Jump to content

Fake FireFox virus


Recommended Posts

So I have a virus on my machine from a fake firefox virus, the site appears to be firefox or some sort and is not and prompts you to run a file that you need to "update" with. It was run though Removed.

As a result my internet is messed up, firefox doesn't work at all and safari works "sometimes". At first I could not even run mbam though once I renamed the file it worked successfully. However, although it removed "something" I am still encountering internet problems listed above.

I am not super computerly gifted but I can follow instructions, If you tel me how to help myself I will be greatly obliged to you =).

mbam_log_2010_11_09__16_08_27_.txt

Link to post
Share on other sites

Hello ,

And :lol: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

otl logs

OTL Extras logfile created on: 11/11/2010 1:37:33 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aaron\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 140.92 Gb Total Space | 14.81 Gb Free Space | 10.51% Space Free | Partition Type: NTFS

Drive D: | 8.13 Gb Total Space | 1.77 Gb Free Space | 21.81% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2344568684-2704006601-3431224908-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [TVersity] -- "C:\Users\Aaron\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2344568684-2704006601-3431224908-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00D930C9-6E5B-4EA9-BD7E-B8B790BB5BF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{14E8568F-B91C-49D4-AC5A-B121602E17E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1579F1A4-5B46-4810-AC6F-BA00A8BCA5A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1E6768E2-4457-4901-A9F1-8D9C95DCB7E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2C5E08DF-1111-480B-93EC-B5C942974397}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{57D0CEC6-543A-44E4-8B89-91252D25B877}" = lport=6436 | protocol=6 | dir=in | name=s |

"{61E3DE4A-5CB6-4B17-AE9F-DE1B64DE1553}" = lport=10243 | protocol=6 | dir=in | app=system |

"{62A3D13D-2691-4504-9BD7-39439CCC3BF4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7C77C7F5-7FB7-4070-983B-4C279080DF1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7F4AF2CE-B1A8-4DE6-8789-9DB5ED62F8F9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{84AA48D3-ED75-4084-BC8B-E90C90DB84A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{86C1432D-9B0C-4630-94D2-BA076963EE6B}" = lport=6436 | protocol=17 | dir=in | name=s2 |

"{89F3B0A3-1369-4E2C-AD9B-695732A2FF74}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |

"{8D0F22DD-1C64-4829-8E58-C9FE84B00EC4}" = lport=58627 | protocol=6 | dir=in | name=akamai netsession interface |

"{9061C329-BF9F-4F9F-AD8A-78464FDF153E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{9DBA4BCA-995E-4DD8-B10A-A06CCA129BFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A54936FD-E5AE-4658-B884-595A8FC617DC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A59634C4-A242-40FC-8AC0-9A242D696A0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B7E3BE11-2698-4FFB-BFC6-ED4FE328BBED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{E3FABC53-817C-45CA-957A-778BD2322C29}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EE46CF0D-88E2-45E3-93C4-486169FE5B07}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{EF10A020-6FCD-48C3-A2C4-715D2E90165A}" = rport=2869 | protocol=6 | dir=out | app=system |

"{EF7F8A75-13F5-4FD5-AF6A-26C6E5084729}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{F62DBA52-8C2D-4C31-AB8A-212E259EADC3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{FAA87345-C4A9-4D55-91DC-8BF66D97E2CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01F1661A-6391-4B32-93B2-8C695B4D43BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{03777DBC-F4DF-47DB-A2E1-0E501EE6C036}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{064FAADD-6A23-4004-890F-97B53FD7744F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{07E5408C-EB52-40D1-A00C-2B4E5BDF6C1D}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |

"{1042B9E1-EE9A-4C97-A6E4-1B02C6E1C192}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |

"{126FD227-87EF-4759-8660-175823B565CB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{12D783CB-5D53-40D0-9F65-02EEB30FD131}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{1CB5E2B2-223D-4192-BDDA-189A900AEFBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{1E6683F7-4D5E-460E-B2D5-27DA112D3999}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{2779FF5C-0C7E-43A6-B1B6-CAB27DF27FEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{28B2735D-54C3-4BE3-9E8F-5B0E650556E4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{2B6A2EF0-0D06-4637-B26C-E6D9BAC4AD2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2ECD7554-3941-4270-8341-C14114C4EE30}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{342D423E-9F8C-4F5F-BE0B-1AD2AC654045}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |

"{382CF5D5-0CA8-4F06-A05A-A9488F41206A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3C80170B-D635-4BEB-952D-A5B92961FA7D}" = protocol=17 | dir=in | app=c:\users\aaron\appdata\local\tversity\media server\mediaserver.exe |

"{40479B57-C37A-407E-A0B4-7D8866D36ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{411D0265-523C-4C23-93B2-A686144EE2E7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{5102F133-D502-4DF6-BACB-406394ACF874}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{52A238F2-8DE7-4925-AAED-3032F712B6F1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{55113A6B-67F1-416B-BD22-292F1EE32DFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{574B1267-66C7-46C7-9960-46F409DCC093}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{59D42F8F-1EF7-4439-92AD-5C64F85AF263}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{5D6D555A-F140-4AF5-8F82-02E027844F2D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |

"{6A17E915-1AC2-4160-A3C2-88FCC8DC3A2B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{6B188067-6EFF-4088-A6A6-B30C1F470E28}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{6C46419E-560D-4D5B-AF90-8128E8D2954B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{6DB72F01-0183-4126-AA4B-413197101C3D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{6DED9660-FC3E-4253-A708-B571F2E7CA1A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{72E804F2-32C9-4B31-BC2F-DACB7A2395B4}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |

"{755423AD-8A12-4656-90D6-70C85FD8BC12}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{7616326B-AF7E-4C1F-81A9-08676E16ACC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{76A1632D-F884-4AC3-A11D-046D44ADFA09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{7ACC9AB9-1B18-49E0-8D52-3CFB3FCC9933}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{7EFDE0EB-DAE0-4779-856A-4B5756558798}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7FDE4549-9416-473B-9BF0-835D09801A69}" = protocol=6 | dir=out | app=system |

"{83369F5B-992C-48EB-B8F1-05975D9F5DFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{833AFDE8-165F-4F70-82C9-48E8583A84AB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{85234553-8411-462E-9B08-FADE496514D8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{895EAFBF-4905-4861-BF03-1DEEB7F4CF98}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |

"{91B1FFDE-7645-400F-9258-1B24ABC2FF89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{996EBD35-5809-4CDD-AC96-9EA2610271C5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{9D8BCFD1-7049-4F55-9F0C-ACB0E25E3F36}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |

"{A06FF582-A532-4678-8643-E8EF33F35886}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{A07CD5B6-9B9D-40AB-9555-43055215DAA3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{A3E61AF1-A002-4E7E-B4BE-F96F7D7A1906}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{A618E181-A524-4E62-8E77-D364DE34850C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{A814F201-BCE9-4CFC-90EB-3BEEF4176D5B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |

"{B25C6024-076F-4ABF-BAA4-3C96958DD88C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B544AD84-5066-41CE-AFEB-E64E8144BD81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BAC4CE7D-700E-4C40-8502-16F319659B0D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{CDBAE7FB-A307-4CB3-976B-747B377137D0}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{CE14F7AA-7FA7-42E4-BE87-DC3258A22E54}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{CEF9A1A4-5C55-4198-8CE2-838FB26FACB7}" = protocol=6 | dir=in | app=c:\users\aaron\appdata\local\tversity\media server\mediaserver.exe |

"{D0B0AD8E-FE19-47CB-9173-72E2C3A10C58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DB47414E-7B9E-4684-86C6-D068367AA2C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{DCC57BBD-B821-4D7A-8D20-DC48D43113B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DEB11A5F-7BA1-4A2F-ADA4-A8C8234B0E58}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{E7AF50C5-A657-4342-9089-A460C572E214}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{EDB9C525-D678-48B6-A18A-1B1FECF46698}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |

"{F6105C88-3F20-4D92-A843-4565563B2226}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{F85F207A-72BA-4BC0-AD54-CE5F02FD3E58}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{F944C9D8-4205-4D25-943B-06714EA86A76}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FA9FE42F-5834-4164-A6C3-5280FE43199E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{FB014CD3-0FD4-4932-A23C-AD5D8DC5F161}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{FE6EF874-CF9A-4184-8244-BBDEA28D3126}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |

"{FF46CF62-6E20-40C9-822E-4977623C30B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{0976C046-6AC5-4A82-8C62-AA16D6A6E26B}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{17C3D69F-7943-4DA8-A4AD-5D94F2507DBE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{1B917928-09DA-42C6-9BC9-A16EF8A85E6E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{308AEDA2-1FE4-499C-AEDF-B55275E87B82}C:\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan\rohanclient.exe |

"TCP Query User{43387AB9-56DF-4FBF-A21B-54563010011F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{43AF0694-27E8-49B2-BCBB-46893F769EDE}C:\nexon\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |

"TCP Query User{4C21C24D-9332-424F-82EA-B43C0BFB9253}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{4ECE2EC1-F780-4D3C-B9E5-4433D6022099}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{505991E0-B689-42C0-9560-D8A99ACFF163}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{637DAB6F-FDD9-4227-BB60-F0A0A7742981}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=6 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe |

"TCP Query User{73E9FD67-8F99-4B2B-B6B5-6318F09171A6}C:\program files\pharos\bin\psnotify.exe" = protocol=6 | dir=in | app=c:\program files\pharos\bin\psnotify.exe |

"TCP Query User{74B02ECB-C4BB-44B8-B484-822B1B1A6817}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=6 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |

"TCP Query User{8C8B94A8-217B-4850-8BA0-AC91387B469E}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{8E38EE2E-9BCC-434C-AF3B-23C7269A9015}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{94DFDFD5-DCB6-479C-908F-9E32E826E50F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{BB4576C9-339B-4EDC-BE07-041CF80B99AA}C:\program files\xlink kai evolution vii\kailaunch.exe" = protocol=6 | dir=in | app=c:\program files\xlink kai evolution vii\kailaunch.exe |

"TCP Query User{C591C2CF-916D-4C6D-AB1A-97BC65DA1309}C:\program files\xlink kai evolution vii\kailaunch.exe" = protocol=6 | dir=in | app=c:\program files\xlink kai evolution vii\kailaunch.exe |

"TCP Query User{C6D6300F-0C66-45A3-A027-473F513B56E7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{E69727DB-C62F-4D42-98D6-FA403BA0D2AB}C:\program files\xlink kai evolution vii\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files\xlink kai evolution vii\kaiengine.exe |

"UDP Query User{0416DCFD-161A-4E57-9981-448BB5AF55D9}C:\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan\rohanclient.exe |

"UDP Query User{078FDC36-F9C7-4A35-8454-9BBB7CB1C959}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=17 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe |

"UDP Query User{0DA52971-D81D-47E7-B451-8E334A656C23}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"UDP Query User{0E9F0D5F-7166-4F5C-8A97-8099CB09EA0F}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"UDP Query User{1EDC8C96-5A62-4C65-A7E9-428A352631B4}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"UDP Query User{22346FEF-A2A8-4DE9-8098-FB5323511F69}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{28C98CFF-26C3-43D3-9440-17EC84AE919A}C:\program files\xlink kai evolution vii\kailaunch.exe" = protocol=17 | dir=in | app=c:\program files\xlink kai evolution vii\kailaunch.exe |

"UDP Query User{2ED560DC-B464-43CB-8079-D56D379F0315}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{30587AA9-850E-422C-8944-965E4711CDB0}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"UDP Query User{6F51BB46-66BE-4C01-9468-ED5148BBB753}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{72CC9821-D3E8-4A09-9BD0-B81526C4303F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

"UDP Query User{7A839E30-8EF4-4211-9548-BE532F0049CE}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{B88611B3-6EE7-42AC-A5F0-A87CC4141DC4}C:\nexon\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |

"UDP Query User{C178C598-93B4-43D2-9E1F-CDDA3C6AB84E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{C2E2899F-6D8A-4E83-BC4B-E62E172A9550}C:\program files\xlink kai evolution vii\kailaunch.exe" = protocol=17 | dir=in | app=c:\program files\xlink kai evolution vii\kailaunch.exe |

"UDP Query User{CBEDFC27-50E0-425F-9691-86B7CEF5A91E}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=17 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |

"UDP Query User{D18E7AAF-1CE2-4E7A-BB2B-C52B5F1DC3C7}C:\program files\pharos\bin\psnotify.exe" = protocol=17 | dir=in | app=c:\program files\pharos\bin\psnotify.exe |

"UDP Query User{EC194A50-2AB1-4ED3-B4BF-2DFB52755859}C:\program files\xlink kai evolution vii\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files\xlink kai evolution vii\kaiengine.exe |

"UDP Query User{FA3AB4CB-E741-4F1E-934D-516F572E03EB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0

"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java 6 Update 13

"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites

rootkit file

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8C60D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82208000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82208000 PnpManager 3903488 bytes

0x82208000 RAW 3903488 bytes

0x82208000 WMIxWDM 3903488 bytes

0x8CE04000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel

Link to post
Share on other sites

Hello, unfortunately you nave a nasty rootkit infection. Before starting the cleaning process, please read this first:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Please try the following:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

2010/11/13 14:02:16.0525 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/13 14:02:16.0525 ================================================================================

2010/11/13 14:02:16.0525 SystemInfo:

2010/11/13 14:02:16.0525

2010/11/13 14:02:16.0525 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/13 14:02:16.0526 Product type: Workstation

2010/11/13 14:02:16.0526 ComputerName: AARON-PC

2010/11/13 14:02:16.0526 UserName: Aaron

2010/11/13 14:02:16.0526 Windows directory: C:\Windows

2010/11/13 14:02:16.0526 System windows directory: C:\Windows

2010/11/13 14:02:16.0526 Processor architecture: Intel x86

2010/11/13 14:02:16.0526 Number of processors: 2

2010/11/13 14:02:16.0526 Page size: 0x1000

2010/11/13 14:02:16.0526 Boot type: Normal boot

2010/11/13 14:02:16.0526 ================================================================================

2010/11/13 14:02:17.0070 Initialize success

2010/11/13 14:02:21.0351 ================================================================================

2010/11/13 14:02:21.0351 Scan started

2010/11/13 14:02:21.0351 Mode: Manual;

2010/11/13 14:02:21.0351 ================================================================================

2010/11/13 14:02:23.0473 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/11/13 14:02:23.0556 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/11/13 14:02:23.0629 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/11/13 14:02:23.0724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/11/13 14:02:23.0758 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/11/13 14:02:23.0878 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/11/13 14:02:23.0959 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2010/11/13 14:02:24.0011 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/11/13 14:02:24.0234 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/11/13 14:02:24.0766 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/11/13 14:02:24.0962 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/11/13 14:02:25.0034 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/11/13 14:02:25.0083 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/11/13 14:02:25.0175 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/11/13 14:02:25.0246 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/11/13 14:02:25.0348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/13 14:02:25.0425 atapi (92cd0ba099630135e7d64620972bb8c6) C:\Windows\system32\drivers\atapi.sys

2010/11/13 14:02:25.0426 Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: 92cd0ba099630135e7d64620972bb8c6, Fake md5: 1f05b78ab91c9075565a9d8a4b880bc4

2010/11/13 14:02:25.0432 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/11/13 14:02:25.0529 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys

2010/11/13 14:02:25.0842 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys

2010/11/13 14:02:25.0888 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys

2010/11/13 14:02:25.0953 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys

2010/11/13 14:02:26.0052 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/11/13 14:02:26.0148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/11/13 14:02:26.0340 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/13 14:02:26.0447 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/13 14:02:26.0502 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/11/13 14:02:26.0582 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/11/13 14:02:26.0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/11/13 14:02:26.0669 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/13 14:02:26.0712 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/11/13 14:02:26.0766 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/11/13 14:02:26.0863 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/13 14:02:26.0933 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/13 14:02:26.0999 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/11/13 14:02:27.0104 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/11/13 14:02:27.0203 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/13 14:02:27.0301 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/11/13 14:02:27.0556 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys

2010/11/13 14:02:27.0649 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/13 14:02:27.0721 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/13 14:02:27.0772 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/11/13 14:02:27.0894 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/11/13 14:02:28.0038 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/11/13 14:02:28.0180 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/11/13 14:02:28.0242 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/13 14:02:28.0531 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys

2010/11/13 14:02:28.0920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/11/13 14:02:29.0008 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys

2010/11/13 14:02:29.0265 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/11/13 14:02:29.0432 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/11/13 14:02:29.0708 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/11/13 14:02:29.0779 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/11/13 14:02:29.0886 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/13 14:02:30.0020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/11/13 14:02:30.0090 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/11/13 14:02:30.0142 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/13 14:02:30.0226 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/11/13 14:02:30.0366 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/13 14:02:30.0443 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/13 14:02:30.0532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/11/13 14:02:30.0885 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys

2010/11/13 14:02:31.0076 HdAudAddService (3aeee05bb25b8cc72b6e9aec0e6f394b) C:\Windows\system32\drivers\CHDART.sys

2010/11/13 14:02:31.0286 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/13 14:02:31.0511 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/11/13 14:02:31.0553 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/11/13 14:02:31.0642 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/13 14:02:31.0697 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/11/13 14:02:31.0783 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2010/11/13 14:02:31.0901 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/11/13 14:02:32.0043 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/11/13 14:02:32.0145 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/11/13 14:02:32.0222 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/11/13 14:02:32.0346 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/13 14:02:32.0554 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/11/13 14:02:32.0935 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/11/13 14:02:33.0165 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/11/13 14:02:33.0276 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/11/13 14:02:33.0357 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/11/13 14:02:33.0447 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/13 14:02:33.0516 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/13 14:02:33.0599 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/13 14:02:33.0649 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/13 14:02:33.0732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/11/13 14:02:33.0974 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/11/13 14:02:34.0055 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/13 14:02:34.0100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/11/13 14:02:34.0166 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/11/13 14:02:34.0229 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/13 14:02:34.0333 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/13 14:02:34.0487 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/13 14:02:34.0652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/13 14:02:34.0745 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/13 14:02:34.0818 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/13 14:02:34.0888 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/13 14:02:34.0962 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/11/13 14:02:35.0079 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/11/13 14:02:35.0167 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/11/13 14:02:35.0259 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/11/13 14:02:35.0357 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/13 14:02:35.0554 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

2010/11/13 14:02:35.0818 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/13 14:02:35.0867 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/13 14:02:35.0929 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/11/13 14:02:36.0020 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/11/13 14:02:36.0092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/13 14:02:36.0146 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/13 14:02:36.0204 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/13 14:02:36.0302 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/13 14:02:36.0363 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/13 14:02:36.0397 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/13 14:02:36.0447 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2010/11/13 14:02:36.0522 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/11/13 14:02:36.0700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/11/13 14:02:36.0784 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/11/13 14:02:36.0894 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/13 14:02:36.0960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/13 14:02:37.0004 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/11/13 14:02:37.0087 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/11/13 14:02:37.0205 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/13 14:02:37.0277 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/11/13 14:02:37.0423 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/11/13 14:02:37.0561 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/13 14:02:37.0680 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/11/13 14:02:37.0776 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/13 14:02:37.0880 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/13 14:02:37.0987 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/13 14:02:38.0066 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/11/13 14:02:38.0161 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/13 14:02:38.0243 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/13 14:02:38.0407 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys

2010/11/13 14:02:38.0701 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys

2010/11/13 14:02:39.0358 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

2010/11/13 14:02:39.0545 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/11/13 14:02:39.0653 nocashio (03bba4dedefb48c510061529651b453a) C:\Windows\system32\drivers\nocashio.sys

2010/11/13 14:02:39.0732 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys

2010/11/13 14:02:39.0834 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/11/13 14:02:39.0973 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/13 14:02:40.0102 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/11/13 14:02:40.0258 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/11/13 14:02:40.0348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/11/13 14:02:40.0400 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/11/13 14:02:40.0441 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/11/13 14:02:40.0478 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/11/13 14:02:40.0636 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/13 14:02:40.0728 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/11/13 14:02:40.0820 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/11/13 14:02:40.0861 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/11/13 14:02:40.0931 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/11/13 14:02:40.0991 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2010/11/13 14:02:41.0048 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/11/13 14:02:41.0198 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/11/13 14:02:41.0521 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/13 14:02:41.0588 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/11/13 14:02:41.0708 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/13 14:02:41.0869 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys

2010/11/13 14:02:41.0956 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

2010/11/13 14:02:42.0081 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/11/13 14:02:42.0157 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/11/13 14:02:42.0281 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/13 14:02:42.0336 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/13 14:02:42.0397 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/13 14:02:42.0484 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/13 14:02:42.0557 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/13 14:02:42.0640 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/13 14:02:42.0706 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/13 14:02:42.0767 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/11/13 14:02:42.0797 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/13 14:02:42.0879 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/11/13 14:02:42.0981 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/11/13 14:02:43.0039 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/11/13 14:02:43.0100 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/11/13 14:02:43.0246 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/13 14:02:43.0312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/11/13 14:02:43.0503 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2010/11/13 14:02:43.0585 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\SECDRV.SYS

2010/11/13 14:02:43.0640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/11/13 14:02:43.0691 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/11/13 14:02:43.0770 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/11/13 14:02:43.0866 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/13 14:02:43.0938 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/13 14:02:43.0997 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/13 14:02:44.0063 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/11/13 14:02:44.0142 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2010/11/13 14:02:44.0264 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/11/13 14:02:44.0431 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/11/13 14:02:44.0647 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/11/13 14:02:44.0874 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys

2010/11/13 14:02:45.0108 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/11/13 14:02:45.0228 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys

2010/11/13 14:02:45.0388 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2010/11/13 14:02:45.0434 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/13 14:02:45.0470 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/13 14:02:45.0574 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/13 14:02:45.0622 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/11/13 14:02:45.0676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/11/13 14:02:45.0728 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/11/13 14:02:45.0801 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys

2010/11/13 14:02:45.0962 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/11/13 14:02:46.0162 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/13 14:02:46.0240 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/13 14:02:46.0292 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/11/13 14:02:46.0336 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/11/13 14:02:46.0438 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/13 14:02:46.0572 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/13 14:02:46.0697 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/13 14:02:46.0771 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/13 14:02:46.0879 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/13 14:02:46.0962 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/11/13 14:02:47.0130 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/13 14:02:47.0314 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/13 14:02:47.0403 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/11/13 14:02:47.0495 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/11/13 14:02:47.0539 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/11/13 14:02:47.0610 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/13 14:02:47.0707 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/11/13 14:02:47.0808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/13 14:02:47.0889 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/11/13 14:02:47.0984 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/13 14:02:48.0096 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/13 14:02:48.0145 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/11/13 14:02:48.0256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/13 14:02:48.0315 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/11/13 14:02:48.0364 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/13 14:02:48.0490 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/13 14:02:48.0568 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2010/11/13 14:02:48.0685 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/13 14:02:48.0766 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/11/13 14:02:48.0823 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/11/13 14:02:48.0877 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/11/13 14:02:48.0927 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/11/13 14:02:49.0002 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/11/13 14:02:49.0110 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/11/13 14:02:49.0242 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/11/13 14:02:49.0316 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/11/13 14:02:49.0379 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/11/13 14:02:49.0435 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/13 14:02:49.0458 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/13 14:02:49.0525 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/11/13 14:02:50.0021 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/13 14:02:50.0276 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/11/13 14:02:50.0473 WlanUIB (4ae844465723621c882e931690c2a1cb) C:\Windows\system32\DRIVERS\MA111nd5.sys

2010/11/13 14:02:50.0575 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/13 14:02:50.0678 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/11/13 14:02:50.0745 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/13 14:02:50.0855 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/13 14:02:50.0947 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys

2010/11/13 14:02:51.0547 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\Windows\system32\Drivers\ZDPSp50.sys

2010/11/13 14:02:51.0684 ================================================================================

2010/11/13 14:02:51.0684 Scan finished

2010/11/13 14:02:51.0684 ================================================================================

2010/11/13 14:02:51.0700 Detected object count: 1

2010/11/13 14:12:07.0865 atapi (92cd0ba099630135e7d64620972bb8c6) C:\Windows\system32\drivers\atapi.sys

2010/11/13 14:12:07.0865 Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: 92cd0ba099630135e7d64620972bb8c6, Fake md5: 1f05b78ab91c9075565a9d8a4b880bc4

2010/11/13 14:12:07.0984 Backup copy found, using it..

2010/11/13 14:12:07.0992 C:\Windows\system32\drivers\atapi.sys - will be cured after reboot

2010/11/13 14:12:07.0992 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure

2010/11/13 14:12:14.0020 Deinitialize success

Link to post
Share on other sites

Hi, that is looking better now. :)

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent and LimeWire installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

I am unable to update the definitions. I receive an error, 1007,0,WinHttpSendRequest.

The link redirects to a search engine that *clearly* is not legitimate. I have tried to look at other mirrors for the update files but those run into similar problems.

I Am using a wireless network if that matters at this point to find the updates on this computer.

Link to post
Share on other sites

OTL logfile created on: 11/15/2010 10:26:40 AM - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aaron\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 48.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 140.92 Gb Total Space | 14.60 Gb Free Space | 10.36% Space Free | Partition Type: NTFS

Drive D: | 8.13 Gb Total Space | 1.77 Gb Free Space | 21.81% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 12:44:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

PRC - [2010/10/23 07:39:16 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys

PRC - [2010/10/11 19:47:56 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2010/10/07 22:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe

PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2010/08/29 11:06:55 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/08/20 15:00:18 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/07/17 17:15:04 | 000,880,640 | ---- | M] () -- C:\Users\Aaron\AppData\Local\TVersity\Media Server\MediaServer.exe

PRC - [2010/07/09 21:34:09 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe

PRC - [2009/08/22 07:32:26 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/22 07:32:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/08/22 07:32:21 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/22 07:32:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/08/22 07:32:08 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/23 01:35:14 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2008/08/01 19:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe

PRC - [2008/01/28 10:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

PRC - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe

========== Modules (SafeList) ==========

MOD - [2010/11/11 12:44:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/06/21 11:10:00 | 000,099,931 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\GamersFirst\9Dragons\GameGuard\npggNT.des

========== Win32 Services (SafeList) ==========

SRV - [2010/11/10 19:01:36 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)

SRV - [2010/10/23 07:39:16 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/17 17:15:04 | 000,880,640 | ---- | M] () [Auto | Running] -- C:\Users\Aaron\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)

SRV - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/01 09:07:00 | 003,461,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/08/22 07:32:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/08/22 07:32:08 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/03/23 01:35:14 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2008/01/28 10:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/06 12:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)

SRV - [2007/01/09 13:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZDPSp60.sys -- (ZDPSp60)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva284.sys -- (XDva284)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva281.sys -- (XDva281)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva248.sys -- (XDva248)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva224.sys -- (XDva224)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva219.sys -- (XDva219)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva075.sys -- (XDva075)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva025.sys -- (XDva025)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva020.sys -- (XDva020)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\VClone.sys -- (VClone)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\PsSdk30.drv -- (PsSdk30)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Aaron\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2009/08/22 07:32:26 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/22 07:32:26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/23 14:21:29 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/07/04 15:14:21 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41)

DRV - [2009/06/09 16:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/03/28 01:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/03/03 03:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/02/20 16:42:57 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)

DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/11/13 16:26:24 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2007/11/06 12:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2007/10/31 17:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/06/20 02:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/06/20 02:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/06/20 02:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/02/07 13:15:14 | 001,786,880 | ---- | M] (Intel

Link to post
Share on other sites

It looks like you have an infected router. Please reset it. You can do this by pushing the reset button with a small object for about 10 seconds with the router powered off.

If you are not sure how to do this, please give me your router specs or contact your ISP to ask them how to perform a router reset.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5123

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/16/2010 2:07:38 AM

mbam-log-2010-11-16 (02-07-38).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 344068

Time elapsed: 2 hour(s), 57 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Did you remove the found items? If not, please do so. Any problems left?

Lets do a last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.