Jump to content

Infected with possible Trojan


Dom

Recommended Posts

Ok so my problem is as follows. Computer got infected, I disconnected the internet and AVG says it's spotted fake trojan. I update MBAM and it finds 15 infected files which it removes (Log: 15-01-19). I reboot and run MBAM which comes up clean. I then reconnect internet having missed AVG which has the same warning. AVG suddenly brings up multiple infections which increase the longer you leave on pc. It says i:\WINDOWS\explorer.exe is infected by is Trojan horse Patched_c.JED. I disconnected internet and run MBAM twice which comes up clean again (other two logs). Followed stickied instructions but GMer locks up PC and I can't get it to work. DDs log is attached.

It may also help to know the computer is running a patitioned drive with XP, 7 and Linux. I'm running all this on the XP.

attach___dds.zip

mbam_log_2010_10_02__22_23_50_.txt

mbam_log_2010_10_02__16_55_14_.txt

mbam_log_2010_10_02__15_01_19_.txt

Link to post
Share on other sites

Extra Information: My dad tried to put avast on the computer an reconnected it to the internet. He got one scan off and apparently found BAMITAL.AC but now it's got worse and the computer will no longer log on probably and none of the icons appear. However the Windows 7 partition seems to be working fine.

I tried running gmer from windows 7 but it says C:\Windows\system32\config\system: cannot find the file specified (C: is the drive is the rest of the drive with 7 on.)

( The I: drive in the logs is the partitioned windows xp part of the hard drive.)

Link to post
Share on other sites

http://windows.microsoft.com/en-us/windows...ns-in-Windows-7

System Restore Win7

System Restore

Restores your computer's system files to an earlier point in time without affecting your files, such as e-mail, documents, or photos.

If you use System Restore from the System Recovery Options menu, you cannot undo the restore operation. However, you can run System Restore again and choose a different restore point, if one exists.

If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter. (If Repair your computer isn't listed as an option, then your computer doesn't include preinstalled recovery options, or your network administrator has turned them off.)

Select a keyboard layout, and then click Next.

On the System Recovery Options menu, click a tool to open it.

Link to post
Share on other sites

not sure what my lads done to the machine -

its triple boot win 7 and wind xp, linux - of which the xp partition is his gaming area.

the windows 7 area is reporting clean i believe,

however i ran avast 5 on the win xp - and it came up with the bamital.ac warnings but was blocking the access

i tried to repair it and it said it couldnt. so i got it put into into fault instead.

I then got out of avast and ran up malware for a scan. it reported a tdcc root virus and couple of extra things. I told it to remove them, and rebooted.

however on reboot - it logs in and there are no menu on the buttom and no icons - just the background. ctrl/alt/del shows the task manager but nothing else.

bit of a pisser this - as it took many nights trying to get easybcd to setup the installs the way i wanted them.

can you get the XP section back or do I have to do an XP repair or worse a reinstall?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/2/2010 15:01:19

mbam-log-2010-10-02 (15-01-19).txt

Scan type: Full scan (C:\|E:\|I:\|)

Objects scanned: 685566

Time elapsed: 1 hour(s), 53 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a79a12d4-3b9d-07af-e824-19501a3e08b9} (Spyware.Zbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smh2b46tdp (Trojan.FraudPack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecowsmrnxa.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

I:\Documents and Settings\Dom\Application Data\Upxina\niyve.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

I:\WINDOWS\Vmutia.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

I:\Documents and Settings\Dom\Local Settings\Temp\ecowsmrnxa.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

I:\Documents and Settings\Dom\Local Settings\Temp\Vt2.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

I:\Documents and Settings\Dom\Local Settings\Temp\Vt3.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

I:\Documents and Settings\Dom\Local Settings\Temp\Vtz.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

I:\Documents and Settings\Dom\Local Settings\Temporary Internet Files\Content.IE5\YFY05J6I\lpkezhfmu[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.

I:\WINDOWS\system32\drivers\tyteplj.sys (Rootkit.Agent) -> Delete on reboot.

I:\WINDOWS\system32\spool\prtprocs\w32x86\5yWS5.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

I:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQ93c79.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

I:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

This the first scan

Here are the next two which came up clean.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/2/2010 16:55:14

mbam-log-2010-10-02 (16-55-14).txt

Scan type: Full scan (C:\|E:\|I:\|)

Objects scanned: 685165

Time elapsed: 1 hour(s), 49 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/2/2010 22:23:50

mbam-log-2010-10-02 (22-23-50).txt

Scan type: Full scan (C:\|E:\|I:\|)

Objects scanned: 685495

Time elapsed: 1 hour(s), 56 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

If need be, download the tools needed to a flash drive or other removable media, and run them from the USB device.

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller

Link to post
Share on other sites

Ran this on Windows 7 as cant get into XP

010/10/03 14:48:04.0454 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54

2010/10/03 14:48:04.0454 ================================================================================

2010/10/03 14:48:04.0454 SystemInfo:

2010/10/03 14:48:04.0454

2010/10/03 14:48:04.0454 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/03 14:48:04.0454 Product type: Workstation

2010/10/03 14:48:04.0454 ComputerName: MONSTER-PC

2010/10/03 14:48:04.0455 UserName: will

2010/10/03 14:48:04.0455 Windows directory: C:\Windows

2010/10/03 14:48:04.0455 System windows directory: C:\Windows

2010/10/03 14:48:04.0455 Running under WOW64

2010/10/03 14:48:04.0455 Processor architecture: Intel x64

2010/10/03 14:48:04.0455 Number of processors: 8

2010/10/03 14:48:04.0455 Page size: 0x1000

2010/10/03 14:48:04.0455 Boot type: Normal boot

2010/10/03 14:48:04.0455 ================================================================================

2010/10/03 14:48:04.0455 Utility is running under WOW64

2010/10/03 14:48:04.0831 Initialize success

2010/10/03 14:48:07.0332 ================================================================================

2010/10/03 14:48:07.0332 Scan started

2010/10/03 14:48:07.0332 Mode: Manual;

2010/10/03 14:48:07.0332 ================================================================================

2010/10/03 14:48:08.0689 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/03 14:48:08.0715 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/03 14:48:08.0737 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/03 14:48:08.0788 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

2010/10/03 14:48:08.0837 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/03 14:48:08.0853 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/03 14:48:08.0866 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/03 14:48:08.0904 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/10/03 14:48:08.0927 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/03 14:48:08.0956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/03 14:48:08.0974 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/03 14:48:08.0984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/03 14:48:08.0995 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/03 14:48:09.0007 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/03 14:48:09.0026 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/03 14:48:09.0052 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/03 14:48:09.0062 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/10/03 14:48:09.0101 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/10/03 14:48:09.0122 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/03 14:48:09.0166 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys

2010/10/03 14:48:09.0192 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys

2010/10/03 14:48:09.0215 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys

2010/10/03 14:48:09.0248 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys

2010/10/03 14:48:09.0261 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys

2010/10/03 14:48:09.0277 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/03 14:48:09.0292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/03 14:48:09.0332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/10/03 14:48:09.0359 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/03 14:48:09.0389 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/10/03 14:48:09.0420 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/03 14:48:09.0444 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/03 14:48:09.0454 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/03 14:48:09.0465 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/03 14:48:09.0482 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/10/03 14:48:09.0493 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/03 14:48:09.0510 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/03 14:48:09.0546 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/03 14:48:09.0583 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/03 14:48:09.0607 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/03 14:48:09.0677 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/03 14:48:09.0698 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/03 14:48:09.0730 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/10/03 14:48:09.0761 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/03 14:48:09.0792 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/03 14:48:09.0808 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/10/03 14:48:09.0823 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/03 14:48:09.0854 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/03 14:48:09.0880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/03 14:48:09.0915 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/10/03 14:48:09.0940 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/10/03 14:48:09.0960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/10/03 14:48:09.0990 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/10/03 14:48:10.0030 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/10/03 14:48:10.0080 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/03 14:48:10.0160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/10/03 14:48:10.0220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/03 14:48:10.0260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/03 14:48:10.0280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/10/03 14:48:10.0300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/10/03 14:48:10.0320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/03 14:48:10.0340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/10/03 14:48:10.0355 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/10/03 14:48:10.0380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/03 14:48:10.0400 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/10/03 14:48:10.0430 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/10/03 14:48:10.0445 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/03 14:48:10.0475 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/03 14:48:10.0500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/03 14:48:10.0540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/10/03 14:48:10.0590 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/03 14:48:10.0630 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/10/03 14:48:10.0660 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/03 14:48:10.0670 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/03 14:48:10.0680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/03 14:48:10.0690 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/03 14:48:10.0715 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/03 14:48:10.0755 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/03 14:48:10.0795 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/10/03 14:48:10.0820 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/03 14:48:10.0835 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/03 14:48:10.0865 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/03 14:48:10.0880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/03 14:48:10.0945 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys

2010/10/03 14:48:10.0985 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/03 14:48:11.0010 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/03 14:48:11.0030 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/03 14:48:11.0040 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/03 14:48:11.0055 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/10/03 14:48:11.0090 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/10/03 14:48:11.0105 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/03 14:48:11.0125 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/03 14:48:11.0145 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/03 14:48:11.0165 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/03 14:48:11.0185 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/03 14:48:11.0215 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/03 14:48:11.0230 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/10/03 14:48:11.0280 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys

2010/10/03 14:48:11.0305 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys

2010/10/03 14:48:11.0320 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2010/10/03 14:48:11.0340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/03 14:48:11.0365 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2010/10/03 14:48:11.0395 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/03 14:48:11.0405 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/03 14:48:11.0430 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/03 14:48:11.0440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/03 14:48:11.0475 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/10/03 14:48:11.0520 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys

2010/10/03 14:48:11.0540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/03 14:48:11.0550 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/03 14:48:11.0575 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/10/03 14:48:11.0595 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/03 14:48:11.0610 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/03 14:48:11.0630 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/03 14:48:11.0655 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/10/03 14:48:11.0665 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/03 14:48:11.0685 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/03 14:48:11.0705 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/10/03 14:48:11.0730 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/03 14:48:11.0750 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/03 14:48:11.0770 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/03 14:48:11.0780 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/03 14:48:11.0800 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/03 14:48:11.0835 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/10/03 14:48:11.0850 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/03 14:48:11.0865 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/03 14:48:11.0890 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/03 14:48:11.0906 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/03 14:48:11.0906 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/10/03 14:48:11.0937 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/10/03 14:48:11.0952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/03 14:48:11.0968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/10/03 14:48:11.0999 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/03 14:48:12.0062 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys

2010/10/03 14:48:12.0093 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/10/03 14:48:12.0140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/03 14:48:12.0171 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/10/03 14:48:12.0202 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/03 14:48:12.0249 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/03 14:48:12.0280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/03 14:48:12.0296 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/03 14:48:12.0296 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/10/03 14:48:12.0327 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/03 14:48:12.0342 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/03 14:48:12.0374 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/03 14:48:12.0405 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/10/03 14:48:12.0420 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/03 14:48:12.0467 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/10/03 14:48:12.0498 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/10/03 14:48:12.0698 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/10/03 14:48:12.0758 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/03 14:48:12.0768 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/03 14:48:12.0788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/03 14:48:12.0798 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/03 14:48:12.0842 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/10/03 14:48:12.0862 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/10/03 14:48:12.0883 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/10/03 14:48:12.0905 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/03 14:48:12.0928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/03 14:48:12.0950 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/10/03 14:48:12.0976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/10/03 14:48:13.0046 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/03 14:48:13.0056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/10/03 14:48:13.0093 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/03 14:48:13.0128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/03 14:48:13.0151 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/03 14:48:13.0173 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/03 14:48:13.0262 RapportKE64 (561d88a674190d862c3e91ae82d4fc7b) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys

2010/10/03 14:48:13.0330 RapportPG64 (57a8cb1c099fc28c00216804dad03fe5) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys

2010/10/03 14:48:13.0350 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/03 14:48:13.0373 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/03 14:48:13.0388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/03 14:48:13.0408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/03 14:48:13.0418 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/03 14:48:13.0442 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/03 14:48:13.0461 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/03 14:48:13.0471 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/03 14:48:13.0507 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/10/03 14:48:13.0531 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/03 14:48:13.0552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/03 14:48:13.0572 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/10/03 14:48:13.0598 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/10/03 14:48:13.0633 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/03 14:48:13.0663 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

2010/10/03 14:48:13.0692 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/10/03 14:48:13.0716 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/03 14:48:13.0729 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/03 14:48:13.0758 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/03 14:48:13.0787 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/03 14:48:13.0797 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/10/03 14:48:13.0807 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/03 14:48:13.0830 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/03 14:48:13.0841 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/03 14:48:13.0852 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/03 14:48:13.0863 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/03 14:48:13.0897 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/03 14:48:13.0907 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/03 14:48:13.0924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/10/03 14:48:13.0969 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/10/03 14:48:14.0016 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys

2010/10/03 14:48:14.0040 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/03 14:48:14.0067 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/03 14:48:14.0121 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys

2010/10/03 14:48:14.0145 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/03 14:48:14.0166 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/10/03 14:48:14.0191 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/10/03 14:48:14.0210 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/03 14:48:14.0282 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/10/03 14:48:14.0322 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/03 14:48:14.0348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/03 14:48:14.0370 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/10/03 14:48:14.0380 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/10/03 14:48:14.0401 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/03 14:48:14.0427 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/03 14:48:14.0456 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/03 14:48:14.0472 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/03 14:48:14.0483 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/03 14:48:14.0508 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/03 14:48:14.0544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/03 14:48:14.0562 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/03 14:48:14.0572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/03 14:48:14.0619 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/10/03 14:48:14.0659 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2010/10/03 14:48:14.0680 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/03 14:48:14.0691 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/03 14:48:14.0711 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/03 14:48:14.0731 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/03 14:48:14.0765 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/03 14:48:14.0785 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/03 14:48:14.0814 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/03 14:48:14.0840 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/03 14:48:14.0854 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/03 14:48:14.0889 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2010/10/03 14:48:14.0944 VBoxDrv (1287ce7b6cc8fd5a9c505b2c84a400cb) C:\Windows\system32\DRIVERS\VBoxDrv.sys

2010/10/03 14:48:14.0972 VBoxNetAdp (55c13725fc3b0cac69b5744ca0d1e122) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

2010/10/03 14:48:15.0000 VBoxNetFlt (b3da4bc8f82ae0fba2374b6529af813b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

2010/10/03 14:48:15.0042 VBoxUSB (540064ae131ca9b01b96a56370b4d2cc) C:\Windows\system32\Drivers\VBoxUSB.sys

2010/10/03 14:48:15.0094 VBoxUSBMon (cb45d97364ae93308853159b7cdc7d23) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

2010/10/03 14:48:15.0111 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/03 14:48:15.0133 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/03 14:48:15.0151 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/10/03 14:48:15.0163 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/03 14:48:15.0179 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/03 14:48:15.0210 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/10/03 14:48:15.0221 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/10/03 14:48:15.0233 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/03 14:48:15.0255 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/10/03 14:48:15.0282 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/03 14:48:15.0321 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys

2010/10/03 14:48:15.0348 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys

2010/10/03 14:48:15.0387 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys

2010/10/03 14:48:15.0425 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys

2010/10/03 14:48:15.0451 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/03 14:48:15.0472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/10/03 14:48:15.0534 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys

2010/10/03 14:48:15.0582 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/03 14:48:15.0615 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 14:48:15.0630 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 14:48:15.0693 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/10/03 14:48:15.0722 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/03 14:48:15.0771 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/03 14:48:15.0792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/10/03 14:48:15.0844 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/10/03 14:48:15.0868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/03 14:48:15.0891 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/03 14:48:15.0920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/10/03 14:48:15.0947 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/03 14:48:16.0018 ================================================================================

2010/10/03 14:48:16.0018 Scan finished

2010/10/03 14:48:16.0018 ================================================================================

Link to post
Share on other sites

We'll keep trying :welcome:

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Ok so I ran into numerous issues. Firstly I can't find a java icon in the control panel for windows 7 or any reference to it. Proceeded with ATF cleaner which worked fine. Combofix however says it's only compatible with XP and 2000 and wont run. Vista then says do you want to try again with settings that would be more compatible. Is that a good idea?

Vista still seems to be working fine.

Link to post
Share on other sites

Ok so I ran into numerous issues. Firstly I can't find a java icon in the control panel for windows 7 or any reference to it. Proceeded with ATF cleaner which worked fine. Combofix however says it's only compatible with XP and 2000 and wont run. Vista then says do you want to try again with settings that would be more compatible. Is that a good idea?

Vista still seems to be working fine.

The only time I've seen CF not run is when the OS is 64bit.

I don't know what the results will be if you run Combofix in this situation.

It's your call.

Link to post
Share on other sites

No sorry apparently a misexplanation on my part., I havent tried Linux, because I have a lack of experience with it. Windows 7 works fine, and on XP when you log on desktop doesn't load it's just a blank background I cant access explorer or my USB drive or anything. It comes up with errors when you try to run explorer from task manager.

Link to post
Share on other sites

When I run the command it says "it refers to a location that is unavailable. It may be on a hard drive of the computer or a network check everything is properly connected etc". Because the home hard drive for the XP partition is I:, I tried that as well but it says this time "Windows cannot access the specified path device or file. You may not have appropriate permissions"

Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Link to post
Share on other sites

Good news the icons have reappeared. :welcome:

ComboFix 10-10-02.02 - Will 03/10/2010 15:55:24.1.8 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2587 [GMT 1:00]

Running from: d:\combofix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of i:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - i:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of i:\windows\explorer.exe was found and disinfected

Restored copy from - i:\windows\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))

.

2010-10-03 11:19 . 2010-06-10 21:34 1305306 ----a-w- i:\temp\EasyBCD 2.0 Beta - Build 100.exe

2010-10-03 10:49 . 2010-10-03 10:49 162896 ----a-w- i:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-10-03 10:41 . 2010-10-03 10:41 -------- d-----w- i:\documents and settings\Will\Application Data\Malwarebytes

2010-10-03 10:02 . 2010-09-07 14:52 165584 ----a-w- i:\windows\system32\drivers\aswSP.sys

2010-10-03 10:02 . 2010-09-07 14:47 17744 ----a-w- i:\windows\system32\drivers\aswFsBlk.sys

2010-10-03 10:02 . 2010-09-07 14:47 23376 ----a-w- i:\windows\system32\drivers\aswRdr.sys

2010-10-03 10:02 . 2010-09-07 14:52 46672 ----a-w- i:\windows\system32\drivers\aswTdi.sys

2010-10-03 10:02 . 2010-09-07 14:47 100176 ----a-w- i:\windows\system32\drivers\aswmon2.sys

2010-10-03 10:02 . 2010-09-07 14:47 94544 ----a-w- i:\windows\system32\drivers\aswmon.sys

2010-10-03 10:02 . 2010-09-07 14:46 28880 ----a-w- i:\windows\system32\drivers\aavmker4.sys

2010-10-03 10:02 . 2010-09-07 15:12 38848 ----a-w- i:\windows\avastSS.scr

2010-10-03 10:02 . 2010-09-07 15:11 167592 ----a-w- i:\windows\system32\aswBoot.exe

2010-10-03 10:02 . 2010-10-03 10:02 -------- d-----w- i:\documents and settings\All Users\Application Data\Alwil Software

2010-10-03 09:57 . 2010-10-03 09:57 503808 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\msvcp71.dll

2010-10-03 09:57 . 2010-10-03 09:57 499712 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\jmc.dll

2010-10-03 09:57 . 2010-10-03 09:57 348160 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\msvcr71.dll

2010-10-03 09:57 . 2010-10-03 09:57 61440 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d66adb7-n\decora-sse.dll

2010-10-03 09:57 . 2010-10-03 09:57 12800 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d66adb7-n\decora-d3d.dll

2010-10-01 23:46 . 2010-10-01 23:46 -------- d-----w- i:\documents and settings\Dom\Application Data\1F8710F0DC232493BB0CB8F4CCE551A4

2010-09-29 16:25 . 2010-09-29 16:25 664 ----a-w- i:\windows\system32\d3d9caps.dat

2010-09-21 21:45 . 2010-09-21 21:45 47876 ----a-w- i:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-09-15 17:38 . 2010-10-03 10:51 -------- d-----w- i:\windows\Sun

2010-09-10 13:39 . 2010-09-10 13:40 3310 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe

2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe

2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe

2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe

2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe

2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe

2010-09-10 13:39 . 2010-09-10 13:39 -------- d-----w- i:\program files\Power Tab Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-03 10:51 . 2010-04-03 09:29 -------- d-----w- i:\program files\Common Files\doubleTwist

2010-10-03 10:35 . 2010-01-04 13:33 -------- d-----w- i:\program files\doubleTwist 2.0

2010-10-03 10:02 . 2009-12-28 13:15 -------- d-----w- i:\program files\Alwil Software

2010-10-03 09:54 . 2010-04-05 00:38 0 ----a-w- i:\documents and settings\Dom\Local Settings\Application Data\prvlcl.dat

2010-10-03 09:51 . 2009-12-29 09:31 71152 ----a-w- i:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-10-02 23:02 . 2010-07-21 21:04 -------- d-----w- i:\documents and settings\Dom\Application Data\Skype

2010-10-02 21:29 . 2010-08-12 09:53 -------- d-----w- i:\documents and settings\Dom\Application Data\LimeWire

2010-10-02 21:29 . 2009-12-30 19:03 -------- d-----w- i:\program files\Steam

2010-10-02 19:21 . 2010-07-21 21:06 -------- d-----w- i:\documents and settings\Dom\Application Data\skypePM

2010-10-02 14:01 . 2010-01-04 12:36 -------- d-----w- i:\documents and settings\Dom\Application Data\Upxina

2010-10-01 23:50 . 2010-07-02 22:22 -------- d-----w- i:\documents and settings\Dom\Application Data\Avaf

2010-10-01 22:13 . 2009-12-30 17:41 -------- d-----w- i:\documents and settings\Dom\Application Data\Spotify

2010-10-01 12:55 . 2010-01-05 22:27 -------- d-----w- i:\documents and settings\Dom\Application Data\vlc

2010-09-30 23:31 . 2010-07-22 19:39 -------- d-----w- i:\documents and settings\Dom\Application Data\dvdcss

2010-09-29 23:15 . 2010-07-28 22:17 -------- d-----w- i:\program files\StarCraft II

2010-09-12 19:33 . 2010-01-05 12:09 71152 ----a-w- i:\documents and settings\Dom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-29 16:42 . 2010-08-29 16:42 -------- d-----w- i:\program files\Free WMA to MP3 Converter

2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\documents and settings\Dom\Application Data\Malwarebytes

2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware

2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-17 13:17 . 2008-04-14 05:42 58880 ----a-w- i:\windows\system32\spoolsv.exe

2010-08-14 00:08 . 2010-08-14 00:08 503808 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\msvcp71.dll

2010-08-14 00:08 . 2010-08-14 00:08 499712 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\jmc.dll

2010-08-14 00:08 . 2010-08-14 00:08 348160 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\msvcr71.dll

2010-08-14 00:08 . 2010-08-14 00:08 61440 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e318e18-n\decora-sse.dll

2010-08-14 00:08 . 2010-08-14 00:08 12800 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e318e18-n\decora-d3d.dll

2010-08-12 09:52 . 2010-08-12 09:52 -------- d-----w- i:\program files\Common Files\Java

2010-08-12 09:51 . 2010-08-12 09:52 411368 ----a-w- i:\windows\system32\deploytk.dll

2010-08-12 09:51 . 2010-08-12 09:51 -------- d-----w- i:\program files\Java

2010-08-10 00:34 . 2010-08-10 00:31 -------- d-----w- i:\program files\Lame for Audacity

2010-08-06 16:04 . 2010-07-28 22:17 -------- d-----w- i:\program files\Common Files\Blizzard Entertainment

2010-08-04 21:41 . 2010-08-04 21:41 6656 ----a-w- i:\windows\system32\drivers\iPodDrv.sys

2010-07-26 23:55 . 2010-07-26 23:55 57344 ----a-w- i:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-26 23:51 . 2010-07-26 23:51 144696 ----a-w- i:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-07-26 23:51 . 2010-07-26 23:52 895256 ----a-w- i:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-22 15:49 . 2008-04-14 05:42 590848 ----a-w- i:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-12-29 12:31 5120 ----a-w- i:\windows\system32\xpsp4res.dll

2010-07-21 21:06 . 2010-07-21 21:06 56 ---ha-w- i:\windows\system32\ezsidmv.dat

2010-07-08 20:57 . 2010-07-08 20:57 655360 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-07-08 20:57 . 2010-07-08 20:57 282624 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-07-08 20:57 . 2010-07-08 20:57 208896 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"doubleTwist"="i:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe" [2010-09-18 24576]

"OfficeSyncProcess"="i:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-11-03 649072]

"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="i:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]

"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"BCSSync"="i:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]

"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="i:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"avast5"="i:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

i:\documents and settings\Dom\Start Menu\Programs\Startup\

Impulse Now.lnk - i:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-12-9 468272]

LimeWire On Startup.lnk - i:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]

i:\documents and settings\Will\Start Menu\Programs\Startup\

Microsoft SharePoint Workspace.lnk - i:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

i:\documents and settings\All Users\Start Menu\Programs\Startup\

OfficeSAS.lnk - i:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"i:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

"i:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

R1 aswSP;aswSP;i:\windows\system32\drivers\aswSP.sys [03/10/2010 11:02 165584]

R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [03/10/2010 11:02 17744]

R2 iPodDrv;iPodDrv;i:\windows\system32\drivers\iPodDrv.sys [04/08/2010 22:41 6656]

R3 osppsvc;Office Software Protection Platform;i:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136]

S0 tyteplj;tyteplj; [x]

S3 Ambfilt;Ambfilt;i:\windows\system32\drivers\Ambfilt.sys [28/12/2009 13:57 1684736]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;i:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 11:22 30603640]

.

Contents of the 'Scheduled Tasks' folder

2010-10-02 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1214440339-839522115-1003Core.job

- i:\documents and settings\Dom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 21:13]

2010-10-03 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1214440339-839522115-1003UA.job

- i:\documents and settings\Dom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 21:13]

2010-10-03 i:\windows\Tasks\User_Feed_Synchronization-{D601A4EC-A0C0-4ADB-A6F6-BB4E9DEFFF47}.job

- i:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - i:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - i:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - i:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\p50ms8i9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=

FF - plugin: i:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: i:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: i:\program files\Common Files\doubleTwist\NPPodcast.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-nwiz - nwiz.exe

AddRemove-Half Scale DC_is1 - c:\program files\THQ\Dawn of War - Dark Crusade\Half_Scale\uninstall\unins000.exe

AddRemove-NVIDIA Display Control Panel - i:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-03 16:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3820)

i:\windows\system32\WININET.dll

i:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

i:\windows\system32\ieframe.dll

i:\windows\system32\webcheck.dll

i:\windows\system32\WPDShServiceObj.dll

i:\windows\system32\PortableDeviceTypes.dll

i:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

i:\windows\system32\nvsvc32.exe

i:\program files\Alwil Software\Avast5\AvastSvc.exe

i:\program files\Java\jre6\bin\jqs.exe

i:\program files\CDBurnerXP\NMSAccessU.exe

i:\windows\system32\RUNDLL32.EXE

i:\windows\RTHDCPL.EXE

i:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe

.

**************************************************************************

.

Completion time: 2010-10-03 16:02:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-03 15:02

Pre-Run: 125,812,846,592 bytes free

Post-Run: 128,154,673,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 811B7C84AB37BF72ED2CFA74F79E5364

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.