Jump to content

Browser Redirect


Recommended Posts

I ran the tools that were shown in your Topic #9573 and the log results are attached.

This PC is running Windows XP Pro - Service Pack 3. The browser in both Internet Explorer 8 and Firefox version 3.0.19 are both being redirected.

We are running AVG SB and I did find some references in the last scan to the following:

Virus found JS/Dropper

Trojan Horse Downloader Generic10ANV

Virus identified Exploit.Java

Trojan Horse Java/Downloader W and Downloader V

AVG states that these items automatically go into the virus vault - but my virus vault was full - so I'm really concerned that these viruses / trojan horses are still active.

I was unable to run the GMER tool version 1.0.15.15281 as it locked up and got the blue screen of death referencing this file fgriqpoc.sys. I had the GMER tool version 1.014.14536, so I ran that and the results are in the zipped folder.

The DDS.txt details are as follows:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Grant at 18:38:40.62 on Mon 08/02/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.1919 [GMT -4:00]

AV: AVG Internet Security SBS Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\WINDOWS\system32\wscript.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Grant\Desktop\Defogger.exe

C:\Documents and Settings\Grant\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~3\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\grant\applic~1\mozilla\firefox\profiles\h3cinewy.default\

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-5 12552]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-1-22 24064]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-5 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-16 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-6 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-5-6 1370488]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-5-5 29208]

R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-1-22 176640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-5-5 29208]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-22 30192]

=============== Created Last 30 ================

2010-08-02 22:37:19 0 ----a-w- c:\documents and settings\grant\defogger_reenable

2010-08-02 21:58:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-02 21:58:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-02 05:39:38 0 ----a-w- C:\~.exe

2010-07-29 23:21:46 0 d-----w- c:\windows\system32\appmgmt

2010-07-29 22:03:42 0 d-----w- c:\windows\LMI928.tmp

2010-07-29 20:36:32 0 d-----w- c:\windows\LMI8FE.tmp

2010-07-29 20:19:22 0 d-----w- c:\windows\LMI8FC.tmp

2010-07-28 22:18:30 0 d-----w- c:\windows\LMI633.tmp

2010-07-28 22:18:17 0 d-----w- c:\windows\LMI632.tmp

2010-07-28 22:18:05 0 d-----w- c:\windows\LMI631.tmp

2010-07-22 20:35:54 96512 ----a-w- c:\windows\system32\atapi.sys

2010-07-22 20:35:43 0 d-----w- C:\atapi_sys

2010-07-22 20:30:53 3550592 ----a-w- C:\procexp.exe

2010-07-22 20:30:47 52930 ----a-w- C:\atapi.zip

2010-07-22 20:20:27 0 d-----w- c:\windows\LMI14.tmp

2010-07-22 19:47:26 0 d-----w- c:\windows\LMI3E.tmp

2010-07-22 19:47:04 0 d-----w- c:\windows\LMI3D.tmp

2010-07-22 19:46:31 0 d-----w- c:\windows\LMI3C.tmp

2010-07-22 19:19:30 250 ----a-w- c:\windows\gmer.ini

2010-07-22 19:03:18 0 d-----w- c:\windows\LMI12.tmp

2010-07-22 19:02:58 0 d-----w- c:\windows\LMI11.tmp

2010-07-09 12:28:45 0 d-----w- c:\docume~1\grant\applic~1\Office Genuine Advantage

2010-07-07 22:05:18 0 d-----w- C:\AVGTemp

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 18:39:47.67 ===============

The Malwarebytes log file is as follows:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4382

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/2/2010 6:09:37 PM

mbam-log-2010-08-02 (18-09-37).txt

Scan type: Quick scan

Objects scanned: 156870

Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Please let me know if you need any further tools run.

Thanks,

JCINHPNC

ark.zip

Link to post
Share on other sites

Hi JCINHPNC And Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi JCINHPNC And Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

I have a question - I disabled the AVG Resident Shield and closed our AVG in the system tray. I double clicked on ComboFix and I said to run the application and it loaded and then it minimized into the system tray - and I haven't gotten any prompts in several minutes - does this mean that it's working and looking to see if the recovery console is installed on the PC?

Link to post
Share on other sites

Lets do this for now then we'll deal with ComboFix.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

When it found 1 infection I clicked on skip - since you didn't specify. The log from TDSSKiller follows:

2010/08/04 17:21:28.0582 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2010/08/04 17:21:28.0582 ================================================================================

2010/08/04 17:21:28.0582 SystemInfo:

2010/08/04 17:21:28.0582

2010/08/04 17:21:28.0582 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/04 17:21:28.0582 Product type: Workstation

2010/08/04 17:21:28.0582 ComputerName: GRANT_ALMOND

2010/08/04 17:21:28.0582 UserName: Grant

2010/08/04 17:21:28.0582 Windows directory: C:\WINDOWS

2010/08/04 17:21:28.0582 System windows directory: C:\WINDOWS

2010/08/04 17:21:28.0582 Processor architecture: Intel x86

2010/08/04 17:21:28.0582 Number of processors: 2

2010/08/04 17:21:28.0582 Page size: 0x1000

2010/08/04 17:21:28.0582 Boot type: Normal boot

2010/08/04 17:21:28.0582 ================================================================================

2010/08/04 17:21:28.0707 Initialize success

2010/08/04 17:21:31.0519 ================================================================================

2010/08/04 17:21:31.0519 Scan started

2010/08/04 17:21:31.0519 Mode: Manual;

2010/08/04 17:21:31.0519 ================================================================================

2010/08/04 17:21:32.0316 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/08/04 17:21:32.0363 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/04 17:21:32.0363 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/08/04 17:21:32.0426 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2010/08/04 17:21:32.0472 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/08/04 17:21:32.0519 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/04 17:21:32.0582 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/08/04 17:21:32.0613 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/08/04 17:21:32.0629 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/08/04 17:21:32.0644 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/08/04 17:21:32.0660 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/08/04 17:21:32.0676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/08/04 17:21:32.0707 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/08/04 17:21:32.0722 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/08/04 17:21:32.0754 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/08/04 17:21:32.0769 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/08/04 17:21:32.0785 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/08/04 17:21:32.0801 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/08/04 17:21:32.0832 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/08/04 17:21:32.0863 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/04 17:21:32.0926 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/04 17:21:32.0941 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/04 17:21:32.0957 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/04 17:21:33.0019 Avgfwdx (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/04 17:21:33.0035 Avgfwfd (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/04 17:21:33.0082 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/08/04 17:21:33.0113 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/08/04 17:21:33.0129 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys

2010/08/04 17:21:33.0160 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/08/04 17:21:33.0176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/04 17:21:33.0238 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/08/04 17:21:33.0254 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/04 17:21:33.0254 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/08/04 17:21:33.0269 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/04 17:21:33.0285 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/04 17:21:33.0316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/04 17:21:33.0347 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/08/04 17:21:33.0363 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/08/04 17:21:33.0410 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/08/04 17:21:33.0426 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/08/04 17:21:33.0457 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/04 17:21:33.0472 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2010/08/04 17:21:33.0504 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2010/08/04 17:21:33.0519 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/08/04 17:21:33.0535 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2010/08/04 17:21:33.0535 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2010/08/04 17:21:33.0551 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2010/08/04 17:21:33.0551 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2010/08/04 17:21:33.0551 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2010/08/04 17:21:33.0566 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2010/08/04 17:21:33.0566 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2010/08/04 17:21:33.0613 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/04 17:21:33.0863 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/04 17:21:33.0926 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/04 17:21:33.0972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/04 17:21:34.0019 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/08/04 17:21:34.0051 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/04 17:21:34.0066 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/08/04 17:21:34.0082 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/08/04 17:21:34.0113 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/04 17:21:34.0144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/08/04 17:21:34.0160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/04 17:21:34.0176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/08/04 17:21:34.0207 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/08/04 17:21:34.0207 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/04 17:21:34.0254 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/04 17:21:34.0269 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/08/04 17:21:34.0332 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys

2010/08/04 17:21:34.0363 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/04 17:21:34.0410 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/08/04 17:21:34.0426 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/04 17:21:34.0457 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2010/08/04 17:21:34.0488 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/08/04 17:21:34.0535 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/04 17:21:34.0582 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/08/04 17:21:34.0613 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/08/04 17:21:34.0769 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/08/04 17:21:35.0035 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/04 17:21:35.0097 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/08/04 17:21:35.0113 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/08/04 17:21:35.0129 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/04 17:21:35.0160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/08/04 17:21:35.0176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/04 17:21:35.0207 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/04 17:21:35.0222 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/04 17:21:35.0269 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/04 17:21:35.0285 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/04 17:21:35.0316 isapnp (f08ce61bef07657243233cdfe7660e41) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/04 17:21:35.0316 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: f08ce61bef07657243233cdfe7660e41, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7

2010/08/04 17:21:35.0316 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/08/04 17:21:35.0347 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys

2010/08/04 17:21:35.0363 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/04 17:21:35.0394 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/04 17:21:35.0410 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/04 17:21:35.0441 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/04 17:21:35.0472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/04 17:21:35.0488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/04 17:21:35.0504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/04 17:21:35.0535 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/08/04 17:21:35.0551 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/04 17:21:35.0582 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/08/04 17:21:35.0597 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/04 17:21:35.0629 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/04 17:21:35.0660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/04 17:21:35.0676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/04 17:21:35.0691 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/04 17:21:35.0707 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/04 17:21:35.0722 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/04 17:21:35.0738 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/04 17:21:35.0769 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/04 17:21:35.0785 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/04 17:21:35.0816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/04 17:21:35.0816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/04 17:21:35.0832 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/04 17:21:35.0847 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/04 17:21:35.0879 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/04 17:21:35.0910 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/04 17:21:35.0957 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/04 17:21:35.0988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/04 17:21:36.0019 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/04 17:21:36.0035 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/04 17:21:36.0066 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/08/04 17:21:36.0097 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/04 17:21:36.0113 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/04 17:21:36.0129 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/04 17:21:36.0144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/04 17:21:36.0176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/04 17:21:36.0238 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/08/04 17:21:36.0254 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/08/04 17:21:36.0301 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/04 17:21:36.0332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/04 17:21:36.0347 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/04 17:21:36.0379 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/08/04 17:21:36.0394 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/08/04 17:21:36.0410 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/08/04 17:21:36.0426 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/08/04 17:21:36.0441 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/08/04 17:21:36.0457 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/08/04 17:21:36.0488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/04 17:21:36.0504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/04 17:21:36.0519 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/04 17:21:36.0535 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/04 17:21:36.0566 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/04 17:21:36.0566 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/04 17:21:36.0597 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/04 17:21:36.0644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/04 17:21:36.0691 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/04 17:21:36.0738 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/04 17:21:36.0769 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/08/04 17:21:36.0801 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/08/04 17:21:36.0847 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

2010/08/04 17:21:36.0863 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/04 17:21:36.0894 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/08/04 17:21:36.0941 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/08/04 17:21:36.0957 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/04 17:21:36.0972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/04 17:21:37.0004 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/04 17:21:37.0035 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/04 17:21:37.0051 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/04 17:21:37.0082 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/08/04 17:21:37.0097 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/08/04 17:21:37.0113 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/08/04 17:21:37.0129 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/08/04 17:21:37.0160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/04 17:21:37.0222 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/04 17:21:37.0269 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/04 17:21:37.0285 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/04 17:21:37.0316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/04 17:21:37.0347 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/08/04 17:21:37.0363 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/04 17:21:37.0379 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/08/04 17:21:37.0394 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/04 17:21:37.0472 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/08/04 17:21:37.0504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/04 17:21:37.0519 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/04 17:21:37.0582 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/04 17:21:37.0629 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/04 17:21:37.0676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/04 17:21:37.0707 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/04 17:21:37.0738 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/04 17:21:37.0754 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/04 17:21:37.0801 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/08/04 17:21:37.0832 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/08/04 17:21:37.0863 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/04 17:21:37.0879 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/04 17:21:37.0941 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/04 17:21:38.0019 ================================================================================

2010/08/04 17:21:38.0019 Scan finished

2010/08/04 17:21:38.0019 ================================================================================

2010/08/04 17:21:38.0019 Detected object count: 1

2010/08/04 17:22:03.0519 Rootkit.Win32.TDSS.tdl3(isapnp) - User select action: Skip

Thanks for all of your help. Let me know what to do next.

Link to post
Share on other sites

Here is the log file after the cure and reboot:

2010/08/04 17:43:24.0656 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2010/08/04 17:43:24.0656 ================================================================================

2010/08/04 17:43:24.0656 SystemInfo:

2010/08/04 17:43:24.0656

2010/08/04 17:43:24.0656 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/04 17:43:24.0656 Product type: Workstation

2010/08/04 17:43:24.0656 ComputerName: GRANT_ALMOND

2010/08/04 17:43:24.0656 UserName: Grant

2010/08/04 17:43:24.0656 Windows directory: C:\WINDOWS

2010/08/04 17:43:24.0656 System windows directory: C:\WINDOWS

2010/08/04 17:43:24.0656 Processor architecture: Intel x86

2010/08/04 17:43:24.0656 Number of processors: 2

2010/08/04 17:43:24.0656 Page size: 0x1000

2010/08/04 17:43:24.0656 Boot type: Normal boot

2010/08/04 17:43:24.0656 ================================================================================

2010/08/04 17:43:25.0562 Initialize success

2010/08/04 17:43:28.0437 ================================================================================

2010/08/04 17:43:28.0437 Scan started

2010/08/04 17:43:28.0437 Mode: Manual;

2010/08/04 17:43:28.0437 ================================================================================

2010/08/04 17:43:32.0546 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/08/04 17:43:33.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/04 17:43:33.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/08/04 17:43:34.0296 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2010/08/04 17:43:35.0156 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/08/04 17:43:36.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/04 17:43:37.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/08/04 17:43:38.0609 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/08/04 17:43:40.0125 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/08/04 17:43:41.0171 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/08/04 17:43:42.0312 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/08/04 17:43:42.0953 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/08/04 17:43:43.0656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/08/04 17:43:44.0093 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/08/04 17:43:45.0125 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/08/04 17:43:45.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/08/04 17:43:46.0109 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/08/04 17:43:46.0531 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/08/04 17:43:47.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/08/04 17:43:47.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/04 17:43:48.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/04 17:43:49.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/04 17:43:49.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/04 17:43:50.0015 Avgfwdx (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/04 17:43:50.0031 Avgfwfd (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/04 17:43:50.0343 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/08/04 17:43:50.0750 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/08/04 17:43:51.0031 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys

2010/08/04 17:43:51.0093 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/08/04 17:43:51.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/04 17:43:51.0453 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/08/04 17:43:51.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/04 17:43:51.0750 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/08/04 17:43:51.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/04 17:43:52.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/04 17:43:52.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/04 17:43:52.0718 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/08/04 17:43:52.0781 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/08/04 17:43:52.0890 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/08/04 17:43:53.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/08/04 17:43:54.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/04 17:43:54.0140 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2010/08/04 17:43:54.0171 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2010/08/04 17:43:54.0312 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/08/04 17:43:54.0484 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2010/08/04 17:43:54.0515 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2010/08/04 17:43:54.0562 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2010/08/04 17:43:54.0593 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2010/08/04 17:43:54.0890 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2010/08/04 17:43:55.0125 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2010/08/04 17:43:55.0187 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2010/08/04 17:43:55.0265 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/04 17:43:55.0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/04 17:43:55.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/04 17:43:55.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/04 17:43:55.0812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/08/04 17:43:55.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/04 17:43:56.0203 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/08/04 17:43:56.0625 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/08/04 17:43:57.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/04 17:43:57.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/08/04 17:43:57.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/04 17:43:57.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/08/04 17:43:57.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/08/04 17:43:57.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/04 17:43:57.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/04 17:43:57.0968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/08/04 17:43:58.0031 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys

2010/08/04 17:43:58.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/04 17:43:58.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/08/04 17:43:58.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/04 17:43:58.0531 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2010/08/04 17:43:58.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/08/04 17:43:58.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/04 17:43:58.0718 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/08/04 17:43:58.0968 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/08/04 17:44:00.0734 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/08/04 17:44:02.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/04 17:44:03.0156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/08/04 17:44:03.0296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/08/04 17:44:03.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/04 17:44:03.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/08/04 17:44:04.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/04 17:44:04.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/04 17:44:04.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/04 17:44:04.0968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/04 17:44:05.0218 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/04 17:44:05.0375 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/04 17:44:05.0531 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys

2010/08/04 17:44:05.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/04 17:44:05.0640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/04 17:44:05.0703 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/04 17:44:05.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/04 17:44:05.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/04 17:44:05.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/04 17:44:05.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/04 17:44:06.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/08/04 17:44:06.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/04 17:44:06.0109 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/08/04 17:44:06.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/04 17:44:06.0203 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/04 17:44:06.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/04 17:44:06.0531 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/04 17:44:06.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/04 17:44:06.0687 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/04 17:44:06.0750 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/04 17:44:06.0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/04 17:44:06.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/04 17:44:07.0109 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/04 17:44:07.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/04 17:44:07.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/04 17:44:07.0531 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/04 17:44:07.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/04 17:44:08.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/04 17:44:08.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/04 17:44:08.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/04 17:44:09.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/04 17:44:09.0109 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/04 17:44:09.0406 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/04 17:44:09.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/08/04 17:44:09.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/04 17:44:10.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/04 17:44:10.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/04 17:44:10.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/04 17:44:11.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/04 17:44:12.0484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/08/04 17:44:12.0812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/08/04 17:44:13.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/04 17:44:13.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/04 17:44:13.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/04 17:44:13.0953 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/08/04 17:44:14.0234 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/08/04 17:44:14.0546 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/08/04 17:44:14.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/08/04 17:44:15.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/08/04 17:44:15.0468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/08/04 17:44:15.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/04 17:44:16.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/04 17:44:16.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/04 17:44:16.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/04 17:44:16.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/04 17:44:16.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/04 17:44:17.0031 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/04 17:44:17.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/04 17:44:17.0359 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/04 17:44:17.0671 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/04 17:44:17.0718 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/08/04 17:44:17.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/08/04 17:44:17.0812 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

2010/08/04 17:44:17.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/04 17:44:17.0906 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/08/04 17:44:18.0234 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/08/04 17:44:18.0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/04 17:44:18.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/04 17:44:18.0390 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/04 17:44:18.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/04 17:44:18.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/04 17:44:18.0531 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/08/04 17:44:18.0546 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/08/04 17:44:18.0578 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/08/04 17:44:18.0593 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/08/04 17:44:18.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/04 17:44:18.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/04 17:44:18.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/04 17:44:18.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/04 17:44:18.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/04 17:44:18.0828 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/08/04 17:44:18.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/04 17:44:18.0859 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/08/04 17:44:18.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/04 17:44:18.0937 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/08/04 17:44:19.0000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/04 17:44:19.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/04 17:44:19.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/04 17:44:19.0312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/04 17:44:19.0421 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/04 17:44:19.0531 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/04 17:44:19.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/04 17:44:19.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/04 17:44:19.0750 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/08/04 17:44:19.0812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/08/04 17:44:19.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/04 17:44:19.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/04 17:44:20.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/04 17:44:20.0109 ================================================================================

2010/08/04 17:44:20.0109 Scan finished

2010/08/04 17:44:20.0109 ================================================================================

Link to post
Share on other sites

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Please post the log in your next reply.

Once you've gotten one of them to run then try to immediately run the following:

Run ComboFix as in my instructions in post two.

Link to post
Share on other sites

I was able to run the first rkill.exe file - but I forgot to copy the log file. There were only 6 to 8 lines and no reference to a file. I'm sorry. Do I need to run it again?

I disabled the AVG Resident Shield and right clicked on AVG to close it out - but from the Combofix log file it looks like there were still processes running in the background. This was the problem I was having earlier. I'm just not sure why there are so many AVG processes running.

When ComboFix started up - it failed to install the Microsoft Recovery Console - and didn't give me an option to abort the process.

There is the ComboFix log file:

ComboFix 10-08-03.04 - Grant 08/04/2010 18:03:01.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2397 [GMT -4:00]

Running from: c:\documents and settings\Grant\Desktop\ComboFix.exe

AV: AVG Internet Security SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\~.exe

c:\documents and settings\Grant\g2mdlhlpx.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))

.

2010-08-02 21:58 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-02 21:58 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-29 20:36 . 2010-07-29 20:36 -------- d-----w- c:\windows\LMI8FE.tmp

2010-07-29 20:19 . 2010-07-29 20:19 -------- d-----w- c:\windows\LMI8FC.tmp

2010-07-28 22:30 . 2010-07-28 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

2010-07-28 22:18 . 2010-07-29 23:14 -------- d-----w- c:\windows\LMI633.tmp

2010-07-28 22:18 . 2010-07-28 22:18 -------- d-----w- c:\windows\LMI632.tmp

2010-07-28 22:18 . 2010-07-28 22:18 -------- d-----w- c:\windows\LMI631.tmp

2010-07-22 20:35 . 2008-04-13 16:10 96512 ----a-w- c:\windows\system32\atapi.sys

2010-07-22 20:35 . 2010-07-22 20:35 -------- d-----w- C:\atapi_sys

2010-07-22 20:30 . 2010-05-18 00:07 3550592 ----a-w- C:\procexp.exe

2010-07-22 20:30 . 2010-04-16 07:57 52930 ----a-w- C:\atapi.zip

2010-07-22 20:20 . 2010-07-26 20:29 -------- d-----w- c:\windows\LMI14.tmp

2010-07-22 19:47 . 2010-07-22 19:47 -------- d-----w- c:\windows\LMI3E.tmp

2010-07-22 19:47 . 2010-07-22 19:47 -------- d-----w- c:\windows\LMI3D.tmp

2010-07-22 19:46 . 2010-07-22 19:46 -------- d-----w- c:\windows\LMI3C.tmp

2010-07-22 19:04 . 2010-07-22 19:04 -------- d-----w- c:\documents and settings\Grant\Local Settings\Application Data\ICS

2010-07-22 19:03 . 2010-07-22 19:03 -------- d-----w- c:\windows\LMI12.tmp

2010-07-22 19:02 . 2010-07-22 19:02 -------- d-----w- c:\windows\LMI11.tmp

2010-07-15 03:32 . 2010-07-15 03:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-07-14 08:31 . 2010-07-14 08:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-10 12:01 . 2010-07-10 12:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-07-10 09:54 . 2010-07-10 09:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-09 12:28 . 2010-07-09 12:28 -------- d-----w- c:\documents and settings\Grant\Application Data\Office Genuine Advantage

2010-07-07 22:05 . 2010-07-07 22:05 -------- d-----w- C:\AVGTemp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-04 21:41 . 2008-04-14 00:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-08-04 17:53 . 2009-05-05 20:00 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-02 21:58 . 2010-03-31 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-29 23:29 . 2009-09-02 13:14 -------- d-----w- c:\documents and settings\Grant\Application Data\Amazon

2010-06-24 20:02 . 2010-06-24 20:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb319.tmp.exe

2010-06-11 12:35 . 2009-11-16 14:25 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-11 07:08 . 2009-01-22 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AcrobatUpdater.exe

2009-01-22 06:43 . 2009-05-05 20:53 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-22 30192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2003-12-10 77887]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-31 12:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 10:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/5/2009 12:58 PM 12552]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/22/2009 4:29 AM 24064]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2009 12:58 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2009 12:58 PM 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 9:44 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/6/2009 9:39 AM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/6/2009 9:39 AM 1370488]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/5/2009 12:57 PM 29208]

R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [1/22/2009 4:29 AM 176640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:14 PM 135664]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/5/2009 12:57 PM 29208]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/22/2009 2:43 AM 30192]

.

Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:14]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:14]

2010-08-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

FF - ProfilePath - c:\documents and settings\Grant\Application Data\Mozilla\Firefox\Profiles\h3cinewy.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-04 18:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Grant\LOCALS~1\Temp\Acrobat Distiller 9\000009E8\dirlock.tmp 0 bytes

c:\docume~1\Grant\LOCALS~1\Temp\Acrobat Distiller 9\000009E8\Temp.msg

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3928)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2010-08-04 18:15:38 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-04 22:15

Pre-Run: 133,346,037,760 bytes free

Post-Run: 133,774,458,880 bytes free

- - End Of File - - DD389CEEF24D834546B08FBE9791169A

Link to post
Share on other sites

I found the rkill log file. Here it is:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Grant on 08/04/2010 at 17:59:56.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Grant\Desktop\rkill.exe

Rkill completed on 08/04/2010 at 17:59:57.

Link to post
Share on other sites

Smile we are getting closer. Good job you done there

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Folder::
c:\windows\LMI8FE.tmp
c:\windows\LMI8FC.tmp
c:\windows\LMI633.tmp
c:\windows\LMI632.tmp
c:\windows\LMI631.tmp
c:\windows\LMI14.tmp
c:\windows\LMI3E.tmp
c:\windows\LMI3D.tmp
c:\windows\LMI3C.tmp
c:\windows\LMI12.tmp
c:\windows\LMI11.tmp

DDS::
uInternet Settings,ProxyOverride = *.local

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt and the MBAM report in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

You are the best! Here are the two latest logs

ComboFix:

ComboFix 10-08-03.04 - Grant 08/04/2010 19:20:57.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2501 [GMT -4:00]

Running from: c:\documents and settings\Grant\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Grant\Desktop\CFScript.txt

AV: AVG Internet Security SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\LMI11.tmp

c:\windows\LMI11.tmp\lmi_rescue.exe

c:\windows\LMI11.tmp\LMI_Rescue_srv.exe

c:\windows\LMI11.tmp\logo.bmp

c:\windows\LMI11.tmp\params.txt

c:\windows\LMI11.tmp\ra64app.exe

c:\windows\LMI11.tmp\rahook.dll

c:\windows\LMI11.tmp\rescue.ico

c:\windows\LMI11.tmp\rescue.log

c:\windows\LMI12.tmp

c:\windows\LMI12.tmp\lmi_rescue.exe

c:\windows\LMI12.tmp\LMI_Rescue_srv.exe

c:\windows\LMI12.tmp\logo.bmp

c:\windows\LMI12.tmp\params.txt

c:\windows\LMI12.tmp\ra64app.exe

c:\windows\LMI12.tmp\rahook.dll

c:\windows\LMI12.tmp\rescue.ico

c:\windows\LMI12.tmp\rescue.log

c:\windows\LMI14.tmp

c:\windows\LMI14.tmp\rescue.log

c:\windows\LMI3C.tmp

c:\windows\LMI3C.tmp\lmi_rescue.exe

c:\windows\LMI3C.tmp\LMI_Rescue_srv.exe

c:\windows\LMI3C.tmp\logo.bmp

c:\windows\LMI3C.tmp\params.txt

c:\windows\LMI3C.tmp\ra64app.exe

c:\windows\LMI3C.tmp\rahook.dll

c:\windows\LMI3C.tmp\rescue.ico

c:\windows\LMI3C.tmp\rescue.log

c:\windows\LMI3D.tmp

c:\windows\LMI3D.tmp\lmi_rescue.exe

c:\windows\LMI3D.tmp\LMI_Rescue_srv.exe

c:\windows\LMI3D.tmp\logo.bmp

c:\windows\LMI3D.tmp\params.txt

c:\windows\LMI3D.tmp\ra64app.exe

c:\windows\LMI3D.tmp\rahook.dll

c:\windows\LMI3D.tmp\rescue.ico

c:\windows\LMI3D.tmp\rescue.log

c:\windows\LMI3E.tmp

c:\windows\LMI3E.tmp\lmi_rescue.exe

c:\windows\LMI3E.tmp\LMI_Rescue_srv.exe

c:\windows\LMI3E.tmp\logo.bmp

c:\windows\LMI3E.tmp\params.txt

c:\windows\LMI3E.tmp\ra64app.exe

c:\windows\LMI3E.tmp\rahook.dll

c:\windows\LMI3E.tmp\rescue.ico

c:\windows\LMI3E.tmp\rescue.log

c:\windows\LMI631.tmp

c:\windows\LMI631.tmp\lmi_rescue.exe

c:\windows\LMI631.tmp\LMI_Rescue_srv.exe

c:\windows\LMI631.tmp\logo.bmp

c:\windows\LMI631.tmp\params.txt

c:\windows\LMI631.tmp\ra64app.exe

c:\windows\LMI631.tmp\rahook.dll

c:\windows\LMI631.tmp\rescue.ico

c:\windows\LMI631.tmp\rescue.log

c:\windows\LMI632.tmp

c:\windows\LMI632.tmp\lmi_rescue.exe

c:\windows\LMI632.tmp\LMI_Rescue_srv.exe

c:\windows\LMI632.tmp\logo.bmp

c:\windows\LMI632.tmp\params.txt

c:\windows\LMI632.tmp\ra64app.exe

c:\windows\LMI632.tmp\rahook.dll

c:\windows\LMI632.tmp\rescue.ico

c:\windows\LMI632.tmp\rescue.log

c:\windows\LMI633.tmp

c:\windows\LMI633.tmp\rescue.log

c:\windows\LMI8FC.tmp

c:\windows\LMI8FC.tmp\lmi_rescue.exe

c:\windows\LMI8FC.tmp\LMI_Rescue_srv.exe

c:\windows\LMI8FC.tmp\logo.bmp

c:\windows\LMI8FC.tmp\params.txt

c:\windows\LMI8FC.tmp\ra64app.exe

c:\windows\LMI8FC.tmp\rahook.dll

c:\windows\LMI8FC.tmp\rescue.ico

c:\windows\LMI8FC.tmp\rescue.log

c:\windows\LMI8FE.tmp

c:\windows\LMI8FE.tmp\lmi_rescue.exe

c:\windows\LMI8FE.tmp\LMI_Rescue_srv.exe

c:\windows\LMI8FE.tmp\logo.bmp

c:\windows\LMI8FE.tmp\params.txt

c:\windows\LMI8FE.tmp\ra64app.exe

c:\windows\LMI8FE.tmp\rahook.dll

c:\windows\LMI8FE.tmp\rescue.ico

c:\windows\LMI8FE.tmp\rescue.log

.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))

.

2010-08-02 21:58 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-02 21:58 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-28 22:30 . 2010-07-28 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

2010-07-22 20:35 . 2008-04-13 16:10 96512 ----a-w- c:\windows\system32\atapi.sys

2010-07-22 20:35 . 2010-07-22 20:35 -------- d-----w- C:\atapi_sys

2010-07-22 20:30 . 2010-05-18 00:07 3550592 ----a-w- C:\procexp.exe

2010-07-22 20:30 . 2010-04-16 07:57 52930 ----a-w- C:\atapi.zip

2010-07-22 19:04 . 2010-07-22 19:04 -------- d-----w- c:\documents and settings\Grant\Local Settings\Application Data\ICS

2010-07-15 03:32 . 2010-07-15 03:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-07-14 08:31 . 2010-07-14 08:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-10 12:01 . 2010-07-10 12:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-07-10 09:54 . 2010-07-10 09:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-09 12:28 . 2010-07-09 12:28 -------- d-----w- c:\documents and settings\Grant\Application Data\Office Genuine Advantage

2010-07-07 22:05 . 2010-07-07 22:05 -------- d-----w- C:\AVGTemp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-04 21:41 . 2008-04-14 00:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-08-04 17:53 . 2009-05-05 20:00 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-02 21:58 . 2010-03-31 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-29 23:29 . 2009-09-02 13:14 -------- d-----w- c:\documents and settings\Grant\Application Data\Amazon

2010-06-24 20:02 . 2010-06-24 20:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb319.tmp.exe

2010-06-11 12:35 . 2009-11-16 14:25 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-11 07:08 . 2009-01-22 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\19931\AcrobatUpdater.exe

2009-01-22 06:43 . 2009-05-05 20:53 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-04_22.09.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-04 23:27 . 2010-08-04 23:27 16384 c:\windows\temp\Perflib_Perfdata_fa0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-22 30192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2003-12-10 77887]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-31 12:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 10:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/5/2009 12:58 PM 12552]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/22/2009 4:29 AM 24064]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2009 12:58 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2009 12:58 PM 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 9:44 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/6/2009 9:39 AM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/6/2009 9:39 AM 1370488]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/5/2009 12:57 PM 29208]

R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [1/22/2009 4:29 AM 176640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:14 PM 135664]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/5/2009 12:57 PM 29208]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/22/2009 2:43 AM 30192]

.

Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:14]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:14]

2010-08-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

FF - ProfilePath - c:\documents and settings\Grant\Application Data\Mozilla\Firefox\Profiles\h3cinewy.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-04 19:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4020)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2010-08-04 19:31:17 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-04 23:31

ComboFix2.txt 2010-08-04 22:15

Pre-Run: 133,674,389,504 bytes free

Post-Run: 133,620,084,736 bytes free

- - End Of File - - 724CB1E21C8445039293E616C4316BF3

MalwareBytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4390

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/4/2010 7:35:24 PM

mbam-log-2010-08-04 (19-35-24).txt

Scan type: Quick scan

Objects scanned: 138171

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Let me know what else I need to do.

Thanks - JC

Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

Kenny94 - Thank you so much. I believe we didn't update Java because at one time the local tax office didn't use the newest version - but now they don't use Java, so it's a moot point. I'll uninstall and reinstall the new version. So if I understand you correctly - we more than likely experienced these problems due to the older Java version - is that correct?

This user does use Firefox all the time and I'll make sure he has the newest version installed.

I'm not sure how familiar you are with AVG - but I did note that the virus vault on this PC was totally full - so that new viruses were not going into it. It was set up to delete any viruses older than 30 days and to retain no more than 1000 viruses - so I deleted everything in the virus vault. I did change the retention down to 15 days. I just wasn't sure if you were familiar with the AVG product line.

I do have a question - if we make a donation - does it have to go through PayPal - or can we send you a check?

Thank you once again.

Link to post
Share on other sites

I uninstalled Java and then installed 6 - version 21 - and my java test isn't working - I made sure that in both Internet Explorer 8 and Firefox that I checked all the settings to enable Java - enabled it through the control panel, etc.

Here is the java console:

Java Plug-in 1.6.0_21

Using JRE version 1.6.0_21-b07 Java HotSpot Client VM

User home directory = C:\Documents and Settings\Grant

----------------------------------------------------

c: clear console window

f: finalize objects on finalization queue

g: garbage collect

h: display this help message

l: dump classloader list

m: print memory usage

o: trigger logging

q: hide console

r: reload policy configuration

s: dump system and deployment properties

t: dump thread list

v: dump thread stack

x: clear classloader cache

0-5: set trace level to <n>

----------------------------------------------------

load: class testvm2/Main.class not found.

java.lang.ClassNotFoundException: testvm2.Main.class

at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)

at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.net.SocketException: Permission denied: connect

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at sun.net.NetworkClient.doConnect(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.<init>(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at java.net.HttpURLConnection.getResponseCode(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

... 9 more

Exception: java.lang.ClassNotFoundException: testvm2.Main.class

Any suggestions. Thanks!

Link to post
Share on other sites

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):

All Java (even the one you just download the other day)

Then look for the following Java folders and if found delete them.

C:\Program Files\Java

C:\Program Files\Common Files\Java

C:\Documents and Settings\All Users\Application Data\Java

C:\Documents and Settings\All Users\Application Data\Sun\Java

C:\Documents and Settings\username\Application Data\Java

C:\Documents and Settings\username\Application Data\Sun\Java

Next

Download Java again and let me know?

Link to post
Share on other sites

I ran JavaRa and here is the log file:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 09 12:07:40 2010

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 09 12:18:31 2010

------------------------------------

Finished reporting.

I installed Java 6 version 21 - after removing all the files you noted in your most recent post and I still can't see the image on the test page - the Java console shows the following:

Java Plug-in 1.6.0_21

Using JRE version 1.6.0_21-b07 Java HotSpot Client VM

User home directory = C:\Documents and Settings\Grant

----------------------------------------------------

c: clear console window

f: finalize objects on finalization queue

g: garbage collect

h: display this help message

l: dump classloader list

m: print memory usage

o: trigger logging

q: hide console

r: reload policy configuration

s: dump system and deployment properties

t: dump thread list

v: dump thread stack

x: clear classloader cache

0-5: set trace level to <n>

----------------------------------------------------

load: class testvm2/Main.class not found.

java.lang.ClassNotFoundException: testvm2.Main.class

at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)

at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.net.SocketException: Permission denied: connect

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at sun.net.NetworkClient.doConnect(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.<init>(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at java.net.HttpURLConnection.getResponseCode(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

... 9 more

Exception: java.lang.ClassNotFoundException: testvm2.Main.class

load: class testvm2/Main.class not found.

java.lang.ClassNotFoundException: testvm2.Main.class

at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)

at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)

at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.net.SocketException: Permission denied: connect

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at sun.net.NetworkClient.doConnect(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.<init>(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.http.HttpClient.New(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at java.net.HttpURLConnection.getResponseCode(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)

at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

... 9 more

Exception: java.lang.ClassNotFoundException: testvm2.Main.class

Still can't view the test page at Java site.

Ughh!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.