Jump to content

Cannot remove backdoor.tidserv (round 2)


vandy

Recommended Posts

I have noticed from other threads that others are having the same problem removing the backdoor.tidserv trojan that I am having. I have read thoroughly through other posts in an attempt to fix this myself but can't seem to get rid of it. I can run Malwarebytes but it does not detect the trojan. I run Symantic and it will discover the trojan but will not be able to get rid of it. I would appreciate any help on this matter. Thank you.

I have followed the instructions for "I'm infected - What do I do now?" and the posts are as follows (attach.zip is an attachment):

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4666

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/21/2010 2:29:13 PM

mbam-log-2010-09-21 (14-29-13).txt

Scan type: Quick scan

Objects scanned: 254833

Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by troyvandyke at 12:05:56.50 on Thu 09/23/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.2719 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\windows\system32\spoolsv.exe

svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\windows\system32\EpStsSrv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\MVi\Client Engine\ClientEngine.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\PDF Complete\pdfsvc.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe

C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe

C:\PROGRA~1\SAAZOD\SAAZScheduler.exe

C:\PROGRA~1\SAAZOD\RMHLPDSK.exe

C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe

C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\windows\system32\ESDUSBMon.EXE

C:\windows\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\windows\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\MVi\Client Engine\ClientPostSvcController.exe

C:\Program Files\MVi\RCS\rcs.exe

C:\Program Files\MVi\Hotkey\MVI_HotKey.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\mvi\control\RCSListener.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

\\fs3\FolderRedirections\troyvandyke\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [MVIClientEngineController] c:\program files\mvi\client engine\ClientPostSvcController.exe

mRun: [MViRCS] "c:\program files\mvi\rcs\rcs.exe"

mRun: [ESDUSBMon.exe] c:\windows\system32\ESDUSBMon.exe

mRun: [MVIHotKey] "c:\program files\mvi\hotkey\MVI_HotKey.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://fs1/connectcomputer/nshelp.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269269801562

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269269797109

DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mviusa.webex.com/client/T27LB/support/ieatgpc.cab

TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-19 214024]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-14 47640]

R2 MVi Client Engine;MVi Client Engine;c:\program files\mvi\client engine\ClientEngine.exe [2008-9-17 122880]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-19 635416]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2009-6-13 81920]

R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2009-6-4 73728]

R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2010-4-5 77824]

R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]

R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2009-6-4 81920]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-1-19 2066968]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-1-19 149600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-9 102448]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100922.009\naveng.sys [2010-9-23 85424]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100922.009\navex15.sys [2010-9-23 1362608]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-8-3 13408]

R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.SYS [2010-4-14 48256]

S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\admini~1\locals~1\temp\006666~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\006666~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-19 79816]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-19 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-19 34248]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-09-23 17:03:36 0 ----a-w- c:\documents and settings\troyvandyke\defogger_reenable

2010-09-21 19:23:53 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-09-21 19:23:53 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-09-21 19:21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-21 19:21:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-21 19:21:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-21 17:55:43 0 d-sha-r- C:\cmdcons

2010-09-21 17:51:18 98816 ----a-w- c:\windows\sed.exe

2010-09-21 17:51:18 77312 ----a-w- c:\windows\MBR.exe

2010-09-21 17:51:18 256512 ----a-w- c:\windows\PEV.exe

2010-09-21 17:51:18 161792 ----a-w- c:\windows\SWREG.exe

2010-09-21 17:41:50 0 ----a-w- c:\windows\vpc32.INI

2010-09-17 15:36:44 0 d-----w- C:\spoolerlogs

2010-09-17 15:31:57 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-01-20 00:28:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2010-01-20 00:28:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2010-03-20 00:37:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010031920100320\index.dat

============= FINISH: 12:06:29.69 ===============

Attach.zip

Link to post
Share on other sites

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

here is the TDSSKiller log, followed by the ComboFix log:

2010/09/27 10:17:35.0616 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/27 10:17:35.0616 ================================================================================

2010/09/27 10:17:35.0616 SystemInfo:

2010/09/27 10:17:35.0616

2010/09/27 10:17:35.0616 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/27 10:17:35.0616 Product type: Workstation

2010/09/27 10:17:35.0616 ComputerName: BRANCH201

2010/09/27 10:17:35.0616 UserName: troyvandyke

2010/09/27 10:17:35.0616 Windows directory: C:\windows

2010/09/27 10:17:35.0616 System windows directory: C:\windows

2010/09/27 10:17:35.0616 Processor architecture: Intel x86

2010/09/27 10:17:35.0616 Number of processors: 2

2010/09/27 10:17:35.0616 Page size: 0x1000

2010/09/27 10:17:35.0616 Boot type: Normal boot

2010/09/27 10:17:35.0616 ================================================================================

2010/09/27 10:17:35.0741 Initialize success

2010/09/27 10:17:39.0679 ================================================================================

2010/09/27 10:17:39.0679 Scan started

2010/09/27 10:17:39.0679 Mode: Manual;

2010/09/27 10:17:39.0679 ================================================================================

2010/09/27 10:17:40.0226 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys

2010/09/27 10:17:40.0288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

2010/09/27 10:17:40.0320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys

2010/09/27 10:17:40.0351 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys

2010/09/27 10:17:40.0382 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys

2010/09/27 10:17:40.0413 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2010/09/27 10:17:40.0445 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2010/09/27 10:17:40.0492 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys

2010/09/27 10:17:40.0507 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys

2010/09/27 10:17:40.0632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2010/09/27 10:17:40.0679 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2010/09/27 10:17:40.0726 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2010/09/27 10:17:40.0773 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2010/09/27 10:17:40.0820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2010/09/27 10:17:40.0992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2010/09/27 10:17:41.0070 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2010/09/27 10:17:41.0117 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2010/09/27 10:17:41.0117 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys

2010/09/27 10:17:41.0195 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2010/09/27 10:17:41.0273 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2010/09/27 10:17:41.0335 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

2010/09/27 10:17:41.0429 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

2010/09/27 10:17:41.0429 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2010/09/27 10:17:41.0460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2010/09/27 10:17:41.0507 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys

2010/09/27 10:17:41.0554 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2010/09/27 10:17:41.0585 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys

2010/09/27 10:17:41.0632 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys

2010/09/27 10:17:41.0726 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/09/27 10:17:41.0742 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/09/27 10:17:41.0820 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2010/09/27 10:17:41.0851 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

2010/09/27 10:17:41.0898 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

2010/09/27 10:17:41.0913 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2010/09/27 10:17:41.0945 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys

2010/09/27 10:17:41.0976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2010/09/27 10:17:42.0007 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

2010/09/27 10:17:42.0038 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2010/09/27 10:17:42.0054 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/09/27 10:17:42.0085 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys

2010/09/27 10:17:42.0117 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys

2010/09/27 10:17:42.0132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2010/09/27 10:17:42.0195 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2010/09/27 10:17:42.0257 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

2010/09/27 10:17:42.0304 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys

2010/09/27 10:17:42.0351 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys

2010/09/27 10:17:42.0367 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys

2010/09/27 10:17:42.0382 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys

2010/09/27 10:17:42.0398 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys

2010/09/27 10:17:42.0413 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys

2010/09/27 10:17:42.0445 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys

2010/09/27 10:17:42.0460 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys

2010/09/27 10:17:42.0492 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys

2010/09/27 10:17:42.0523 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys

2010/09/27 10:17:42.0570 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys

2010/09/27 10:17:42.0601 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys

2010/09/27 10:17:42.0632 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys

2010/09/27 10:17:42.0695 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys

2010/09/27 10:17:42.0726 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys

2010/09/27 10:17:42.0867 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys

2010/09/27 10:17:43.0038 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

2010/09/27 10:17:43.0070 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS

2010/09/27 10:17:43.0085 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2010/09/27 10:17:43.0226 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys

2010/09/27 10:17:43.0304 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

2010/09/27 10:17:43.0335 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

2010/09/27 10:17:43.0382 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys

2010/09/27 10:17:43.0398 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/09/27 10:17:43.0413 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2010/09/27 10:17:43.0429 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2010/09/27 10:17:43.0476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2010/09/27 10:17:43.0523 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2010/09/27 10:17:43.0554 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

2010/09/27 10:17:43.0585 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys

2010/09/27 10:17:43.0617 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

2010/09/27 10:17:43.0632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys

2010/09/27 10:17:43.0710 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2010/09/27 10:17:43.0757 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2010/09/27 10:17:43.0867 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/09/27 10:17:43.0913 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys

2010/09/27 10:17:43.0960 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys

2010/09/27 10:17:43.0976 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys

2010/09/27 10:17:44.0023 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys

2010/09/27 10:17:44.0054 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys

2010/09/27 10:17:44.0101 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys

2010/09/27 10:17:44.0148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2010/09/27 10:17:44.0195 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

2010/09/27 10:17:44.0226 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

2010/09/27 10:17:44.0257 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

2010/09/27 10:17:44.0304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2010/09/27 10:17:44.0335 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2010/09/27 10:17:44.0367 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/09/27 10:17:44.0382 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2010/09/27 10:17:44.0413 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2010/09/27 10:17:44.0429 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2010/09/27 10:17:44.0445 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2010/09/27 10:17:44.0460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2010/09/27 10:17:44.0507 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2010/09/27 10:17:44.0554 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys

2010/09/27 10:17:44.0679 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\naveng.sys

2010/09/27 10:17:44.0851 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\navex15.sys

2010/09/27 10:17:44.0913 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys

2010/09/27 10:17:44.0976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2010/09/27 10:17:45.0007 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2010/09/27 10:17:45.0038 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys

2010/09/27 10:17:45.0070 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

2010/09/27 10:17:45.0101 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2010/09/27 10:17:45.0132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2010/09/27 10:17:45.0163 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2010/09/27 10:17:45.0210 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2010/09/27 10:17:45.0242 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2010/09/27 10:17:45.0273 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2010/09/27 10:17:45.0288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2010/09/27 10:17:45.0335 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys

2010/09/27 10:17:45.0351 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

2010/09/27 10:17:45.0398 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2010/09/27 10:17:45.0413 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

2010/09/27 10:17:45.0445 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

2010/09/27 10:17:45.0460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

2010/09/27 10:17:45.0476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys

2010/09/27 10:17:45.0601 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2010/09/27 10:17:45.0617 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2010/09/27 10:17:45.0632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2010/09/27 10:17:45.0820 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\windows\system32\DRIVERS\radpms.sys

2010/09/27 10:17:45.0851 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2010/09/27 10:17:45.0898 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/09/27 10:17:45.0913 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2010/09/27 10:17:45.0929 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2010/09/27 10:17:45.0945 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2010/09/27 10:17:45.0960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/09/27 10:17:45.0992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2010/09/27 10:17:46.0038 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2010/09/27 10:17:46.0070 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

2010/09/27 10:17:46.0101 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys

2010/09/27 10:17:46.0210 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/09/27 10:17:46.0242 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/09/27 10:17:46.0320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2010/09/27 10:17:46.0367 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys

2010/09/27 10:17:46.0398 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys

2010/09/27 10:17:46.0445 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2010/09/27 10:17:46.0601 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/09/27 10:17:46.0679 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2010/09/27 10:17:46.0726 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

2010/09/27 10:17:46.0773 Srv (89220b427890aa1dffd1a02648ae51c3) C:\windows\system32\DRIVERS\srv.sys

2010/09/27 10:17:46.0804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2010/09/27 10:17:46.0804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2010/09/27 10:17:46.0851 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys

2010/09/27 10:17:46.0867 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys

2010/09/27 10:17:46.0898 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/09/27 10:17:46.0914 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys

2010/09/27 10:17:46.0945 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS

2010/09/27 10:17:47.0007 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS

2010/09/27 10:17:47.0039 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys

2010/09/27 10:17:47.0054 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys

2010/09/27 10:17:47.0085 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2010/09/27 10:17:47.0117 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2010/09/27 10:17:47.0164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2010/09/27 10:17:47.0179 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2010/09/27 10:17:47.0226 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2010/09/27 10:17:47.0273 TMUSB (36bc389ca632e6536b54e54103e8a0dd) C:\windows\system32\DRIVERS\TMUSBXP.SYS

2010/09/27 10:17:47.0320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2010/09/27 10:17:47.0382 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2010/09/27 10:17:47.0429 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2010/09/27 10:17:47.0460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2010/09/27 10:17:47.0492 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2010/09/27 10:17:47.0523 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2010/09/27 10:17:47.0570 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/09/27 10:17:47.0617 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2010/09/27 10:17:47.0664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2010/09/27 10:17:47.0695 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys

2010/09/27 10:17:47.0742 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

2010/09/27 10:17:47.0757 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2010/09/27 10:17:47.0789 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2010/09/27 10:17:47.0835 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/09/27 10:17:47.0867 ================================================================================

2010/09/27 10:17:47.0867 Scan finished

2010/09/27 10:17:47.0867 ================================================================================

COMBO-FIX LOG:

ComboFix 10-09-26.04 - troyvandyke 09/27/2010 10:37:09.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.2635 [GMT -5:00]

Running from: \\fs3\FolderRedirections\troyvandyke\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))

.

2010-09-21 19:23 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-09-21 19:21 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-21 19:21 . 2010-09-21 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-21 19:21 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-17 15:36 . 2010-09-17 15:36 -------- d-----w- C:\spoolerlogs

2010-09-17 15:35 . 2010-09-17 15:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-09-17 15:31 . 2010-09-17 15:31 -------- d-----w- c:\windows\system32\wbem\Repository

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-27 15:23 . 2010-04-14 15:10 -------- d-----w- c:\program files\LogMeIn

2010-09-27 15:22 . 2010-03-23 19:26 -------- d-----w- c:\program files\Symantec AntiVirus

2010-09-27 15:07 . 2010-03-23 19:25 -------- d-----w- c:\program files\SAAZOD

2010-09-22 05:41 . 2010-01-20 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PDFC

2010-09-21 19:21 . 2010-05-06 17:35 -------- d-----w- c:\documents and settings\troyvandyke\Application Data\Malwarebytes

2010-09-21 19:21 . 2010-03-22 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-27 17:28 . 2010-05-10 20:52 -------- d-----w- c:\documents and settings\troyvandyke\Application Data\U3

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608]

"MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352]

"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416]

"MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-06-09 21:50 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\MVi\\control\\RCSListener.exe"=

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856]

R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 1:59 PM 122880]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 7:35 PM 635416]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032]

R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 11:33 AM 81920]

R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 11:49 AM 73728]

R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 2:53 PM 77824]

R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 7:46 PM 77824]

R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 11:51 AM 81920]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 7:30 PM 2066968]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 8:19 PM 149600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2010 5:14 AM 102448]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 12:46 PM 44800]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [8/3/2007 3:04 PM 13408]

R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.SYS [4/14/2010 4:13 PM 48256]

S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8

DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB

DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-27 10:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3980)

c:\windows\system32\WININET.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-09-27 10:41:26

ComboFix-quarantined-files.txt 2010-09-27 15:41

ComboFix2.txt 2010-09-22 22:56

Pre-Run: 132,619,087,872 bytes free

Post-Run: 132,615,806,976 bytes free

- - End Of File - - 71CFE9150456F0053DAF33B111898A5B

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

here are the next two logs! :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4704

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/27/2010 12:19:30 PM

mbam-log-2010-09-27 (12-19-30).txt

Scan type: Quick scan

Objects scanned: 225408

Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET log:

C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP238\A0018976.dll Win32/Olmarik.ADF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP238\A0018977.dll Win32/Olmarik.ADF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP245\A0022946.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined

Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.