Jump to content

Recommended Posts

My computer redirects on google links. Every 20-30 minutes or so my McAfee blocks a trojan, followed by it asking me if I want to allow different programs access. My Scotty is asking for new Win-32 permissions. And the computer won't restart without doing a hard restart. I have added all of the files you asked for.

Thank you,

Rae

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Raven at 15:42:07.20 on Mon 03/28/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.449 [GMT -4:00]

.

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

svchost.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Raven\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File

uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [EPSON Stylus Photo R260 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatibna.exe /fu "c:\windows\temp\E_S109.tmp" /EF "HKCU"

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [showLOMControl] 1 (0x1)

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: gengoff - c:\documents and settings\networkservice\local settings\application data\gengoff.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\raven\applic~1\mozilla\firefox\profiles\0sxrxfnd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-25 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-8-25 359952]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-8-25 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-8-25 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-8-25 40552]

S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providercomcast\bin\tgsrvc.exe [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-8-25 34248]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-03-23 04:37:47 -------- d-----w- C:\Adobe

2011-03-16 18:50:38 -------- d-----w- c:\docume~1\raven\applic~1\Ucbu

2011-03-16 18:50:38 -------- d-----w- c:\docume~1\raven\applic~1\Kywo

2011-03-14 16:56:59 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe

2011-03-14 16:56:59 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll

2011-03-14 16:56:59 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-03-14 16:56:59 646104 ----a-w- c:\program files\mozilla firefox\nss3.dll

2011-03-14 16:56:59 343000 ----a-w- c:\program files\mozilla firefox\nssckbi.dll

2011-03-14 16:56:59 249856 ----a-w- c:\program files\mozilla firefox\freebl3.dll

2011-03-14 16:56:59 203736 ----a-w- c:\program files\mozilla firefox\nspr4.dll

2011-03-14 16:56:59 1018328 ----a-w- c:\program files\mozilla firefox\js3250.dll

2011-03-14 16:56:58 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2011-03-14 16:56:58 107480 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2011-03-13 15:12:53 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-03-13 15:12:53 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-11 20:34:42 -------- d-----w- c:\docume~1\raven\applic~1\Osyfsi

2011-02-28 22:14:13 315392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp083.dll

2011-02-28 22:14:13 121344 ----a-w- c:\windows\system32\hpf3l083.dll

2011-02-28 22:12:35 -------- d-----w- c:\program files\common files\HP

2011-02-28 22:11:11 598016 ----a-w- c:\windows\system32\hpost_d02a.dll

2011-02-28 22:11:11 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2011-02-28 22:11:11 309760 ----a-w- c:\windows\system32\difxapi.dll

2011-02-28 22:11:11 307200 ----a-w- c:\windows\system32\hposc_d02a.dll

2011-02-28 22:11:10 737280 ----a-w- c:\windows\system32\hposwia_d02a.dll

.

==================== Find3M ====================

.

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-25 02:44:54 205 ----a-w- c:\windows\system32\lsprst7.dll

2011-01-25 02:44:54 1025 ----a-w- c:\windows\system32\sysprs7.dll

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2006-12-10 19:32:40 1519800 -c----w- c:\program files\dMC-r10.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK8032GAX rev.AD002D -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870F8439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870fe7d0]; MOV EAX, [0x870fe84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x87111AB8]

3 CLASSPNP[0xF7627FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8716A3D0]

\Driver\atapi[0x8710F258] -> IRP_MJ_CREATE -> 0x870F8439

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK8032GAX_______________________AD002D__#5&14994f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x870F827F

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 15:46:25.51 ===============

Attach (1).zip

mbam-log-2011-03-28 (16-53-37).txt

Link to post
Share on other sites

Welcome to the forum.

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory and look something like this:

TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt

---------------------------------------

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)

[*]ComboFix must be run from an Administrative account.

[*]Vista and W7 users - Right click, choose "Run as Administrator"

[*]It must be downloaded to and run from your desktop.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1

[*]Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.

More info HERE<-------

They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.

[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix and Here

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Dear Mr. C,

Thank you for helping me. I know that you are a volunteer and do this simply out of the goodness of your heart.

When I try to run combofix it says "Warning Combofix cannot run when AVG is installed. This is due to AVG's targeting of combofix's files/processes. It would be dangerous to continue. Please uninstall AVG or use another tool. But I don't have AVG. I have McAfee. I had AVG in 2009, but have switched. What should I do.

I did run the other Kaspersky tool. Here is the log. It did cure one thing.

2011/03/28 23:37:35.0093 1140 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/28 23:37:35.0281 1140 ================================================================================

2011/03/28 23:37:35.0281 1140 SystemInfo:

2011/03/28 23:37:35.0281 1140

2011/03/28 23:37:35.0281 1140 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/28 23:37:35.0281 1140 Product type: Workstation

2011/03/28 23:37:35.0281 1140 ComputerName: BOOBOO

2011/03/28 23:37:35.0281 1140 UserName: Raven

2011/03/28 23:37:35.0281 1140 Windows directory: C:\WINDOWS

2011/03/28 23:37:35.0281 1140 System windows directory: C:\WINDOWS

2011/03/28 23:37:35.0281 1140 Processor architecture: Intel x86

2011/03/28 23:37:35.0281 1140 Number of processors: 1

2011/03/28 23:37:35.0281 1140 Page size: 0x1000

2011/03/28 23:37:35.0281 1140 Boot type: Normal boot

2011/03/28 23:37:35.0281 1140 ================================================================================

2011/03/28 23:37:36.0125 1140 Initialize success

Link to post
Share on other sites

Is this the log?

2011/03/28 23:09:15.0875 3392 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/28 23:09:17.0875 3392 ================================================================================

2011/03/28 23:09:17.0875 3392 SystemInfo:

2011/03/28 23:09:17.0875 3392

2011/03/28 23:09:17.0875 3392 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/28 23:09:17.0875 3392 Product type: Workstation

2011/03/28 23:09:17.0875 3392 ComputerName: BOOBOO

2011/03/28 23:09:17.0875 3392 UserName: Raven

2011/03/28 23:09:17.0875 3392 Windows directory: C:\WINDOWS

2011/03/28 23:09:17.0875 3392 System windows directory: C:\WINDOWS

2011/03/28 23:09:17.0875 3392 Processor architecture: Intel x86

2011/03/28 23:09:17.0875 3392 Number of processors: 1

2011/03/28 23:09:17.0875 3392 Page size: 0x1000

2011/03/28 23:09:17.0875 3392 Boot type: Normal boot

2011/03/28 23:09:17.0875 3392 ================================================================================

2011/03/28 23:09:19.0421 3392 Initialize success

2011/03/28 23:09:33.0562 4144 ================================================================================

2011/03/28 23:09:33.0562 4144 Scan started

2011/03/28 23:09:33.0562 4144 Mode: Manual;

2011/03/28 23:09:33.0562 4144 ================================================================================

2011/03/28 23:09:34.0796 4144 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/03/28 23:09:35.0125 4144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/28 23:09:35.0328 4144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/28 23:09:35.0453 4144 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/03/28 23:09:35.0968 4144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/28 23:09:36.0140 4144 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/03/28 23:09:36.0515 4144 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/28 23:09:36.0687 4144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/03/28 23:09:36.0750 4144 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/03/28 23:09:36.0843 4144 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/03/28 23:09:37.0234 4144 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/03/28 23:09:37.0468 4144 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/03/28 23:09:37.0703 4144 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/03/28 23:09:38.0015 4144 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/03/28 23:09:38.0125 4144 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/03/28 23:09:38.0234 4144 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/03/28 23:09:38.0468 4144 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/03/28 23:09:39.0093 4144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/28 23:09:39.0250 4144 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/03/28 23:09:39.0640 4144 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/03/28 23:09:39.0859 4144 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/03/28 23:09:40.0234 4144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/28 23:09:40.0328 4144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2011/03/28 23:09:40.0421 4144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/28 23:09:40.0484 4144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/28 23:09:40.0593 4144 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/03/28 23:09:40.0968 4144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/28 23:09:41.0062 4144 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/28 23:09:41.0109 4144 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/28 23:09:41.0203 4144 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

2011/03/28 23:09:41.0593 4144 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

2011/03/28 23:09:41.0859 4144 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

2011/03/28 23:09:42.0453 4144 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/03/28 23:09:42.0500 4144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/28 23:09:42.0578 4144 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/03/28 23:09:42.0828 4144 CdaD10BA (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\system32\drivers\CdaD10BA.SYS

2011/03/28 23:09:43.0265 4144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/28 23:09:43.0359 4144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/28 23:09:43.0406 4144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/28 23:09:43.0500 4144 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/03/28 23:09:43.0984 4144 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/28 23:09:44.0187 4144 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/03/28 23:09:44.0406 4144 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/28 23:09:44.0500 4144 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/03/28 23:09:44.0625 4144 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/03/28 23:09:44.0718 4144 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/03/28 23:09:45.0125 4144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/28 23:09:45.0250 4144 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/03/28 23:09:45.0546 4144 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/03/28 23:09:45.0890 4144 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/03/28 23:10:18.0828 4144 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/03/28 23:10:20.0953 4144 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/03/28 23:10:21.0812 4144 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/03/28 23:10:22.0734 4144 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/03/28 23:10:23.0734 4144 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/03/28 23:10:24.0671 4144 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/03/28 23:10:26.0390 4144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/28 23:10:27.0500 4144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/03/28 23:10:28.0187 4144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/28 23:10:28.0531 4144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/28 23:10:29.0109 4144 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/03/28 23:10:29.0921 4144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/28 23:10:30.0656 4144 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/03/28 23:10:31.0265 4144 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/03/28 23:10:31.0906 4144 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/03/28 23:10:32.0531 4144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/28 23:10:33.0203 4144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/28 23:10:33.0765 4144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/28 23:10:34.0593 4144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/28 23:10:35.0515 4144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/28 23:10:37.0296 4144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/28 23:10:38.0234 4144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/28 23:10:39.0062 4144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/03/28 23:10:39.0968 4144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/28 23:10:40.0796 4144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/28 23:10:41.0656 4144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/28 23:10:42.0375 4144 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/03/28 23:10:42.0671 4144 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/03/28 23:10:42.0890 4144 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/03/28 23:10:43.0296 4144 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/03/28 23:10:44.0031 4144 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/03/28 23:10:44.0984 4144 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/03/28 23:10:45.0843 4144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/28 23:10:46.0468 4144 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/03/28 23:10:46.0843 4144 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/03/28 23:10:47.0250 4144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/28 23:10:48.0718 4144 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/03/28 23:10:51.0156 4144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/28 23:10:52.0421 4144 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/03/28 23:10:53.0406 4144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/28 23:10:54.0484 4144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/28 23:10:55.0234 4144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/28 23:10:56.0296 4144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/28 23:10:57.0406 4144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/28 23:10:58.0515 4144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/28 23:10:59.0250 4144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/28 23:11:00.0265 4144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/28 23:11:00.0875 4144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/28 23:11:01.0859 4144 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

2011/03/28 23:11:02.0906 4144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/28 23:11:03.0765 4144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/03/28 23:11:04.0046 4144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/28 23:11:04.0234 4144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/28 23:11:05.0000 4144 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/03/28 23:11:05.0140 4144 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/03/28 23:11:05.0484 4144 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/03/28 23:11:06.0125 4144 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/03/28 23:11:06.0953 4144 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/03/28 23:11:08.0078 4144 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

2011/03/28 23:11:09.0109 4144 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/03/28 23:11:10.0265 4144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/28 23:11:11.0390 4144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/28 23:11:12.0500 4144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/28 23:11:13.0375 4144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/28 23:11:14.0546 4144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/28 23:11:15.0656 4144 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys

2011/03/28 23:11:16.0843 4144 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/03/28 23:11:17.0531 4144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/28 23:11:18.0234 4144 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/28 23:11:19.0125 4144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/28 23:11:20.0109 4144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/28 23:11:20.0843 4144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/28 23:11:21.0640 4144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/28 23:11:22.0296 4144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/28 23:11:22.0843 4144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/28 23:11:23.0765 4144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/28 23:11:24.0328 4144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/28 23:11:24.0796 4144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/28 23:11:25.0218 4144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/28 23:11:25.0812 4144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/28 23:11:26.0421 4144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/28 23:11:26.0531 4144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/28 23:11:27.0171 4144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/28 23:11:28.0281 4144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/28 23:11:29.0343 4144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/28 23:11:29.0796 4144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/28 23:11:30.0125 4144 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/03/28 23:11:30.0593 4144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/28 23:11:31.0078 4144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/28 23:11:31.0734 4144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/28 23:11:32.0250 4144 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/03/28 23:11:32.0765 4144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/28 23:11:33.0078 4144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/28 23:11:33.0968 4144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/28 23:11:34.0781 4144 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/03/28 23:11:35.0843 4144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/28 23:11:37.0953 4144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/28 23:11:40.0328 4144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/28 23:11:46.0109 4144 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/03/28 23:11:47.0703 4144 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/03/28 23:11:49.0000 4144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/28 23:11:49.0593 4144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/28 23:11:49.0796 4144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/28 23:11:50.0031 4144 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/28 23:11:50.0312 4144 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/03/28 23:11:50.0578 4144 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/03/28 23:11:50.0781 4144 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/03/28 23:11:50.0937 4144 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/03/28 23:11:51.0078 4144 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/03/28 23:11:51.0328 4144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/28 23:11:51.0562 4144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/28 23:11:51.0703 4144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/28 23:11:51.0828 4144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/28 23:11:51.0984 4144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/28 23:11:52.0343 4144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/28 23:11:52.0609 4144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/28 23:11:52.0843 4144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/28 23:11:53.0046 4144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/28 23:11:53.0250 4144 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/03/28 23:11:53.0375 4144 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/03/28 23:11:53.0828 4144 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/03/28 23:11:54.0062 4144 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/03/28 23:11:54.0437 4144 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/03/28 23:11:54.0750 4144 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/03/28 23:11:55.0062 4144 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/03/28 23:11:55.0390 4144 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/03/28 23:11:55.0515 4144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/28 23:11:55.0687 4144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/28 23:11:55.0781 4144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/28 23:11:55.0906 4144 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/03/28 23:11:55.0984 4144 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/03/28 23:11:56.0093 4144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/28 23:11:56.0312 4144 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/03/28 23:11:56.0500 4144 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/03/28 23:11:56.0656 4144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/28 23:11:56.0781 4144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/28 23:11:56.0984 4144 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/28 23:11:57.0390 4144 STHDA (0467a93b1e7fda167e01fdec79783154) C:\WINDOWS\system32\drivers\sthda.sys

2011/03/28 23:11:57.0718 4144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/28 23:11:57.0843 4144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/28 23:11:57.0984 4144 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys

2011/03/28 23:11:58.0234 4144 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys

2011/03/28 23:11:58.0671 4144 SWNC5E00 (f797787d579e1a9396d2e416240a2259) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

2011/03/28 23:11:59.0109 4144 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/03/28 23:11:59.0296 4144 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/03/28 23:11:59.0578 4144 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/03/28 23:11:59.0718 4144 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/03/28 23:12:00.0156 4144 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/03/28 23:12:00.0468 4144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/28 23:12:01.0015 4144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/28 23:12:01.0250 4144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/28 23:12:01.0484 4144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/28 23:12:02.0343 4144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/28 23:12:03.0062 4144 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/03/28 23:12:03.0421 4144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/28 23:12:03.0687 4144 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/03/28 23:12:04.0171 4144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/28 23:12:04.0421 4144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/28 23:12:04.0640 4144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/28 23:12:04.0781 4144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/28 23:12:04.0921 4144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/28 23:12:05.0046 4144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/28 23:12:05.0312 4144 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2011/03/28 23:12:05.0468 4144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/28 23:12:05.0546 4144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/28 23:12:05.0671 4144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/28 23:12:05.0796 4144 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/03/28 23:12:05.0890 4144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/28 23:12:06.0343 4144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/28 23:12:07.0046 4144 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2011/03/28 23:12:08.0421 4144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/28 23:12:08.0515 4144 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/03/28 23:12:08.0671 4144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/28 23:12:09.0234 4144 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/03/28 23:12:10.0062 4144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/03/28 23:12:10.0437 4144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/03/28 23:12:10.0562 4144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/28 23:12:11.0031 4144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/28 23:12:11.0296 4144 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/28 23:12:11.0296 4144 ================================================================================

2011/03/28 23:12:11.0296 4144 Scan finished

2011/03/28 23:12:11.0296 4144 ================================================================================

2011/03/28 23:12:11.0421 0220 Detected object count: 1

2011/03/28 23:28:47.0796 0220 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/03/28 23:28:47.0796 0220 \HardDisk0 - ok

2011/03/28 23:28:47.0796 0220 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/03/28 23:29:00.0234 4132 Deinitialize success

Link to post
Share on other sites

Yes that's the one, please delete your copy of TDSSKiller and download and run a fresh copy, let me know if it finds anything.

-------------------------------------

Then download and run this uninstaller for AVG:

http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

Reboot and download a fresh copy of ComboFix and run it, MrC

Link to post
Share on other sites

Mr. C,

When I try to open the AVG remover tool a warning window pops up and says C:\Documents and settings\raven\desktop\avgremoverx64.exe is not a valid Win32 application. Therefore the program will not run. The Kaspersky log is attached.

Raven

Kaspersky

2011/03/30 12:55:38.0875 1456 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/30 12:55:39.0062 1456 ================================================================================

2011/03/30 12:55:39.0062 1456 SystemInfo:

2011/03/30 12:55:39.0062 1456

2011/03/30 12:55:39.0062 1456 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/30 12:55:39.0062 1456 Product type: Workstation

2011/03/30 12:55:39.0062 1456 ComputerName: BOOBOO

2011/03/30 12:55:39.0062 1456 UserName: Raven

2011/03/30 12:55:39.0062 1456 Windows directory: C:\WINDOWS

2011/03/30 12:55:39.0062 1456 System windows directory: C:\WINDOWS

2011/03/30 12:55:39.0062 1456 Processor architecture: Intel x86

2011/03/30 12:55:39.0062 1456 Number of processors: 1

2011/03/30 12:55:39.0062 1456 Page size: 0x1000

2011/03/30 12:55:39.0062 1456 Boot type: Normal boot

2011/03/30 12:55:39.0062 1456 ================================================================================

2011/03/30 12:55:40.0000 1456 Initialize success

2011/03/30 12:55:43.0312 3652 ================================================================================

2011/03/30 12:55:43.0312 3652 Scan started

2011/03/30 12:55:43.0312 3652 Mode: Manual;

2011/03/30 12:55:43.0312 3652 ================================================================================

2011/03/30 12:55:46.0687 3652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/03/30 12:55:47.0078 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/30 12:55:47.0187 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/30 12:55:47.0281 3652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/03/30 12:55:47.0734 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/30 12:55:47.0828 3652 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/03/30 12:55:48.0312 3652 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/30 12:55:48.0375 3652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/03/30 12:55:48.0515 3652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/03/30 12:55:48.0625 3652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/03/30 12:55:49.0015 3652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/03/30 12:55:49.0234 3652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/03/30 12:55:49.0609 3652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/03/30 12:55:49.0875 3652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/03/30 12:55:49.0984 3652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/03/30 12:55:50.0234 3652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/03/30 12:55:50.0515 3652 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/03/30 12:55:51.0125 3652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/30 12:55:51.0250 3652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/03/30 12:55:51.0843 3652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/03/30 12:55:52.0046 3652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/03/30 12:55:52.0421 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/30 12:55:52.0515 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2011/03/30 12:55:52.0609 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/30 12:55:52.0687 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/30 12:55:52.0781 3652 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/03/30 12:55:53.0171 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/30 12:55:53.0281 3652 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/30 12:55:53.0312 3652 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/30 12:55:53.0421 3652 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

2011/03/30 12:55:53.0906 3652 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

2011/03/30 12:55:54.0187 3652 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

2011/03/30 12:55:54.0937 3652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/03/30 12:55:54.0984 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/30 12:55:55.0062 3652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/03/30 12:55:55.0453 3652 CdaD10BA (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\system32\drivers\CdaD10BA.SYS

2011/03/30 12:55:55.0906 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/30 12:55:56.0093 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/30 12:55:56.0140 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/30 12:55:57.0125 3652 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/03/30 12:55:59.0062 3652 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/30 12:56:00.0312 3652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/03/30 12:56:00.0906 3652 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/30 12:56:01.0062 3652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/03/30 12:56:01.0234 3652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/03/30 12:56:01.0453 3652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/03/30 12:56:02.0062 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/30 12:56:02.0906 3652 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/03/30 12:56:03.0671 3652 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/03/30 12:56:04.0578 3652 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/03/30 12:56:05.0062 3652 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/03/30 12:56:06.0140 3652 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/03/30 12:56:06.0968 3652 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/03/30 12:56:07.0468 3652 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/03/30 12:56:07.0921 3652 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/03/30 12:56:08.0703 3652 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/03/30 12:56:10.0343 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/30 12:56:11.0250 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/03/30 12:56:11.0750 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/30 12:56:12.0125 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/30 12:56:12.0359 3652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/03/30 12:56:12.0453 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/30 12:56:12.0531 3652 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/03/30 12:56:12.0812 3652 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/03/30 12:56:14.0046 3652 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/03/30 12:56:15.0453 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/30 12:56:16.0031 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/30 12:56:16.0703 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/30 12:56:17.0265 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/30 12:56:17.0953 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/30 12:56:18.0312 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/30 12:56:18.0562 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/30 12:56:18.0953 3652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/03/30 12:56:19.0578 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/30 12:56:20.0484 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/30 12:56:21.0359 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/30 12:56:21.0828 3652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/03/30 12:56:22.0468 3652 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/03/30 12:56:23.0328 3652 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/03/30 12:56:23.0843 3652 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/03/30 12:56:24.0468 3652 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/03/30 12:56:25.0453 3652 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/03/30 12:56:26.0703 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/30 12:56:27.0812 3652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/03/30 12:56:28.0328 3652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/03/30 12:56:28.0875 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/30 12:56:29.0656 3652 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/03/30 12:56:30.0609 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/30 12:56:30.0875 3652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/03/30 12:56:31.0312 3652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/30 12:56:31.0375 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/30 12:56:31.0468 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/30 12:56:31.0562 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/30 12:56:31.0921 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/30 12:56:32.0375 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/30 12:56:32.0687 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/30 12:56:33.0015 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/30 12:56:33.0421 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/30 12:56:33.0906 3652 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

2011/03/30 12:56:34.0640 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/30 12:56:35.0062 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/03/30 12:56:35.0156 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/30 12:56:35.0328 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/30 12:56:35.0671 3652 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/03/30 12:56:35.0890 3652 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/03/30 12:56:36.0218 3652 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/03/30 12:56:36.0578 3652 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/03/30 12:56:37.0015 3652 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/03/30 12:56:37.0312 3652 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

2011/03/30 12:56:37.0828 3652 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/03/30 12:56:38.0312 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/30 12:56:38.0531 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/30 12:56:38.0609 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/30 12:56:38.0734 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/30 12:56:38.0843 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/30 12:56:38.0953 3652 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys

2011/03/30 12:56:39.0515 3652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/03/30 12:56:39.0890 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/30 12:56:40.0125 3652 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/30 12:56:40.0265 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/30 12:56:40.0390 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/30 12:56:40.0531 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/30 12:56:40.0734 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/30 12:56:40.0828 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/30 12:56:40.0890 3652 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/30 12:56:41.0000 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/30 12:56:41.0109 3652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/30 12:56:41.0281 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/30 12:56:41.0375 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/30 12:56:41.0515 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/30 12:56:41.0609 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/30 12:56:41.0718 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/30 12:56:41.0984 3652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/30 12:56:42.0203 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/30 12:56:42.0312 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/30 12:56:42.0500 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/30 12:56:42.0843 3652 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/03/30 12:56:43.0187 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/30 12:56:43.0265 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/30 12:56:43.0359 3652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/30 12:56:43.0453 3652 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/03/30 12:56:44.0781 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/30 12:56:44.0859 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/30 12:56:44.0937 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/30 12:56:45.0015 3652 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/03/30 12:56:45.0406 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/30 12:56:45.0515 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/30 12:56:45.0625 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/30 12:56:45.0937 3652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/03/30 12:56:46.0359 3652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/03/30 12:56:46.0562 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/30 12:56:46.0640 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/30 12:56:46.0734 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/30 12:56:46.0796 3652 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/30 12:56:46.0906 3652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/03/30 12:56:47.0078 3652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/03/30 12:56:47.0156 3652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/03/30 12:56:47.0234 3652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/03/30 12:56:47.0328 3652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/03/30 12:56:47.0406 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/30 12:56:47.0546 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/30 12:56:47.0640 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/30 12:56:47.0781 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/30 12:56:47.0843 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/30 12:56:47.0906 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/30 12:56:47.0984 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/30 12:56:48.0078 3652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/30 12:56:48.0156 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/30 12:56:48.0312 3652 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/03/30 12:56:48.0453 3652 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/03/30 12:56:49.0109 3652 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/03/30 12:56:49.0390 3652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/03/30 12:56:49.0984 3652 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/03/30 12:56:50.0109 3652 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/03/30 12:56:50.0218 3652 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/03/30 12:56:50.0343 3652 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/03/30 12:56:50.0406 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/30 12:56:50.0625 3652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/30 12:56:50.0703 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/30 12:56:50.0828 3652 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/03/30 12:56:50.0875 3652 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/03/30 12:56:50.0953 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/30 12:56:51.0125 3652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/03/30 12:56:51.0359 3652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/03/30 12:56:51.0437 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/30 12:56:51.0531 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/30 12:56:51.0640 3652 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/30 12:56:51.0796 3652 STHDA (0467a93b1e7fda167e01fdec79783154) C:\WINDOWS\system32\drivers\sthda.sys

2011/03/30 12:56:52.0296 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/30 12:56:52.0359 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/30 12:56:52.0437 3652 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys

2011/03/30 12:56:52.0718 3652 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys

2011/03/30 12:56:53.0328 3652 SWNC5E00 (f797787d579e1a9396d2e416240a2259) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

2011/03/30 12:56:54.0015 3652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/03/30 12:56:54.0281 3652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/03/30 12:56:54.0781 3652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/03/30 12:56:54.0890 3652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/03/30 12:56:55.0640 3652 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/03/30 12:56:55.0921 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/30 12:56:56.0062 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/30 12:56:56.0281 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/30 12:56:56.0343 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/30 12:56:56.0421 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/30 12:56:56.0640 3652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/03/30 12:56:56.0968 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/30 12:56:57.0031 3652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/03/30 12:56:57.0468 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/30 12:56:57.0609 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/30 12:56:57.0687 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/30 12:56:57.0765 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/30 12:56:57.0984 3652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/30 12:56:58.0046 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/30 12:56:58.0156 3652 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2011/03/30 12:56:58.0203 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/30 12:56:58.0265 3652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/30 12:56:58.0343 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/30 12:56:58.0437 3652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/03/30 12:56:58.0640 3652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/30 12:56:58.0734 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/30 12:56:59.0062 3652 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2011/03/30 12:56:59.0515 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/30 12:56:59.0625 3652 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/03/30 12:56:59.0750 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/30 12:56:59.0890 3652 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/03/30 12:57:00.0687 3652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/03/30 12:57:00.0796 3652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/03/30 12:57:00.0890 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/30 12:57:00.0968 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/30 12:57:01.0171 3652 ================================================================================

2011/03/30 12:57:01.0171 3652 Scan finished

2011/03/30 12:57:01.0187 3652 ================================================================================

Link to post
Share on other sites

Mr. C.

I received your reply. I am away from home until this evening and will take care of what you have asked. I had some college assignments to take care of and a conference south of home so I could not actively participate in this forum. I will do the removal of the avg and running of combo fix as soon as I get home tomorrow afternoon. (April 2nd)

Raven

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

You attached the OTL file twice, can you find the extras.txt and post it.

---------------

Please enable hidden files:

http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

Please find these folders and tell me if you recognize them and what's in them:

C:\Documents and Settings\Raven\Application Data\Osyfsi

C:\Documents and Settings\Raven\Application Data\Kywo

C:\Documents and Settings\Raven\Application Data\Ucbu

Do you recognize this file:

C:\Documents and Settings\Raven\My Documents\-.hs.llnwd.net

------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/03/16 12:20:08 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gengoff.dll
    [2008/02/22 08:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7(3)
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Mr. C

I have no idea what any of those files are, and most of them are blank when you open them. I could not find the extras file. Saved on my desktop are two logs; one of them is named extras and one of them is named OTL but they both appear to be the same. I did have to restart my computer after the second OTL run. Here is the log.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\gengoff.dll moved successfully.

C:\Documents and Settings\All Users\Application Data\avg7(3) folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66284 bytes

->Temporary Internet Files folder emptied: 88316695 bytes

->Java cache emptied: 4150 bytes

->Flash cache emptied: 33034 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 90870520 bytes

->Java cache emptied: 1152685 bytes

->Flash cache emptied: 61204 bytes

User: Raven

->Temp folder emptied: 6189035 bytes

->Temporary Internet Files folder emptied: 740149 bytes

->Java cache emptied: 27393170 bytes

->FireFox cache emptied: 107501031 bytes

->Flash cache emptied: 16303 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1277994 bytes

%systemroot%\System32 .tmp files removed: 3613713 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 158499924 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66802760 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 527.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_230428

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\mcmsc_DKt2NbQ124vRGUz not found!

File\Folder C:\WINDOWS\temp\mcmsc_jtGMhd5FF6UWat2 not found!

File\Folder C:\WINDOWS\temp\mcmsc_N4WpbFHrEq41AaN not found!

File\Folder C:\WINDOWS\temp\mcmsc_Uv4oFs33Rhkcn0o not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

OK, just delete these folders:

C:\Documents and Settings\Raven\Application Data\Osyfsi

C:\Documents and Settings\Raven\Application Data\Kywo

C:\Documents and Settings\Raven\Application Data\Ucbu

-----------------------

Run the AVG remover again.

----------------------

Delete your copy of ComboFix and download a fresh one to your desktop.

Then disable all your malware programs and....

Go to Start > Run > copy and paste this and hit Enter:

"%userprofile%\desktop\ComboFix.exe" /killall

Hopefully CF will run, MrC

Link to post
Share on other sites

Mr. C.

Here is the Malwarebytes. Things seem to be running better. Does that mean it is safe to put my music back on my computer? And there are a ton of processes going (like 63?). And on restart, something now has a fatal execution error.

Raven

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6281

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/5/2011 11:09:17 PM

mbam-log-2011-04-05 (23-09-17).txt

Scan type: Quick scan

Objects scanned: 162809

Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Mr. C.

Also sorry to post again so quickly before you had time to review but I wanted to make sure you had all of the information. A microsoft security update tried to install this evening and it did not. The warning screen said: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)

Thank you for your help.

Raven

Link to post
Share on other sites

Mr C.

Now I feel like I am just being obnoxious :huh: but I wanted to make sure that you have all of the information. These are the things that it says on computer restart.

First warning box

Fatal Execution Engine error (0x7927f26e)

Second warning box

McAfeeDataBackup.exe Common Language Runtime Debugging Services

Application has generated an exeption that could not be handled.

Process id = 0x7fe (2040), Thread id = 0xcdc (3292).

Click OK to terminate the application.

Click CANCEL to debug the application.

When ok clicked

Next Warning box

McAfeeDataBackup.exe - No debugger found.

Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2).

Please check computer settings.

cordbg.exe !a0x7f8

Click on Retry to have the process wait while attaching a debugger manually.

Click on Cancel to abort the JIT debug request.

Sorry for the multiple posts!!

Raven

Link to post
Share on other sites

Mr C.

Now I feel like I am just being obnoxious :huh: but I wanted to make sure that you have all of the information. These are the things that it says on computer restart.

First warning box

Fatal Execution Engine error (0x7927f26e)

Second warning box

McAfeeDataBackup.exe Common Language Runtime Debugging Services

Application has generated an exeption that could not be handled.

Process id = 0x7fe (2040), Thread id = 0xcdc (3292).

Click OK to terminate the application.

Click CANCEL to debug the application.

When ok clicked

Next Warning box

McAfeeDataBackup.exe - No debugger found.

Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2).

Please check computer settings.

cordbg.exe !a0x7f8

Click on Retry to have the process wait while attaching a debugger manually.

Click on Cancel to abort the JIT debug request.

Sorry for the multiple posts!!

Raven

Link to post
Share on other sites

Mr. C.

Thanks for the information on the Microsoft update. The McAfee website did not fix the problem. But if they have a forum and it is an issue with their product then when I am finished up here I will go to them to fix their software. (so thank you for that information as well.)

I ran another OTL log. Am I doing it wrong, because no extras log showed up again?

OTL log

OTL logfile created on: 4/6/2011 12:55:20 PM - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Raven\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 68.44 Gb Total Space | 39.88 Gb Free Space | 58.27% Space Free | Partition Type: NTFS

Drive D: | 2.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOOBOO | User Name: Raven | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 10:18:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raven\Desktop\OTL.exe

PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2010/03/16 03:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/01 14:03:52 | 000,255,552 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

PRC - [2004/10/30 16:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel

Link to post
Share on other sites

Yes, that's a good idea, post on their forum and I'm sure they'll help you.

----------------------

At some point, please update your Java: Java Plug-in 1.6.0_21 <----should be 24 Just go to your control panel > Java > click on update.

-------------------

Do you know what this folder is for:

C:\WINDOWS\System32\lozijeta

------------------

Just clean up this one:

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.