Jump to content

Computer freezes randomly and running slow.


Recommended Posts

Hello,

First off I greatly appreciate your advice/input!

My computer problems started a month ago or so when I got some malware on my computer. I cleaned it up and things seemed to be running fine. More recently I was on firefox and it kept crashing, then my computer randomly rebooted itself. Anytime I would turn the computer on it would reboot itself before I could log on. I was able to fix this problem however since then my computer has been randomly freezing and running very slow. It only seems to run decent in safe mode and safe mode with networking.

Every time I try to run GMER I get a blue screen of death with this STOP: 0X0000000A (0X00000000, 0X0000001C, 0X00000000, 0X804FFF61). The attached ARK.txt file I don't think is complete.

Enough of my blabbing here are my following logs:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4194

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/13/2010 1:26:14 PM

mbam-log-2010-06-13 (13-26-14).txt

Scan type: Quick scan

Objects scanned: 154259

Time elapsed: 21 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------------------------------

Avira AntiVir Personal

Report file date: Sunday, June 13, 2010 15:23

Scanning for 2206493 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : Matt

Computer name : NEWSHIT

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:20:28

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 19:20:35

VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 19:20:35

VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 19:20:35

VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 19:20:36

VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 19:20:36

VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 19:20:36

VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 19:20:36

VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 19:20:38

VBASE014.VDF : 7.10.8.38 2048 Bytes 6/10/2010 19:20:38

VBASE015.VDF : 7.10.8.39 2048 Bytes 6/10/2010 19:20:39

VBASE016.VDF : 7.10.8.40 2048 Bytes 6/10/2010 19:20:39

VBASE017.VDF : 7.10.8.41 2048 Bytes 6/10/2010 19:20:39

VBASE018.VDF : 7.10.8.42 2048 Bytes 6/10/2010 19:20:39

VBASE019.VDF : 7.10.8.43 2048 Bytes 6/10/2010 19:20:39

VBASE020.VDF : 7.10.8.44 2048 Bytes 6/10/2010 19:20:40

VBASE021.VDF : 7.10.8.45 2048 Bytes 6/10/2010 19:20:40

VBASE022.VDF : 7.10.8.46 2048 Bytes 6/10/2010 19:20:40

VBASE023.VDF : 7.10.8.47 2048 Bytes 6/10/2010 19:20:40

VBASE024.VDF : 7.10.8.48 2048 Bytes 6/10/2010 19:20:41

VBASE025.VDF : 7.10.8.49 2048 Bytes 6/10/2010 19:20:41

VBASE026.VDF : 7.10.8.50 2048 Bytes 6/10/2010 19:20:41

VBASE027.VDF : 7.10.8.51 2048 Bytes 6/10/2010 19:20:42

VBASE028.VDF : 7.10.8.52 2048 Bytes 6/10/2010 19:20:42

VBASE029.VDF : 7.10.8.53 2048 Bytes 6/10/2010 19:20:42

VBASE030.VDF : 7.10.8.54 2048 Bytes 6/10/2010 19:20:43

VBASE031.VDF : 7.10.8.62 55808 Bytes 6/11/2010 19:20:44

Engineversion : 8.2.2.6

AEVDF.DLL : 8.1.2.0 106868 Bytes 6/13/2010 19:21:03

AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/13/2010 19:21:03

AESCN.DLL : 8.1.6.1 127347 Bytes 6/13/2010 19:21:00

AESBX.DLL : 8.1.3.1 254324 Bytes 6/13/2010 19:21:04

AERDL.DLL : 8.1.4.6 541043 Bytes 6/13/2010 19:20:59

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/13/2010 19:20:57

AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/13/2010 19:20:56

AEHELP.DLL : 8.1.11.5 242038 Bytes 6/13/2010 19:20:50

AEGEN.DLL : 8.1.3.10 377205 Bytes 6/13/2010 19:20:49

AEEMU.DLL : 8.1.2.0 393588 Bytes 6/13/2010 19:20:47

AECORE.DLL : 8.1.15.3 192886 Bytes 6/13/2010 19:20:46

AEBB.DLL : 8.1.1.0 53618 Bytes 6/13/2010 19:20:46

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Short system scan after installation

Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Sunday, June 13, 2010 15:23

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'setup.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'presetup.exe' - '1' Module(s) have been scanned

Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'MSBNTray.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'pg2.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'schedhlp.exe' - '1' Module(s) have been scanned

Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned

Scan process 'DiscWizardMonitor.exe' - '1' Module(s) have been scanned

Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned

Scan process 'CMGrdian.exe' - '1' Module(s) have been scanned

Scan process 'CFD.exe' - '1' Module(s) have been scanned

Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned

Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned

Scan process 'Mcshield.exe' - '1' Module(s) have been scanned

Scan process 'Avconsol.exe' - '1' Module(s) have been scanned

Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned

Scan process 'Vshwin32.exe' - '1' Module(s) have been scanned

Scan process 'VsStat.exe' - '1' Module(s) have been scanned

Scan process 'avgnsx.exe' - '1' Module(s) have been scanned

Scan process 'avgrsx.exe' - '1' Module(s) have been scanned

Scan process 'avgemc.exe' - '1' Module(s) have been scanned

Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned

Scan process 'VsStat.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'Iaantmon.exe' - '1' Module(s) have been scanned

Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'Avsynmgr.exe' - '1' Module(s) have been scanned

Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'schedul2.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).

The registry was scanned ( '1929' files ).

End of the scan: Sunday, June 13, 2010 15:25

Used time: 02:04 Minute(s)

The scan has been done completely.

0 Scanned directories

2431 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

2431 Files not concerned

10 Archives were scanned

0 Warnings

0 Notes

------------------------------------------

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 13:58 on 13/06/2010 (Matt)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Thank you for any advice/tips!

Best regards,

-Matt

DDS.zip

ark.txt

Link to post
Share on other sites

Hello Apex Factor! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me I then I'll tell you what to do.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed of any changes.

Step 1

Please, uninstall the following applications:

  1. Adobe Acrobat - Reader 6.0.2 Update
  2. Adobe Reader 6.0.1

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. MalwareBytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav,

Thanks for taking a stab at this here is the information your requested:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jun 16 18:32:37 2010

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

------------------------------------

Finished reporting.

-------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4207

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/17/2010 12:17:03 AM

mbam-log-2010-06-17 (00-17-03).txt

Scan type: Quick scan

Objects scanned: 154854

Time elapsed: 20 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Matt at 16:57:23.06 on Thu 06/17/2010

Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

TB: McAfee VirusScan: {acb1e670-3217-45c4-a021-6b829a8a27cb} - c:\program files\mcafee\mcafee virusscan\VSCShellExtension.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [VirusScanMSC] "c:\program files\mcafee\mcafee virusscan\VSStat.exe" /EMBEDDING

mRun: [McAfee Guardian] "c:\program files\mcafee\mcafee shared components\guardian\CMGrdian.exe" /SU

mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16

mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{8cc15633-2327-43f4-ba85-b83fdb4b59be}\_18be6784.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\CSLSP.DLL

Trusted Zone: aol.com\free

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {ED6E0299-9169-40DE-93EA-88AB42FA5202} - hxxp://www.danceclubcam.com/download/cfweb_70.84.4.250-download_instmodule.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\652spw9z.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\documents and settings\matt\application data\mozilla\firefox\profiles\652spw9z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-06-17 20:55:19 0 d-----w- c:\docume~1\matt\applic~1\Avira

2010-06-13 19:16:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-13 19:16:27 0 d-----w- c:\program files\Avira

2010-06-13 19:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-06-13 19:12:34 0 d-----w- C:\avira antivirus

2010-06-13 17:58:27 0 ----a-w- c:\documents and settings\matt\defogger_reenable

2010-06-13 16:48:33 0 d-----w- c:\program files\Trend Micro

2010-06-13 16:26:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-13 15:37:17 0 d-----w- C:\hijackthis

2010-06-09 21:03:14 0 d-----w- c:\windows\ERUNT

2010-06-09 21:02:22 0 d-----w- C:\SDFix

2010-06-07 21:52:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-07 21:52:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-07 21:52:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-05 18:29:17 0 ----a-w- c:\windows\MEMORY.DMP

2010-06-05 18:02:31 0 d-----w- c:\program files\MSXML 6.0

2010-06-05 17:58:40 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-05 17:57:31 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-05 17:57:31 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-05 17:57:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-05 17:57:31 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-05 17:57:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-05 17:57:30 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-05 16:06:21 98816 ----a-w- c:\windows\sed.exe

2010-06-05 16:06:21 77312 ----a-w- c:\windows\MBR.exe

2010-06-05 16:06:21 256512 ----a-w- c:\windows\PEV.exe

2010-06-05 16:06:21 161792 ----a-w- c:\windows\SWREG.exe

2010-06-05 16:06:17 0 d-----w- C:\ComboFix

2010-06-05 15:14:31 11564 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx

2010-05-29 13:49:34 446464 ----a-r- c:\windows\system32\hhactivex.dll

2010-05-29 13:49:34 176128 ----a-w- c:\windows\system32\RcdScan.dll

2010-05-29 13:49:33 414944 ----a-w- c:\windows\system32\COMCT332.OCX

2010-05-29 13:49:33 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2010-05-29 13:49:30 7348 ----a-w- c:\windows\system32\Odbcjet.cnt

2010-05-29 13:49:30 171967 ----a-w- c:\windows\system32\Odbcjet.hlp

2010-05-29 13:49:26 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2010-05-29 13:23:05 0 d-----w- c:\windows\system32\CatRoot_bak

2010-05-29 13:20:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-05-29 13:20:27 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-05-29 03:48:18 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-05-29 03:48:17 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-05-29 03:48:16 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-05-29 03:48:15 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-05-28 03:32:05 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls

2010-05-28 03:30:57 9728 -c--a-w- c:\windows\system32\dllcache\query.exe

2010-05-28 03:29:59 86016 -c--a-w- c:\windows\system32\dllcache\imekrmbx.dll

2010-05-28 03:28:51 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2010-05-28 03:25:32 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-05-28 03:25:16 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-05-28 03:25:16 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-05-28 03:25:16 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-05-28 03:25:16 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-05-28 03:24:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-05-28 03:23:36 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe

2010-05-28 03:23:36 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll

2010-05-28 03:23:36 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe

2010-05-28 03:23:35 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe

2010-05-28 02:33:38 13753 ----a-r- c:\windows\SET61.tmp

2010-05-28 02:33:35 1086058 ----a-r- c:\windows\SET55.tmp

2010-05-28 02:33:30 1042903 ----a-r- c:\windows\SET52.tmp

2010-05-28 02:06:04 13753 ----a-r- c:\windows\SET5F.tmp

2010-05-28 02:05:54 1086058 ----a-r- c:\windows\SET53.tmp

2010-05-28 02:05:50 1042903 ----a-r- c:\windows\SET50.tmp

2010-05-28 01:48:01 13753 ----a-r- c:\windows\SET5D.tmp

2010-05-28 01:47:55 1086058 ----a-r- c:\windows\SET51.tmp

2010-05-28 01:47:49 1042903 ----a-r- c:\windows\SET4E.tmp

2010-05-28 00:16:04 1072095 ----a-w- c:\windows\setupapi.log.0.old

2010-05-27 22:44:53 90112 ----a-w- c:\windows\DUMP6987.tmp

2010-05-27 21:40:06 90112 ----a-w- c:\windows\DUMP3642.tmp

2010-05-27 20:03:07 0 d-----w- c:\windows\dell

==================== Find3M ====================

2010-05-28 03:08:37 185344 ----a-r- c:\windows\system32\cmprops.dll

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 02:37:39 70840 ---ha-w- c:\windows\system32\mlfcache.dat

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2005-07-14 20:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll

2005-06-26 23:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 06:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

============= FINISH: 16:59:41.71 ===================

Best regards,

-Matt

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

requested log:

19:28:54:890 2956 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

19:28:54:890 2956 ================================================================================

19:28:54:890 2956 SystemInfo:

19:28:54:890 2956 OS Version: 5.1.2600 ServicePack: 2.0

19:28:54:890 2956 Product type: Workstation

19:28:54:890 2956 ComputerName: NEWSHIT

19:28:54:890 2956 UserName: Matt

19:28:54:890 2956 Windows directory: C:\WINDOWS

19:28:54:890 2956 Processor architecture: Intel x86

19:28:54:890 2956 Number of processors: 2

19:28:54:890 2956 Page size: 0x1000

19:28:54:906 2956 Boot type: Normal boot

19:28:54:906 2956 ================================================================================

19:28:56:265 2956 Initialize success

19:28:56:265 2956

19:28:56:265 2956 Scanning Services ...

19:28:57:250 2956 Raw services enum returned 438 services

19:28:57:437 2956

19:28:57:437 2956 Scanning Drivers ...

19:29:01:859 2956 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys

19:29:01:953 2956 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

19:29:02:046 2956 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:29:02:125 2956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:29:02:250 2956 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:29:02:328 2956 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

19:29:02:484 2956 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

19:29:02:515 2956 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

19:29:02:562 2956 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

19:29:02:593 2956 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

19:29:02:687 2956 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:29:02:734 2956 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:29:02:781 2956 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

19:29:02:828 2956 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

19:29:02:875 2956 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

19:29:02:906 2956 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

19:29:02:984 2956 AnyDVD (523f72a0286e5497059d34a9bf982454) C:\WINDOWS\system32\Drivers\AnyDVD.sys

19:29:03:062 2956 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:29:03:109 2956 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

19:29:03:156 2956 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

19:29:03:187 2956 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

19:29:03:234 2956 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

19:29:03:281 2956 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:29:03:328 2956 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:29:03:593 2956 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

19:29:03:656 2956 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:29:03:687 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:29:03:718 2956 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys

19:29:03:828 2956 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

19:29:03:953 2956 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

19:29:04:015 2956 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

19:29:04:140 2956 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

19:29:04:203 2956 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

19:29:04:281 2956 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

19:29:04:312 2956 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

19:29:04:390 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:29:04:500 2956 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

19:29:04:546 2956 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

19:29:04:593 2956 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys

19:29:04:656 2956 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys

19:29:04:671 2956 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys

19:29:04:734 2956 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

19:29:04:921 2956 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

19:29:04:953 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:29:05:000 2956 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:29:05:031 2956 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

19:29:05:078 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:29:05:125 2956 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

19:29:05:203 2956 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:29:05:265 2956 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS

19:29:05:312 2956 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

19:29:05:437 2956 COMMONFX.DLL (ffa7915d9f157b1176717057957779d6) C:\WINDOWS\system32\COMMONFX.DLL

19:29:05:484 2956 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

19:29:05:796 2956 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys

19:29:06:343 2956 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys

19:29:06:671 2956 CTAUDFX.DLL (998fface7dfb702db57d490d61eb6273) C:\WINDOWS\system32\CTAUDFX.DLL

19:29:06:781 2956 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys

19:29:06:921 2956 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys

19:29:07:015 2956 CTSBLFX.DLL (d77b981ec2f619d622c8573fe44dfa70) C:\WINDOWS\system32\CTSBLFX.DLL

19:29:07:078 2956 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys

19:29:07:140 2956 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

19:29:07:171 2956 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

19:29:07:234 2956 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

19:29:07:546 2956 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

19:29:07:640 2956 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

19:29:07:718 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:29:07:796 2956 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

19:29:07:843 2956 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:29:07:890 2956 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

19:29:08:031 2956 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

19:29:08:093 2956 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

19:29:08:140 2956 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:29:08:187 2956 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

19:29:08:234 2956 ElbyDelay (8d35affbeed58fd66e9fad223de33718) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

19:29:08:296 2956 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys

19:29:08:484 2956 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

19:29:08:578 2956 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:29:08:625 2956 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

19:29:08:703 2956 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:29:08:765 2956 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

19:29:08:812 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:29:08:906 2956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:29:08:937 2956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

19:29:08:968 2956 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:29:09:015 2956 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys

19:29:09:078 2956 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys

19:29:09:218 2956 HidBth (cda7c5208286249ba83aca396ce84cf7) C:\WINDOWS\system32\DRIVERS\hidbth.sys

19:29:09:515 2956 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:29:09:609 2956 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

19:29:09:656 2956 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

19:29:09:718 2956 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

19:29:09:828 2956 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

19:29:09:859 2956 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

19:29:09:921 2956 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

19:29:10:015 2956 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:29:10:125 2956 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys

19:29:10:171 2956 Imagedrv (fccf4ae4ef72cbaba6d6befefd77e940) C:\WINDOWS\system32\DRIVERS\imagedrv.sys

19:29:10:218 2956 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:29:10:265 2956 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

19:29:10:312 2956 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:29:10:390 2956 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:29:10:468 2956 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

19:29:10:546 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:29:10:593 2956 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:29:10:640 2956 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:29:10:687 2956 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:29:10:734 2956 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:29:10:812 2956 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:29:10:890 2956 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:29:10:937 2956 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

19:29:11:031 2956 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

19:29:11:078 2956 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

19:29:11:171 2956 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

19:29:11:218 2956 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

19:29:11:281 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:29:11:437 2956 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

19:29:11:500 2956 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

19:29:11:546 2956 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:29:11:609 2956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:29:11:640 2956 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

19:29:11:703 2956 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

19:29:11:781 2956 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:29:11:875 2956 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:29:11:937 2956 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys

19:29:11:984 2956 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

19:29:12:062 2956 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:29:12:125 2956 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:29:12:156 2956 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

19:29:12:187 2956 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:29:12:234 2956 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

19:29:12:250 2956 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

19:29:12:765 2956 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys

19:29:12:796 2956 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:29:12:843 2956 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

19:29:12:890 2956 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

19:29:12:968 2956 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:29:13:031 2956 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:29:13:078 2956 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:29:13:109 2956 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:29:13:140 2956 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

19:29:13:250 2956 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:29:13:312 2956 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:29:13:781 2956 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:29:13:828 2956 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys

19:29:13:875 2956 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

19:29:13:968 2956 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

19:29:14:093 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:29:14:234 2956 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

19:29:14:281 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:29:14:312 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:29:14:453 2956 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:29:14:515 2956 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

19:29:14:578 2956 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys

19:29:14:609 2956 P0630VID (68cb569ede9cfb3b0bf17966428df025) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys

19:29:14:687 2956 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

19:29:14:734 2956 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

19:29:14:781 2956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:29:14:859 2956 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

19:29:14:921 2956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:29:15:000 2956 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:29:15:093 2956 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys

19:29:15:218 2956 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

19:29:15:250 2956 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

19:29:15:312 2956 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

19:29:15:765 2956 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys

19:29:15:796 2956 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:29:15:812 2956 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

19:29:15:859 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:29:15:937 2956 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:29:16:015 2956 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

19:29:16:062 2956 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

19:29:16:125 2956 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

19:29:16:203 2956 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

19:29:16:250 2956 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

19:29:16:296 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:29:16:343 2956 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:29:16:375 2956 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:29:16:390 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:29:16:687 2956 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:29:16:734 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:29:16:796 2956 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:29:16:875 2956 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

19:29:16:953 2956 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:29:17:015 2956 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

19:29:17:093 2956 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:29:17:125 2956 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:29:17:218 2956 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

19:29:17:265 2956 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:29:17:328 2956 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

19:29:17:546 2956 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:29:17:765 2956 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys

19:29:17:953 2956 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

19:29:18:000 2956 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

19:29:18:046 2956 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

19:29:18:125 2956 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

19:29:18:203 2956 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

19:29:18:265 2956 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

19:29:18:687 2956 sscdbus (1e6aa507c1d34223679075f05481f430) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

19:29:18:781 2956 sscdmdfl (670585c551361dca6814ce7ddcd3f92d) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

19:29:18:828 2956 sscdmdm (e9ca8aadc318b563a3195faf06cbd8e3) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

19:29:18:859 2956 sscdserd (5f74f69cfe8c92b3223867722acc5b6e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys

19:29:18:906 2956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

19:29:19:000 2956 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:29:19:062 2956 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:29:19:140 2956 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

19:29:19:187 2956 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:29:19:265 2956 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:29:19:359 2956 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:29:19:484 2956 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:29:19:921 2956 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

19:29:23:359 2956 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:29:26:281 2956 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:29:26:437 2956 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

19:29:26:578 2956 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:29:27:062 2956 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

19:29:27:281 2956 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys

19:29:27:359 2956 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

19:29:27:453 2956 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

19:29:28:046 2956 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

19:29:28:234 2956 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

19:29:28:406 2956 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

19:29:28:515 2956 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

19:29:28:609 2956 USBCamera (bba58cf6e4c5818ed1e9f3eaddb47f12) C:\WINDOWS\system32\Drivers\Bulk533.sys

19:29:28:875 2956 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:29:28:906 2956 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:29:28:968 2956 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:29:29:000 2956 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:29:29:046 2956 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:29:29:078 2956 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:29:29:156 2956 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:29:29:218 2956 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

19:29:29:265 2956 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

19:29:29:328 2956 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

19:29:29:375 2956 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:29:29:453 2956 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

19:29:29:546 2956 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:29:29:609 2956 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

19:29:29:984 2956 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

19:29:30:062 2956 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:29:30:109 2956 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:29:30:218 2956 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:29:30:296 2956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:29:30:328 2956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:29:30:343 2956

19:29:30:343 2956 Completed

19:29:30:359 2956

19:29:30:359 2956 Results:

19:29:30:359 2956 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

19:29:30:359 2956 File objects infected / cured / cured on reboot: 0 / 0 / 0

19:29:30:359 2956

19:29:30:359 2956 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

I re-downloaded combofix and also updated it. Disabled all virus and malware programs and ran it. Again it said detected rootkit activity and needed to restart, I tried restarting several times in normal boot mode but it kept freezing before I could even sign on. One time I got a blue screen of death:

stop: 0x000000f4 (0x00000003, 0x8a2f7a10, 0x8a2f7b84, 0x80604548). I had no choice but to reboot in safe mode where combofix continued to run. attached is the requested log.

log.txt

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
{FB390FD3-FE6A-4FC0-96C6448DBE9BAC20}

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"9218:TCP"=-
"9219:TCP"=-
"3389:TCP"=-
"8362:TCP"=-
"4931:TCP"=-
"1963:TCP"=-
"2426:TCP"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Step 1

Open Notepad and copy and paste next in it:

REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9942:TCP"=-
"9943:TCP"=-
"9208:TCP"=-
"9209:TCP"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Step 2

  1. Download mbr.exe to your Desktop.
  2. Doubleclick mbr.exe and follow prompts.
  3. When mbr.exe is ready, it will create a log.
  4. Copy and paste contents of that file to your next reply.

Link to post
Share on other sites

Okay I did what it said in the link was able to boot the computer up. However, I tried to run the full GMER and it ended up booting me out after 15 minutes so I ran the mbr program and came up with this:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x0747059C1

malicious code @ sector 0x0747059C4 !

PE file found in sector at 0x0747059DA !

Link to post
Share on other sites

Nope. The imporant line from the log is:

If is OK, everything is fine.

Come back here after three days and let me know how are things.

Things seem to be better, it hangs up once in a while but doesn't freeze anymore. I do though get the occasional malwarebytes protection module pop-up on sites i know are safe.

Thanks for all of your help!

Link to post
Share on other sites

Good! :)

Last steps:

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 3

Please manually delete Defogger, DDS, GMER, JavaRa, TDSSKiller and mbr.

Step 4

Please download and install the latest version of Adobe Reader and Adobe Acrobat from:

www.adobe.com

Please download and insatll the latest version of Java from:

www.java.com/en

Step 5

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.