-14 20:32:58 44 ---h--w- c:\program files\74b06f26.tmp . ============= FINISH: 15:31:58.56 =============== Thanks again for all your help.
  3. saltyliam
    Hello screen317, thanks for getting back to me; here is the TDSSKILLER. log: 01:56:16.0984 0520 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46 01:56:17.0593 0520 ============================================================ 01:56:17.0593 0520 Current date / time: 2011/10/07 01:56:17.0593 01:56:17.0593 0520 SystemInfo: 01:56:17.0593 0520 01:56:17.0593 0520 OS Version: 5.1.2600 ServicePack: 3.0 01:56:17.0593 0520 Product type: Workstation 01:56:17.0593 0520 ComputerName: SALTED-35573805 01:56:17.0593 0520 UserName: Harry Ballsonia 01:56:17.0593 0520 Windows directory: C:\WINDOWS 01:56:17.0593 0520 System windows directory: C:\WINDOWS 01:56:17.0593 0520 Processor architecture: Intel x86 01:56:17.0593 0520 Number of processors: 1 01:56:17.0593 0520 Page size: 0x1000 01:56:17.0593 0520 Boot type: Safe boot with network 01:56:17.0593 0520 ============================================================ 01:56:19.0390 0520 Initialize success 01:56:21.0859 0572 ============================================================ 01:56:21.0859 0572 Scan started 01:56:21.0859 0572 Mode: Manual; 01:56:21.0859 0572 ============================================================ 01:56:23.0546 0572 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 01:56:23.0562 0572 61883 - ok 01:56:24.0406 0572 Abiosdsk - ok 01:56:25.0250 0572 abp480n5 - ok 01:56:26.0109 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 01:56:26.0109 0572 ACPI - ok 01:56:26.0984 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 01:56:26.0984 0572 ACPIEC - ok 01:56:27.0171 0572 ad827760 (a5bb3a84ba80655b6308b09f1d552173) C:\WINDOWS\1618444973:1383958687.exe 01:56:27.0171 0572 Suspicious file (Hidden): C:\WINDOWS\1618444973:1383958687.exe. md5: a5bb3a84ba80655b6308b09f1d552173 01:56:27.0171 0572 ad827760 ( HiddenFile.Multi.Generic ) - warning 01:56:27.0171 0572 ad827760 - detected HiddenFile.Multi.Generic (1) 01:56:27.0906 0572 adpu160m - ok 01:56:28.0781 0572 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys 01:56:28.0796 0572 aeaudio - ok 01:56:29.0671 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 01:56:29.0671 0572 aec - ok 01:56:30.0515 0572 AFD (8d499b1276012eb907e7a9e0f4d8fda4) C:\WINDOWS\System32\drivers\afd.sys 01:56:30.0531 0572 AFD - ok 01:56:31.0375 0572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 01:56:31.0390 0572 agp440 - ok 01:56:32.0218 0572 Aha154x - ok 01:56:33.0109 0572 aic78u2 - ok 01:56:33.0953 0572 aic78xx - ok 01:56:34.0921 0572 AliIde - ok 01:56:35.0812 0572 amsint - ok 01:56:36.0765 0572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 01:56:36.0781 0572 Arp1394 - ok 01:56:37.0593 0572 asc - ok 01:56:38.0484 0572 asc3350p - ok 01:56:39.0406 0572 asc3550 - ok 01:56:40.0328 0572 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys 01:56:40.0328 0572 Aspi32 - ok 01:56:41.0203 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 01:56:41.0218 0572 AsyncMac - ok 01:56:42.0125 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 01:56:42.0125 0572 atapi - ok 01:56:43.0000 0572 Atdisk - ok 01:56:43.0921 0572 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys 01:56:43.0937 0572 atinrvxx - ok 01:56:44.0796 0572 ATITUNEP (edd66332608d27f4fd5069bcd0bc5164) C:\WINDOWS\system32\DRIVERS\atintuxx.sys 01:56:44.0796 0572 ATITUNEP - ok 01:56:45.0640 0572 ativraxx (da36687d701c833430605a298731410b) C:\WINDOWS\system32\DRIVERS\atinraxx.sys 01:56:45.0640 0572 ativraxx - ok 01:56:46.0515 0572 ATIXSAudio (77b575d7aab35d5908ae6ce681608d62) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys 01:56:46.0515 0572 ATIXSAudio - ok 01:56:47.0390 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 01:56:47.0421 0572 Atmarpc - ok 01:56:48.0296 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 01:56:48.0296 0572 audstub - ok 01:56:49.0187 0572 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 01:56:49.0203 0572 Avc - ok 01:56:49.0328 0572 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 01:56:49.0328 0572 AVG Anti-Spyware Driver - ok 01:56:50.0250 0572 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 01:56:50.0250 0572 AvgAsCln - ok 01:56:51.0125 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 01:56:51.0125 0572 Beep - ok 01:56:52.0000 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 01:56:52.0000 0572 cbidf2k - ok 01:56:52.0875 0572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 01:56:52.0875 0572 CCDECODE - ok 01:56:53.0718 0572 cd20xrnt - ok 01:56:54.0625 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 01:56:54.0625 0572 Cdaudio - ok 01:56:55.0468 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 01:56:55.0468 0572 Cdfs - ok 01:56:56.0359 0572 Cdrom (d3562d6356f45939e0edba895837ef46) C:\WINDOWS\system32\DRIVERS\cdrom.sys 01:56:56.0359 0572 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: d3562d6356f45939e0edba895837ef46, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc 01:56:56.0375 0572 Cdrom ( ForgedFile.Multi.Generic ) - warning 01:56:56.0375 0572 Cdrom - detected ForgedFile.Multi.Generic (1) 01:56:57.0218 0572 Changer - ok 01:56:58.0187 0572 CmdIde - ok 01:56:59.0109 0572 Cpqarray - ok 01:56:59.0984 0572 dac2w2k - ok 01:57:00.0828 0572 dac960nt - ok 01:57:01.0734 0572 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 01:57:01.0734 0572 Disk - ok 01:57:02.0609 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 01:57:02.0625 0572 dmboot - ok 01:57:03.0531 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 01:57:03.0531 0572 dmio - ok 01:57:04.0406 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 01:57:04.0406 0572 dmload - ok 01:57:05.0281 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 01:57:05.0281 0572 DMusic - ok 01:57:06.0156 0572 dpti2o - ok 01:57:07.0015 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 01:57:07.0015 0572 drmkaud - ok 01:57:07.0906 0572 EL2000 (9d356817b223067ff6f7f9eb867585ef) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys 01:57:07.0906 0572 EL2000 - ok 01:57:08.0812 0572 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 01:57:08.0812 0572 exFat - ok 01:57:09.0671 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 01:57:09.0671 0572 Fastfat - ok 01:57:10.0546 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 01:57:10.0562 0572 Fdc - ok 01:57:11.0453 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 01:57:11.0453 0572 Fips - ok 01:57:12.0343 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 01:57:12.0343 0572 Flpydisk - ok 01:57:13.0203 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 01:57:13.0234 0572 FltMgr - ok 01:57:14.0093 0572 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 01:57:14.0093 0572 Fs_Rec - ok 01:57:14.0953 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 01:57:14.0968 0572 Ftdisk - ok 01:57:15.0843 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 01:57:15.0843 0572 Gpc - ok 01:57:16.0734 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 01:57:16.0734 0572 HidUsb - ok 01:57:17.0593 0572 hpn - ok 01:57:18.0468 0572 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys 01:57:18.0468 0572 HTTP - ok 01:57:19.0375 0572 i2omgmt - ok 01:57:20.0250 0572 i2omp - ok 01:57:21.0125 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 01:57:21.0125 0572 i8042prt - ok 01:57:22.0000 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 01:57:22.0015 0572 Imapi - ok 01:57:22.0906 0572 ini910u - ok 01:57:23.0859 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 01:57:23.0859 0572 IntelIde - ok 01:57:24.0718 0572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 01:57:24.0734 0572 intelppm - ok 01:57:25.0625 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 01:57:25.0625 0572 Ip6Fw - ok 01:57:26.0500 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 01:57:26.0500 0572 IpFilterDriver - ok 01:57:27.0375 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 01:57:27.0375 0572 IpInIp - ok 01:57:28.0218 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 01:57:28.0250 0572 IpNat - ok 01:57:29.0140 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 01:57:29.0140 0572 IPSec - ok 01:57:30.0015 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 01:57:30.0015 0572 IRENUM - ok 01:57:30.0937 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 01:57:30.0937 0572 isapnp - ok 01:57:31.0859 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 01:57:31.0859 0572 Kbdclass - ok 01:57:32.0734 0572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 01:57:32.0750 0572 kbdhid - ok 01:57:33.0625 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 01:57:33.0625 0572 kmixer - ok 01:57:34.0484 0572 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 01:57:34.0500 0572 KSecDD - ok 01:57:35.0406 0572 lbrtfdc - ok 01:57:36.0437 0572 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys 01:57:36.0453 0572 MidiSyn - ok 01:57:37.0296 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 01:57:37.0312 0572 mnmdd - ok 01:57:38.0171 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 01:57:38.0171 0572 Modem - ok 01:57:39.0046 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 01:57:39.0046 0572 Mouclass - ok 01:57:39.0937 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 01:57:39.0937 0572 mouhid - ok 01:57:40.0796 0572 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys 01:57:40.0796 0572 MountMgr - ok 01:57:41.0609 0572 mraid35x - ok 01:57:42.0578 0572 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 01:57:42.0593 0572 MRxDAV - ok 01:57:43.0484 0572 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 01:57:43.0484 0572 MRxSmb - ok 01:57:44.0390 0572 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 01:57:44.0406 0572 MSDV - ok 01:57:45.0312 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 01:57:45.0312 0572 Msfs - ok 01:57:46.0171 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 01:57:46.0171 0572 MSKSSRV - ok 01:57:47.0015 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 01:57:47.0031 0572 MSPCLOCK - ok 01:57:47.0890 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 01:57:47.0890 0572 MSPQM - ok 01:57:48.0734 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 01:57:48.0734 0572 mssmbios - ok 01:57:49.0609 0572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 01:57:49.0609 0572 MSTEE - ok 01:57:50.0468 0572 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys 01:57:50.0484 0572 Mup - ok 01:57:51.0359 0572 MVDCODEC (ed4c2bf8403f4437987c0ba09cf48716) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys 01:57:51.0359 0572 MVDCODEC - ok 01:57:52.0203 0572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 01:57:52.0218 0572 NABTSFEC - ok 01:57:53.0140 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 01:57:53.0156 0572 NDIS - ok 01:57:54.0015 0572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 01:57:54.0015 0572 NdisIP - ok 01:57:54.0843 0572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 01:57:54.0859 0572 NdisTapi - ok 01:57:55.0734 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 01:57:55.0734 0572 Ndisuio - ok 01:57:56.0578 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 01:57:56.0593 0572 NdisWan - ok 01:57:57.0453 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 01:57:57.0453 0572 NDProxy - ok 01:57:58.0375 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 01:57:58.0375 0572 NetBIOS - ok 01:57:59.0218 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 01:57:59.0218 0572 NetBT - ok 01:58:00.0203 0572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 01:58:00.0203 0572 NIC1394 - ok 01:58:01.0093 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 01:58:01.0093 0572 Npfs - ok 01:58:01.0968 0572 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 01:58:01.0968 0572 Ntfs - ok 01:58:02.0875 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 01:58:02.0875 0572 Null - ok 01:58:03.0953 0572 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 01:58:04.0109 0572 nv - ok 01:58:05.0031 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 01:58:05.0046 0572 NwlnkFlt - ok 01:58:05.0921 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 01:58:05.0921 0572 NwlnkFwd - ok 01:58:06.0812 0572 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 01:58:06.0812 0572 ohci1394 - ok 01:58:07.0750 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 01:58:07.0765 0572 Parport - ok 01:58:08.0640 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 01:58:08.0640 0572 PartMgr - ok 01:58:09.0515 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 01:58:09.0515 0572 ParVdm - ok 01:58:10.0406 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 01:58:10.0406 0572 PCI - ok 01:58:11.0250 0572 PCIDump - ok 01:58:12.0125 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 01:58:12.0125 0572 PCIIde - ok 01:58:13.0000 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 01:58:13.0000 0572 Pcmcia - ok 01:58:13.0875 0572 PDCOMP - ok 01:58:14.0718 0572 PDFRAME - ok 01:58:15.0609 0572 PDRELI - ok 01:58:16.0453 0572 PDRFRAME - ok 01:58:17.0328 0572 perc2 - ok 01:58:18.0171 0572 perc2hib - ok 01:58:19.0187 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 01:58:19.0187 0572 PptpMiniport - ok 01:58:20.0046 0572 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys 01:58:20.0046 0572 PSched - ok 01:58:20.0921 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 01:58:20.0921 0572 Ptilink - ok 01:58:21.0812 0572 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 01:58:21.0812 0572 PxHelp20 - ok 01:58:22.0671 0572 ql1080 - ok 01:58:23.0562 0572 Ql10wnt - ok 01:58:24.0437 0572 ql12160 - ok 01:58:25.0312 0572 ql1240 - ok 01:58:26.0187 0572 ql1280 - ok 01:58:27.0078 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 01:58:27.0078 0572 RasAcd - ok 01:58:27.0968 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 01:58:27.0968 0572 Rasl2tp - ok 01:58:28.0875 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 01:58:28.0875 0572 RasPppoe - ok 01:58:29.0750 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 01:58:29.0750 0572 Raspti - ok 01:58:30.0640 0572 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 01:58:30.0640 0572 Rdbss - ok 01:58:31.0531 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 01:58:31.0531 0572 RDPCDD - ok 01:58:32.0421 0572 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 01:58:32.0421 0572 rdpdr - ok 01:58:33.0296 0572 RDPWD (3348e61a78ba4f79c795aad6565d3b6f) C:\WINDOWS\system32\drivers\RDPWD.sys 01:58:33.0312 0572 RDPWD - ok 01:58:34.0218 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 01:58:34.0218 0572 redbook - ok 01:58:35.0265 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 01:58:35.0265 0572 Secdrv - ok 01:58:36.0187 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 01:58:36.0203 0572 serenum - ok 01:58:37.0078 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 01:58:37.0078 0572 Serial - ok 01:58:38.0000 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 01:58:38.0000 0572 Sfloppy - ok 01:58:38.0937 0572 Si3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\drivers\Si3112.sys 01:58:38.0953 0572 Si3112 - ok 01:58:39.0796 0572 Simbad - ok 01:58:40.0734 0572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 01:58:40.0734 0572 SLIP - ok 01:58:41.0625 0572 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys 01:58:41.0625 0572 smwdm - ok 01:58:42.0515 0572 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys 01:58:42.0546 0572 snapman380 - ok 01:58:43.0421 0572 Sparrow - ok 01:58:44.0296 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 01:58:44.0296 0572 splitter - ok 01:58:45.0140 0572 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\WINDOWS\System32\Drivers\sptd.sys 01:58:45.0156 0572 sptd - ok 01:58:46.0031 0572 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 01:58:46.0046 0572 Sr - ok 01:58:46.0968 0572 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 01:58:46.0984 0572 Srv - ok 01:58:47.0890 0572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 01:58:47.0890 0572 streamip - ok 01:58:48.0750 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 01:58:48.0750 0572 swenum - ok 01:58:49.0593 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 01:58:49.0609 0572 swmidi - ok 01:58:50.0484 0572 symc810 - ok 01:58:51.0359 0572 symc8xx - ok 01:58:52.0218 0572 sym_hi - ok 01:58:53.0125 0572 sym_u3 - ok 01:58:54.0015 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 01:58:54.0015 0572 sysaudio - ok 01:58:54.0937 0572 Tcpip (474d3dccb57defcd917311eec47204b9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 01:58:54.0953 0572 Tcpip - ok 01:58:55.0812 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 01:58:55.0812 0572 TDPIPE - ok 01:58:56.0671 0572 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys 01:58:56.0687 0572 tdrpman174 - ok 01:58:57.0593 0572 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys 01:58:57.0593 0572 TDTCP - ok 01:58:58.0468 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 01:58:58.0468 0572 TermDD - ok 01:58:59.0406 0572 timounter (711fcff933b1e5da14dcbaaa9655d282) C:\WINDOWS\system32\DRIVERS\timntr.sys 01:58:59.0421 0572 timounter - ok 01:59:00.0281 0572 TosIde - ok 01:59:00.0468 0572 TrueSight - ok 01:59:01.0421 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 01:59:01.0421 0572 Udfs - ok 01:59:02.0296 0572 ultra - ok 01:59:03.0234 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 01:59:03.0250 0572 Update - ok 01:59:04.0156 0572 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys 01:59:04.0156 0572 usbehci - ok 01:59:05.0046 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 01:59:05.0046 0572 usbhub - ok 01:59:05.0937 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 01:59:05.0937 0572 USBSTOR - ok 01:59:06.0812 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 01:59:06.0812 0572 usbuhci - ok 01:59:07.0718 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 01:59:07.0718 0572 VgaSave - ok 01:59:08.0546 0572 ViaIde - ok 01:59:09.0500 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 01:59:09.0500 0572 VolSnap - ok 01:59:10.0421 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 01:59:10.0421 0572 Wanarp - ok 01:59:11.0265 0572 WDICA - ok 01:59:12.0140 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 01:59:12.0140 0572 wdmaud - ok 01:59:13.0140 0572 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys 01:59:13.0140 0572 WmBEnum - ok 01:59:14.0046 0572 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys 01:59:14.0062 0572 WmFilter - ok 01:59:15.0000 0572 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys 01:59:15.0000 0572 WmVirHid - ok 01:59:15.0875 0572 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys 01:59:15.0875 0572 WmXlCore - ok 01:59:16.0734 0572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 01:59:16.0734 0572 WSTCODEC - ok 01:59:17.0609 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 01:59:17.0609 0572 WudfPf - ok 01:59:18.0515 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 01:59:18.0515 0572 WudfRd - ok 01:59:18.0687 0572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 01:59:18.0703 0572 \Device\Harddisk0\DR0 - ok 01:59:18.0734 0572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 01:59:18.0828 0572 \Device\Harddisk1\DR1 - ok 01:59:18.0859 0572 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR4 01:59:18.0875 0572 \Device\Harddisk2\DR4 - ok 01:59:18.0906 0572 Boot (0x1200) (25398d38b64a21f0c9fdd303f48e04ee) \Device\Harddisk0\DR0\Partition0 01:59:18.0906 0572 \Device\Harddisk0\DR0\Partition0 - ok 01:59:18.0937 0572 Boot (0x1200) (2fb17eac7802f05990e1ba700a62fbe2) \Device\Harddisk1\DR1\Partition0 01:59:18.0937 0572 \Device\Harddisk1\DR1\Partition0 - ok 01:59:18.0968 0572 Boot (0x1200) (61ef0a3e7d94c3f7e0b8799f76176432) \Device\Harddisk2\DR4\Partition0 01:59:18.0968 0572 \Device\Harddisk2\DR4\Partition0 - ok 01:59:18.0984 0572 ============================================================ 01:59:18.0984 0572 Scan finished 01:59:18.0984 0572 ============================================================ 01:59:19.0046 0564 Detected object count: 2 01:59:19.0046 0564 Actual detected object count: 2 01:59:58.0062 0564 HKLM\SYSTEM\ControlSet001\services\ad827760 - will be deleted on reboot 01:59:58.0093 0564 HKLM\SYSTEM\ControlSet003\services\ad827760 - will be deleted on reboot 01:59:58.0125 0564 C:\WINDOWS\1618444973:1383958687.exe - will be deleted on reboot 01:59:58.0125 0564 ad827760 ( HiddenFile.Multi.Generic ) - User select action: Delete 01:59:58.0156 0564 HKLM\SYSTEM\ControlSet001\services\Cdrom - will be deleted on reboot 01:59:58.0156 0564 HKLM\SYSTEM\ControlSet003\services\Cdrom - will be deleted on reboot 01:59:58.0171 0564 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be deleted on reboot 01:59:58.0171 0564 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Delete 02:00:04.0984 0512 Deinitialize success And here is the DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by Harry Ballsonia at 19:55:43 on 2011-10-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2875.2396 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [AdobeBridge] uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [dUVVrllONtx0uS28234A] c:\windows\system32\GRRZqhhYCw.exe mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [ctfmon.exe] ctfmon.exe dRun: [iDMan] c:\program files\internet download manager\IDMan.exe /s dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\autosh~1.lnk - c:\program files\auto shutdown\AutoShutdown.exe StartupFolder: c:\docume~1\harryb~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\harry ballsonia\application data\leadertech\powerregister\Seagate Product Registration.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\documents and settings\harry ballsonia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133 TCP: Interfaces\{B783288D-04CF-4CBE-8C10-06B545FDE227} : DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SecurityProviders: schannel.dll, credssp.dll, digest.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\harry ballsonia\application data\mozilla\firefox\profiles\3rhjld7a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll . ============= SERVICES / DRIVERS =============== . R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-4-9 10872] S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000] S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-11-20 617984] S3 TrueSight;TrueSight;\??\c:\documents and settings\harry ballsonia\desktop\truesight.sys --> c:\documents and settings\harry ballsonia\desktop\TrueSight.sys [?] . =============== Created Last 30 ================ . 2011-10-04 05:08:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-04 05:08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-04 05:01:20 -------- d-----w- c:\documents and settings\harry ballsonia\application data\PqUeIrPyAuD 2011-10-04 05:01:18 -------- d-----w- c:\documents and settings\harry ballsonia\application data\waJdKfZhXjVlBz0 2011-10-04 04:57:15 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xlNx0c2b3n5 2011-10-04 04:57:14 -------- d-----w- c:\documents and settings\harry ballsonia\application data\JoFpHsJdL 2011-10-03 04:52:08 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-03 04:41:05 -------- d-----w- c:\program files\tdsskiller 2011-10-03 04:13:59 -------- d-----w- c:\documents and settings\harry ballsonia\application data\pGaHsKfLgXjCkBz 2011-10-03 04:13:58 -------- d-----w- c:\documents and settings\harry ballsonia\application data\KQ6E8RhXUeOxy1b 2011-10-03 04:11:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2011-10-03 04:11:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-10-03 03:17:01 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2011-10-03 03:17:00 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qL8gTZqjY 2011-10-03 01:29:12 -------- d-----w- c:\documents and settings\harry ballsonia\application data\hrzONtxA0v2b3m5 2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\V6dEK8gRZhXkVlB 2011-10-03 01:19:38 -------- d-----w- c:\documents and settings\harry ballsonia\application data\QONyxA0uv2b3m5Q 2011-10-03 00:41:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-03 00:35:55 -------- d-----w- c:\documents and settings\harry ballsonia\application data\Malwarebytes 2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\C5sQJ6dEKgZhXkV 2011-10-03 00:27:04 -------- d-----w- c:\documents and settings\harry ballsonia\application data\AONyxA0uv2b3 2011-10-03 00:19:03 -------- d-----w- c:\documents and settings\harry ballsonia\application data\r9gTZqjYC 2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\RCkVzNx0v2b3m5Q 2011-10-03 00:18:48 -------- d-----w- c:\documents and settings\harry ballsonia\application data\DE8R9YwUeOtPySi 2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\q6KfLgXjC 2011-10-03 00:17:32 -------- d-----w- c:\documents and settings\harry ballsonia\application data\eQJ6dKgZhwUlBx 2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qycS1ibD3n4Q6W7 2011-10-02 21:37:57 -------- d-----w- c:\documents and settings\harry ballsonia\application data\D0uvS2oF3m5Q6E8 2011-10-02 21:19:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\wonF4amH5QTqYer 2011-10-02 21:19:00 -------- d-----w- c:\documents and settings\harry ballsonia\application data\gTXwjUCelBzNc1v 2011-10-02 21:13:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\qG5aQdK8fZhXjVl 2011-10-02 20:47:02 -------- d-----w- c:\documents and settings\harry ballsonia\application data\IYCkIVrOtAuSiFp 2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\xvSS2oobF4pG5QJ 2011-10-02 20:36:53 -------- d-----w- c:\documents and settings\harry ballsonia\application data\NddEKK8gRZqhXw 2011-10-02 20:36:27 2400768 ----a-w- c:\windows\system32\GRRZqhhYCw.exe 2011-10-02 20:36:27 -------- d-----w- c:\documents and settings\harry ballsonia\application data\TooobF4pm5sQdL8 2011-09-25 20:24:38 -------- d-----w- c:\program files\Veetle 2011-09-25 20:21:54 -------- d-----w- c:\program files\StreamTorrent 1.0 2011-09-25 20:21:54 -------- d-----w- c:\documents and settings\harry ballsonia\application data\StreamTorrent . ==================== Find3M ==================== . 2011-09-30 19:42:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll 2011-08-10 01:02:54 73 ----a-w- c:\windows\system32\ssprs.dll 2011-08-10 01:02:54 205 ----a-w- c:\windows\system32\lsprst7.dll 2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\sysprs7.dll 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth2.dll 2011-07-15 08:45:51 1025 ----a-w- c:\windows\system32\clauth1.dll 2011-04-14 20:32:58 44 ---h--w- c:\program files\74b06f26.tmp . ============= FINISH: 19:56:19.60 =============== Again, thanks for all your help.
  4. saltyliam
    Hello everyone, I'm losing it trying to solve this problem, could really use some help. My Firefox wound up downloading this phony anti-malware software Opencloud AV. I can't do much of anything when I'm not in safe mode, but safe mode appears to make most things work. I am running XP, SP3. I read this article on Bleeping Computer and I can get up to step 16, when I run the MalwareBytes scan. Rkill has been run already, and I'm doing this in safe mode. I install the MalwareBytes program, update it, and start a scan (full or quick, same thing happens either way), and then once the scan starts to go, it starts scanning C:\WINDOWS\SYSTEM32, then it bombs. If I then try to restart the program, I get an error message that reads: Uninstalling and re-installing Malwarebytes gives me the exact same results. I have followed all of the steps for troubleshooting MBAM on an infected machine but nothing works. Any advice? Could really use some help.
  5. saltyliam
    Hello everyone, I'm losing it trying to solve this problem: My Firefox wound up automatically downloading this phony anti-malware software Opencloud AV. I can't do much of anything when I'm not in safe mode, but safe mode appears to make most things work. I am running XP, SP3. I read this article: on Bleeping Computer and I can get up to step 16, when I run the MalwareBytes scan. Rkill has been run already, and I'm doing this in safe mode. I install the MalwareBytes program, update it, and start a scan (full or quick, same thing happens either way), and then once the scan starts to go, it starts scanning C:\WINDOWS\SYSTEM32, then it bombs. If I then try to restart the program, I get an error message that reads: Uninstalling and re-installing Malwarebytes gives me the exact same results. Any advice? Could really use some help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.