Jump to content

Recommended Posts

Hi,

I am getting redirected when i open firefox and intermittently get the following error message pop up:

error message

svchost.exe - application error

the instruction at "0x2c460180" referenced memory at "0x2c460180". The memory could not be "written".

click ok to terminate program.

Would yo be kind enough to please help me.

best regards,

john

Link to post
Share on other sites

Hello erasmus

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

OTL logfile created on: 14/07/2011 10:06:09 - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Merrett\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.38% Memory free

5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 395.91 Gb Free Space | 85.90% Space Free | Partition Type: NTFS

Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)

PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\ufawupucus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)

SRV - (SPF4) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)

SRV - (SbPF.Launcher) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)

SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )

DRV - (m5288) -- C:\WINDOWS\system32\DRIVERS\m5288.sys (ULi Electronics Inc.)

DRV - (m5287) -- C:\WINDOWS\system32\DRIVERS\m5287.sys (ULi Electronics Inc.)

DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (SI3114r) -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys (Silicon Image, Inc)

DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc)

DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 7171

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:16:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/04 12:39:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/02/08 19:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{18795C75-AFFA-4E5B-8E86-78307203F8D3}: C:\Documents and Settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3} [2011/07/12 21:40:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/07/12 10:17:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

[2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions

[2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/07/12 21:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions

[2011/01/29 15:18:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/18 15:13:16 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/07/12 21:39:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\plugin@yontoo.com

File not found (No name found) --

[2011/07/12 21:40:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOHN MERRETT\LOCAL SETTINGS\APPLICATION DATA\{18795C75-AFFA-4E5B-8E86-78307203F8D3}

[2009/05/04 12:39:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/10/26 10:17:55 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

Hosts file not found

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Ajovanisap] C:\WINDOWS\ufawupucus.dll ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bipro] File not found

O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)

O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)

O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [Tlamexof] C:\WINDOWS\wmsrot.dll (Greatis Software)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\John Merrett\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/22 19:15:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 10:04:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe

[2011/07/14 09:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/07/13 10:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/07/13 10:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM

[2011/07/13 10:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/07/12 22:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/07/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/07/12 21:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/07/12 21:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}

[2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage

[2011/07/12 21:39:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\$XNTUninstall643$

[2011/06/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstaCodecs

[2011/06/16 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\InstaCodecs

[2011/06/16 10:11:58 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 10:04:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe

[2011/07/14 09:40:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/14 09:11:06 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/14 09:10:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/14 09:10:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/13 17:44:59 | 000,000,305 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2011/07/13 17:07:52 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtezinexil.dat

[2011/07/13 10:46:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/13 10:08:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sfoguqizevaxik.bin

[2011/07/12 22:30:52 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/01 09:52:27 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/07/01 09:52:27 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/06/28 13:05:41 | 000,542,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/28 13:05:41 | 000,108,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/16 16:00:45 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/06/16 13:08:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 10:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/12 21:41:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gtezinexil.dat

[2011/07/12 21:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoguqizevaxik.bin

[2011/06/16 15:57:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/02/10 13:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dKjrMerja.js

[2011/02/10 12:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\RSya666j.js

[2011/02/10 11:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\wLS0t.js

[2011/02/10 10:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\wi9odN.js

[2011/02/10 09:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\HH2CJkQi.js

[2011/02/10 08:44:00 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\LPvYvGnP7.js

[2011/02/10 07:44:00 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WSgvKUK5e.js

[2011/02/10 06:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cIeNm3T7.js

[2011/02/10 04:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Rd70LVmiO.js

[2011/02/10 03:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ZxiKxB6yE.js

[2011/02/10 00:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\xQGFiD3MD9.js

[2011/02/09 23:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\KtBTOURfE.js

[2011/02/09 21:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\VOJxzWa.js

[2011/02/09 20:44:03 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\XmNj0l9.js

[2011/02/09 19:44:00 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\XvQA5.js

[2011/02/09 18:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\GOWtlb.js

[2011/02/09 17:44:02 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\yeHen3YY6L.js

[2011/02/09 13:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\aXRSV2.js

[2011/02/09 12:44:01 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\MwKNrWLR.js

[2011/02/09 11:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\yOHFL2.js

[2011/02/08 18:44:02 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ESudkdV8.js

[2011/02/08 16:44:00 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\Z7kEm.js

[2011/02/08 15:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\VbGomio.js

[2011/02/08 14:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\P1XPE.js

[2011/02/08 14:00:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/02/08 14:00:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/02/08 14:00:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/02/08 14:00:54 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/02/08 12:44:00 | 000,015,202 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\x7rlLGRE.js

[2011/02/08 11:44:01 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\kLYIn.js

[2011/02/07 22:44:09 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\H9odr.js

[2011/02/07 21:44:04 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\JAtfxmzX1r.js

[2011/02/07 16:44:00 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\S0S6tMgL.js

[2011/02/07 15:44:01 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hJjfm1IeM.js

[2011/02/07 13:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\IMHFZ3.js

[2011/02/07 12:44:00 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\oSjdF1OVD9.js

[2011/02/07 12:11:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\housecall.guid.cache

[2011/02/07 11:44:00 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\UD4381.js

[2011/02/07 10:44:01 | 000,015,201 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\q9M0vQ.js

[2011/02/06 21:10:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2011/02/06 19:44:02 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\S6Di447m.js

[2011/02/03 11:44:03 | 000,015,203 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cmCCf.js

[2011/01/20 16:49:17 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John Merrett\Application Data\start_pal

[2010/02/28 18:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2010/01/11 16:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/10/22 18:09:19 | 000,000,305 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2009/06/30 21:36:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/08 15:51:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\msmark2.dat.vir

[2009/06/08 14:30:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2009/06/08 12:53:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2009/06/08 12:53:09 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2007/11/17 13:15:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI

[2007/11/15 13:34:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini

[2007/11/15 13:34:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll

[2007/11/15 13:34:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll

[2007/11/15 12:51:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/11/15 12:14:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\fusioncache.dat

[2007/11/08 10:27:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/11/07 18:14:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2007/06/29 01:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/29 01:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/06/29 01:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/29 01:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/06/29 01:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin

[2007/06/29 01:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/29 01:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/06/29 01:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/05/23 02:34:18 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007/05/23 02:13:10 | 000,359,424 | ---- | C] () -- C:\WINDOWS\ufawupucus.dll

[2007/05/23 02:13:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2007/05/23 02:13:09 | 000,542,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2007/05/23 02:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2007/05/23 02:13:09 | 000,108,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2007/05/23 02:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2007/05/23 02:13:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/05/23 02:13:09 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2007/05/23 02:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/05/23 02:13:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2007/05/23 02:13:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2007/05/23 02:13:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2007/05/23 02:13:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/05/22 20:09:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/05/22 20:09:21 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/05/22 19:19:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/05/22 19:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/05/22 19:13:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007/05/22 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007/05/22 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007/05/22 19:13:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007/05/22 19:13:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007/05/22 19:13:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini

[2007/05/22 19:13:14 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2011/02/08 19:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/05/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\linnworks

[2011/02/09 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/06/08 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2011/07/12 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2011/02/08 17:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/24 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support

[2007/09/29 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[2009/06/08 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\dtuser

[2009/06/08 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\pdf995

[2010/03/19 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TeamViewer

[2009/05/24 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TS Support

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 09/02/2011 17:28:44 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\John Merrett\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 400.05 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"80:TCP" = 80:TCP:*:Enabled:SYSDLL

"7171:TCP" = 7171:TCP:*:Enabled:SYSDLL

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\MAC SNIFFER\DHCP Sniffer-0.2.3.91b.exe" = C:\MAC SNIFFER\DHCP Sniffer-0.2.3.91b.exe:*:Enabled:DHCP Sniffer -- (Solster)

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

"C:\Documents and Settings\John Merrett\Local Settings\Temp\Rar$EX00.890\DHCP Sniffer-0.2.3.91b.exe" = C:\Documents and Settings\John Merrett\Local Settings\Temp\Rar$EX00.890\DHCP Sniffer-0.2.3.91b.exe:*:Enabled:DHCP Sniffer

"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java Web Start Launcher -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18FB61AB-2160-42CB-8FC6-F16F4D2A5465}" = Linnworks Order Management - Anywhere

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (FINAWARE)

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35A3A4F4-B792-11D6-A78A-00B0D0142130}" = Java 2 SDK, SE v1.4.2_13

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2

"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7CA4F780-7AD0-417A-82A1-46EB825CFD53}" = HP Managed Printing Admin

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABD16075-4780-4612-9E53-A6610BFB323C}" = MultiCharts

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow

"{DD61FE64-6ACB-401D-9458-6F75BFF129C8}" = TradeStation 8.3 (Build 1419)

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"274c5407c4fa26908310cb5c1c5000001954585180" = NetBeans IDE 5.0

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG" = AVG 2011

"HijackThis" = HijackThis 1.99.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2

"InstallShield_{DD61FE64-6ACB-401D-9458-6F75BFF129C8}" = TradeStation 8.3 (Build 1419)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mozilla Firefox 4.0b11 (x86 en-GB)" = Mozilla Firefox 4.0b11 (x86 en-GB)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MultiCharts" = MultiCharts

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Trader Workstation 4.0" = Trader Workstation 4.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEP" = XPS Essentials Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.0.0.320

"Trader Workstation" = Trader Workstation

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 09/02/2011 09:41:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 09:41:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 10:58:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 10:58:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 11:29:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 11:29:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 12:33:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 12:33:54 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 13:20:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 09/02/2011 13:20:55 | Computer Name = JMATTIC | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 09/02/2011 07:50:18 | Computer Name = JMATTIC | Source = DCOM | ID = 10020

Description = The machine wide Default Launch and Activation security descriptor

is invalid. It contains Access Control Entries with permissions that are invalid.

The requested action was therefore not performed. This security permission can

be corrected using the Component Services administrative tool.

Error - 09/02/2011 07:50:18 | Computer Name = JMATTIC | Source = DCOM | ID = 10020

Description = The machine wide Default Launch and Activation security descriptor

is invalid. It contains Access Control Entries with permissions that are invalid.

The requested action was therefore not performed. This security permission can

be corrected using the Component Services administrative tool.

Error - 09/02/2011 07:50:58 | Computer Name = JMATTIC | Source = DCOM | ID = 10020

Description = The machine wide Default Launch and Activation security descriptor

is invalid. It contains Access Control Entries with permissions that are invalid.

The requested action was therefore not performed. This security permission can

be corrected using the Component Services administrative tool.

Error - 09/02/2011 07:50:58 | Computer Name = JMATTIC | Source = DCOM | ID = 10020

Description = The machine wide Default Launch and Activation security descriptor

is invalid. It contains Access Control Entries with permissions that are invalid.

The requested action was therefore not performed. This security permission can

be corrected using the Component Services administrative tool.

Error - 09/02/2011 07:51:38 | Computer Name = JMATTIC | Source = DCOM | ID = 10020

Description = The machine wide Default Launch and Activation security descriptor

is invalid. It contains Access Control Entries with permissions that are invalid.

The requested action was therefore not performed. This security permission can

be corrected using the Component Services administrative tool.

Error - 09/02/2011 08:02:32 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

VIRTUALXP-76148 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being

forced.

Error - 09/02/2011 09:14:29 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

VIRTUALXP-76148 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being

forced.

Error - 09/02/2011 10:26:22 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

VIRTUALXP-76148 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being

forced.

Error - 09/02/2011 11:26:24 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

VIRTUALXP-76148 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being

forced.

Error - 09/02/2011 12:37:05 | Computer Name = JMATTIC | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

VIRTUALXP-76148 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{34224414-543. The master browser is stopping or an election is being

forced.

< End of report >

Link to post
Share on other sites

You are welcome. :)

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi,

I would like to clean this machine & have followed your instructions. The logs are as follows:

2011/07/14 14:48:46.0312 4476 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 14:48:46.0328 4476 ================================================================================

2011/07/14 14:48:46.0328 4476 SystemInfo:

2011/07/14 14:48:46.0328 4476

2011/07/14 14:48:46.0328 4476 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 14:48:46.0328 4476 Product type: Workstation

2011/07/14 14:48:46.0328 4476 ComputerName: JMATTIC

2011/07/14 14:48:46.0328 4476 UserName: John Merrett

2011/07/14 14:48:46.0328 4476 Windows directory: C:\WINDOWS

2011/07/14 14:48:46.0328 4476 System windows directory: C:\WINDOWS

2011/07/14 14:48:46.0328 4476 Processor architecture: Intel x86

2011/07/14 14:48:46.0328 4476 Number of processors: 4

2011/07/14 14:48:46.0328 4476 Page size: 0x1000

2011/07/14 14:48:46.0328 4476 Boot type: Normal boot

2011/07/14 14:48:46.0328 4476 ================================================================================

2011/07/14 14:48:46.0578 4476 Initialize success

2011/07/14 14:49:01.0828 3652 ================================================================================

2011/07/14 14:49:01.0828 3652 Scan started

2011/07/14 14:49:01.0828 3652 Mode: Manual;

2011/07/14 14:49:01.0828 3652 ================================================================================

2011/07/14 14:49:02.0000 3652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/14 14:49:02.0046 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 14:49:02.0078 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/14 14:49:02.0093 3652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/14 14:49:02.0125 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 14:49:02.0187 3652 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 14:49:02.0218 3652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/14 14:49:02.0234 3652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/14 14:49:02.0265 3652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/14 14:49:02.0296 3652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/14 14:49:02.0296 3652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/14 14:49:02.0312 3652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/14 14:49:02.0328 3652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/14 14:49:02.0343 3652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/14 14:49:02.0359 3652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/14 14:49:02.0375 3652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 14:49:02.0390 3652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/14 14:49:02.0390 3652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/14 14:49:02.0406 3652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/14 14:49:02.0437 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 14:49:02.0453 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/14 14:49:02.0468 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 14:49:02.0500 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 14:49:02.0578 3652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/14 14:49:02.0578 3652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/14 14:49:02.0609 3652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/14 14:49:02.0625 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 14:49:02.0656 3652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/14 14:49:02.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 14:49:02.0671 3652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/14 14:49:02.0687 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 14:49:02.0703 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 14:49:02.0734 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 14:49:02.0765 3652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/14 14:49:02.0781 3652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/14 14:49:02.0781 3652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/14 14:49:02.0796 3652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/14 14:49:02.0812 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 14:49:02.0859 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 14:49:02.0890 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 14:49:02.0906 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 14:49:02.0906 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 14:49:02.0937 3652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/14 14:49:02.0953 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 14:49:02.0968 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 14:49:02.0984 3652 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/07/14 14:49:03.0015 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 14:49:03.0031 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 14:49:03.0046 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 14:49:03.0046 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 14:49:03.0062 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 14:49:03.0078 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 14:49:03.0078 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 14:49:03.0093 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 14:49:03.0125 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 14:49:03.0156 3652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/14 14:49:03.0187 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 14:49:03.0203 3652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/14 14:49:03.0234 3652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/14 14:49:03.0250 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/14 14:49:03.0281 3652 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 14:49:03.0312 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 14:49:03.0328 3652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/14 14:49:03.0468 3652 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/14 14:49:03.0578 3652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/14 14:49:03.0593 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 14:49:03.0625 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 14:49:03.0640 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 14:49:03.0671 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 14:49:03.0703 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 14:49:03.0718 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 14:49:03.0750 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 14:49:03.0796 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 14:49:03.0843 3652 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys

2011/07/14 14:49:03.0859 3652 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

2011/07/14 14:49:03.0859 3652 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/07/14 14:49:03.0890 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 14:49:03.0906 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 14:49:03.0921 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 14:49:03.0953 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 14:49:03.0984 3652 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys

2011/07/14 14:49:04.0000 3652 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys

2011/07/14 14:49:04.0015 3652 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys

2011/07/14 14:49:04.0031 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 14:49:04.0046 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 14:49:04.0062 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 14:49:04.0093 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 14:49:04.0109 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 14:49:04.0109 3652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/14 14:49:04.0156 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 14:49:04.0218 3652 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 14:49:04.0234 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 14:49:04.0265 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 14:49:04.0281 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 14:49:04.0312 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 14:49:04.0328 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 14:49:04.0343 3652 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/07/14 14:49:04.0359 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 14:49:04.0375 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 14:49:04.0390 3652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 14:49:04.0421 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 14:49:04.0453 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 14:49:04.0468 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 14:49:04.0484 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 14:49:04.0500 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 14:49:04.0562 3652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 14:49:04.0593 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 14:49:04.0625 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 14:49:04.0656 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 14:49:04.0843 3652 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 14:49:04.0953 3652 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/07/14 14:49:04.0968 3652 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/07/14 14:49:05.0000 3652 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/07/14 14:49:05.0015 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 14:49:05.0015 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 14:49:05.0046 3652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 14:49:05.0062 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/14 14:49:05.0078 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 14:49:05.0093 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 14:49:05.0109 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 14:49:05.0125 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/14 14:49:05.0140 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/14 14:49:05.0187 3652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/14 14:49:05.0203 3652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/14 14:49:05.0250 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 14:49:05.0265 3652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/14 14:49:05.0281 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 14:49:05.0296 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 14:49:05.0296 3652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/14 14:49:05.0312 3652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/14 14:49:05.0312 3652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/14 14:49:05.0328 3652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/14 14:49:05.0343 3652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/14 14:49:05.0359 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 14:49:05.0359 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 14:49:05.0375 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 14:49:05.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 14:49:05.0437 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 14:49:05.0484 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 14:49:05.0500 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 14:49:05.0531 3652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 14:49:05.0546 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 14:49:05.0578 3652 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys

2011/07/14 14:49:05.0593 3652 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys

2011/07/14 14:49:05.0625 3652 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys

2011/07/14 14:49:05.0656 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 14:49:05.0656 3652 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/14 14:49:05.0671 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/14 14:49:05.0687 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/14 14:49:05.0718 3652 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys

2011/07/14 14:49:05.0718 3652 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys

2011/07/14 14:49:05.0734 3652 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/07/14 14:49:05.0781 3652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/14 14:49:05.0796 3652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/14 14:49:05.0828 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 14:49:05.0875 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 14:49:05.0906 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 14:49:05.0937 3652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/14 14:49:05.0937 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 14:49:05.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 14:49:05.0968 3652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/14 14:49:05.0984 3652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/14 14:49:06.0000 3652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/14 14:49:06.0000 3652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/14 14:49:06.0046 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 14:49:06.0078 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 14:49:06.0109 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 14:49:06.0125 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 14:49:06.0125 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 14:49:06.0156 3652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/14 14:49:06.0187 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 14:49:06.0203 3652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/14 14:49:06.0203 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 14:49:06.0234 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 14:49:06.0265 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 14:49:06.0265 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 14:49:06.0281 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/14 14:49:06.0312 3652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 14:49:06.0343 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 14:49:06.0375 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 14:49:06.0375 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 14:49:06.0406 3652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/14 14:49:06.0437 3652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/14 14:49:06.0468 3652 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2011/07/14 14:49:06.0500 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 14:49:06.0515 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 14:49:06.0546 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 14:49:06.0609 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 14:49:06.0625 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/14 14:49:06.0640 3652 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0

2011/07/14 14:49:06.0656 3652 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/14 14:49:06.0671 3652 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0

2011/07/14 14:49:06.0671 3652 ================================================================================

2011/07/14 14:49:06.0671 3652 Scan finished

2011/07/14 14:49:06.0671 3652 ================================================================================

2011/07/14 14:49:06.0671 4624 Detected object count: 1

2011/07/14 14:49:06.0671 4624 Actual detected object count: 1

2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 - ok

2011/07/14 14:49:26.0546 4624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/14 14:49:36.0921 3748 Deinitialize success

Link to post
Share on other sites

ComboFix 11-07-13.04 - John Merrett 14/07/2011 15:11:29.4.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.2737 [GMT 1:00]

Running from: c:\documents and settings\John Merrett\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}

c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome.manifest

c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome\content\_cfg.js

c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\chrome\content\overlay.xul

c:\documents and settings\John Merrett\Local Settings\Application Data\{18795C75-AFFA-4E5B-8E86-78307203F8D3}\install.rdf

C:\Recycle.Bin

c:\recycle.bin\B6232F3A82E.exe

c:\recycle.bin\BFFD213F479D787

c:\windows\$xntuninstall643$

c:\windows\$xntuninstall643$\apUninstall.exe

c:\windows\ufawupucus.dll

c:\windows\wmsrot.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-14 09:15 . 2011-07-14 09:15 302592 ----a-w- C:\qmpn4v8n.exe

2011-07-13 17:11 . 2011-07-13 17:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2011-07-13 09:03 . 2011-07-13 09:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-07-12 20:41 . 2011-07-13 12:32 -------- d-----w- c:\windows\system32\NtmsData

2011-07-12 20:41 . 2011-07-14 09:09 0 ----a-w- c:\windows\Sfoguqizevaxik.bin

2011-07-12 20:39 . 2011-07-12 20:39 -------- d-----w- c:\program files\PageRage

2011-06-16 14:57 . 2010-03-31 17:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2011-06-16 14:57 . 2011-06-16 14:57 -------- d-----w- c:\program files\InstaCodecs

2011-06-16 09:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-01 08:52 . 2011-02-10 16:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-01 08:52 . 2011-02-10 16:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-02 14:02 . 2007-05-23 01:13 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2007-05-22 18:14 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2007-05-23 01:13 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2007-05-23 01:13 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2007-05-23 01:13 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2007-05-23 01:13 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-25 15:51 . 2007-05-23 01:13 832512 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 15:51 . 2009-06-08 16:35 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 15:51 . 2007-05-23 01:13 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 15:51 . 2007-05-23 01:13 17408 ----a-w- c:\windows\system32\corpol.dll

2011-04-25 12:01 . 2007-05-23 01:13 389120 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2007-05-23 01:13 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"nwiz"="nwiz.exe" [2007-06-29 1626112]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]

"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\John Merrett\Start Menu\Programs\Startup\

Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2007-11-15 194775]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\MAC SNIFFER\\DHCP Sniffer-0.2.3.91b.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

.

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [10/02/2011 17:38 270888]

R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 05:54 66600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/02/2011 17:10 136360]

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [16/09/2010 14:41 140184]

R2 MSSQL$FINAWARE;SQL Server (FINAWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 19:29 29293408]

R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 08:24 95528]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [10/02/2011 17:38 65576]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:04 135664]

S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 08:24 1365288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:04 135664]

S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [23/05/2007 02:32 24971]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [23/05/2007 02:32 103680]

S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [23/05/2007 02:32 210304]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [23/05/2007 02:32 52480]

S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [23/05/2007 02:32 89749]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:04]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Tlamexof - c:\windows\wmsrot.dll

HKCU-Run-4Y3Y0C3AXF7XZA5VJBLRNKE - c:\recycle.bin\B6232F3A82E.exe

HKLM-Run-bipro - (no file)

HKLM-Run-Ajovanisap - c:\windows\ufawupucus.dll

AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-14 15:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD501LJ rev.CR100-11 -> Harddisk0\DR0 -> \Device\00000032

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFF94D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8afff7d0]; MOV EAX, [0x8afff84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B09FAB8]

3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006d[0x8B094F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B03A030]

\Driver\nvata[0x8B0C8C38] -> IRP_MJ_CREATE -> 0x8AFF94D0

error: Read Incorrect function.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x675; }

detected disk devices:

\Device\0000006b -> \??\IDE#DiskSAMSUNG_HD501LJ_________________________CR100-11#3053554D314A5044343936313537202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1036)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(1096)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(668)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

c:\program files\Microsoft Office\Office10\msohev.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-14 15:36:40 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-14 14:36

ComboFix2.txt 2011-02-11 15:27

.

Pre-Run: 426,099,691,520 bytes free

Post-Run: 426,455,932,928 bytes free

.

- - End Of File - - 0E1956454B7147B2B224A92A33875E08

Link to post
Share on other sites

2011/07/14 16:02:49.0546 5456 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 16:02:49.0734 5456 ================================================================================

2011/07/14 16:02:49.0734 5456 SystemInfo:

2011/07/14 16:02:49.0734 5456

2011/07/14 16:02:49.0734 5456 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 16:02:49.0734 5456 Product type: Workstation

2011/07/14 16:02:49.0734 5456 ComputerName: JMATTIC

2011/07/14 16:02:49.0734 5456 UserName: John Merrett

2011/07/14 16:02:49.0734 5456 Windows directory: C:\WINDOWS

2011/07/14 16:02:49.0734 5456 System windows directory: C:\WINDOWS

2011/07/14 16:02:49.0734 5456 Processor architecture: Intel x86

2011/07/14 16:02:49.0734 5456 Number of processors: 4

2011/07/14 16:02:49.0734 5456 Page size: 0x1000

2011/07/14 16:02:49.0734 5456 Boot type: Normal boot

2011/07/14 16:02:49.0734 5456 ================================================================================

2011/07/14 16:02:49.0984 5456 Initialize success

2011/07/14 16:02:52.0203 5576 ================================================================================

2011/07/14 16:02:52.0203 5576 Scan started

2011/07/14 16:02:52.0203 5576 Mode: Manual;

2011/07/14 16:02:52.0203 5576 ================================================================================

2011/07/14 16:02:52.0593 5576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/14 16:02:52.0640 5576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 16:02:52.0687 5576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/14 16:02:52.0687 5576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/14 16:02:52.0765 5576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 16:02:52.0812 5576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 16:02:52.0921 5576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/14 16:02:52.0953 5576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/14 16:02:52.0968 5576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/14 16:02:53.0000 5576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/14 16:02:53.0015 5576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/14 16:02:53.0031 5576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/14 16:02:53.0062 5576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/14 16:02:53.0078 5576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/14 16:02:53.0093 5576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/14 16:02:53.0125 5576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 16:02:53.0140 5576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/14 16:02:53.0156 5576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/14 16:02:53.0171 5576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/14 16:02:53.0203 5576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 16:02:53.0218 5576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/14 16:02:53.0250 5576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 16:02:53.0281 5576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 16:02:53.0375 5576 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/14 16:02:53.0390 5576 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/14 16:02:53.0406 5576 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/14 16:02:53.0437 5576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 16:02:53.0468 5576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/14 16:02:53.0484 5576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 16:02:53.0484 5576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/14 16:02:53.0500 5576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 16:02:53.0515 5576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 16:02:53.0546 5576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 16:02:53.0578 5576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/14 16:02:53.0593 5576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/14 16:02:53.0625 5576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/14 16:02:53.0640 5576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/14 16:02:53.0671 5576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 16:02:53.0718 5576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 16:02:53.0765 5576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 16:02:53.0781 5576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 16:02:53.0796 5576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 16:02:53.0828 5576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/14 16:02:53.0843 5576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 16:02:53.0859 5576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 16:02:53.0890 5576 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/07/14 16:02:53.0921 5576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 16:02:53.0953 5576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 16:02:53.0968 5576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 16:02:53.0984 5576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 16:02:54.0015 5576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 16:02:54.0031 5576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 16:02:54.0046 5576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 16:02:54.0078 5576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 16:02:54.0109 5576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 16:02:54.0125 5576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/14 16:02:54.0171 5576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 16:02:54.0187 5576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/14 16:02:54.0234 5576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/14 16:02:54.0234 5576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/14 16:02:54.0281 5576 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 16:02:54.0296 5576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 16:02:54.0312 5576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/14 16:02:54.0453 5576 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/14 16:02:54.0515 5576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/14 16:02:54.0531 5576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 16:02:54.0562 5576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 16:02:54.0578 5576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 16:02:54.0609 5576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 16:02:54.0625 5576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 16:02:54.0656 5576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 16:02:54.0687 5576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 16:02:54.0718 5576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 16:02:54.0734 5576 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys

2011/07/14 16:02:54.0765 5576 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

2011/07/14 16:02:54.0781 5576 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/07/14 16:02:54.0812 5576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 16:02:54.0828 5576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 16:02:54.0859 5576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 16:02:54.0906 5576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 16:02:54.0968 5576 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys

2011/07/14 16:02:54.0984 5576 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys

2011/07/14 16:02:55.0000 5576 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys

2011/07/14 16:02:55.0015 5576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 16:02:55.0046 5576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 16:02:55.0062 5576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 16:02:55.0093 5576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 16:02:55.0109 5576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 16:02:55.0125 5576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/14 16:02:55.0140 5576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 16:02:55.0203 5576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 16:02:55.0218 5576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 16:02:55.0250 5576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 16:02:55.0281 5576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 16:02:55.0296 5576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 16:02:55.0328 5576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 16:02:55.0343 5576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/07/14 16:02:55.0359 5576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 16:02:55.0375 5576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 16:02:55.0375 5576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 16:02:55.0390 5576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 16:02:55.0406 5576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 16:02:55.0437 5576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 16:02:55.0468 5576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 16:02:55.0484 5576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 16:02:55.0531 5576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 16:02:55.0562 5576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 16:02:55.0609 5576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 16:02:55.0640 5576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 16:02:55.0859 5576 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 16:02:56.0015 5576 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/07/14 16:02:56.0046 5576 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/07/14 16:02:56.0078 5576 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/07/14 16:02:56.0109 5576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 16:02:56.0125 5576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 16:02:56.0140 5576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 16:02:56.0156 5576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/14 16:02:56.0171 5576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 16:02:56.0187 5576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 16:02:56.0203 5576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 16:02:56.0234 5576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/14 16:02:56.0250 5576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/14 16:02:56.0328 5576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/14 16:02:56.0343 5576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/14 16:02:56.0406 5576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 16:02:56.0421 5576 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/14 16:02:56.0437 5576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 16:02:56.0453 5576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 16:02:56.0468 5576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/14 16:02:56.0484 5576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/14 16:02:56.0500 5576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/14 16:02:56.0515 5576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/14 16:02:56.0531 5576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/14 16:02:56.0546 5576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 16:02:56.0562 5576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 16:02:56.0578 5576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 16:02:56.0593 5576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 16:02:56.0625 5576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 16:02:56.0640 5576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 16:02:56.0656 5576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 16:02:56.0718 5576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 16:02:56.0750 5576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 16:02:56.0796 5576 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys

2011/07/14 16:02:56.0812 5576 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys

2011/07/14 16:02:56.0828 5576 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys

2011/07/14 16:02:56.0875 5576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 16:02:56.0890 5576 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/14 16:02:56.0906 5576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/14 16:02:56.0937 5576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/14 16:02:56.0968 5576 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys

2011/07/14 16:02:56.0984 5576 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys

2011/07/14 16:02:57.0015 5576 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/07/14 16:02:57.0062 5576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/14 16:02:57.0093 5576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/14 16:02:57.0125 5576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 16:02:57.0171 5576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 16:02:57.0218 5576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 16:02:57.0234 5576 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/14 16:02:57.0250 5576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 16:02:57.0265 5576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 16:02:57.0296 5576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/14 16:02:57.0312 5576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/14 16:02:57.0328 5576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/14 16:02:57.0343 5576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/14 16:02:57.0375 5576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 16:02:57.0437 5576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 16:02:57.0468 5576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 16:02:57.0500 5576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 16:02:57.0515 5576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 16:02:57.0546 5576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/14 16:02:57.0578 5576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 16:02:57.0593 5576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/14 16:02:57.0625 5576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 16:02:57.0656 5576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 16:02:57.0671 5576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 16:02:57.0703 5576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 16:02:57.0718 5576 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/14 16:02:57.0750 5576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 16:02:57.0781 5576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 16:02:57.0812 5576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 16:02:57.0828 5576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 16:02:57.0875 5576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/14 16:02:57.0890 5576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/14 16:02:57.0921 5576 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2011/07/14 16:02:57.0953 5576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 16:02:57.0968 5576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 16:02:58.0000 5576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 16:02:58.0078 5576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 16:02:58.0109 5576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/14 16:02:58.0140 5576 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0

2011/07/14 16:02:58.0156 5576 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/14 16:02:58.0156 5576 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0

2011/07/14 16:02:58.0171 5576 ================================================================================

2011/07/14 16:02:58.0171 5576 Scan finished

2011/07/14 16:02:58.0171 5576 ================================================================================

2011/07/14 16:02:58.0171 5388 Detected object count: 1

2011/07/14 16:02:58.0171 5388 Actual detected object count: 1

2011/07/14 16:03:18.0859 5388 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/14 16:03:18.0859 5388 \Device\Harddisk0\DR0 - ok

2011/07/14 16:03:18.0859 5388 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/14 16:03:27.0109 5316 Deinitialize success

Link to post
Share on other sites

I beg your pardon. The only other log i have is as follows:

2011/07/14 14:48:46.0312 4476 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 14:48:46.0328 4476 ================================================================================

2011/07/14 14:48:46.0328 4476 SystemInfo:

2011/07/14 14:48:46.0328 4476

2011/07/14 14:48:46.0328 4476 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 14:48:46.0328 4476 Product type: Workstation

2011/07/14 14:48:46.0328 4476 ComputerName: JMATTIC

2011/07/14 14:48:46.0328 4476 UserName: John Merrett

2011/07/14 14:48:46.0328 4476 Windows directory: C:\WINDOWS

2011/07/14 14:48:46.0328 4476 System windows directory: C:\WINDOWS

2011/07/14 14:48:46.0328 4476 Processor architecture: Intel x86

2011/07/14 14:48:46.0328 4476 Number of processors: 4

2011/07/14 14:48:46.0328 4476 Page size: 0x1000

2011/07/14 14:48:46.0328 4476 Boot type: Normal boot

2011/07/14 14:48:46.0328 4476 ================================================================================

2011/07/14 14:48:46.0578 4476 Initialize success

2011/07/14 14:49:01.0828 3652 ================================================================================

2011/07/14 14:49:01.0828 3652 Scan started

2011/07/14 14:49:01.0828 3652 Mode: Manual;

2011/07/14 14:49:01.0828 3652 ================================================================================

2011/07/14 14:49:02.0000 3652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/14 14:49:02.0046 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 14:49:02.0078 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/14 14:49:02.0093 3652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/14 14:49:02.0125 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 14:49:02.0187 3652 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 14:49:02.0218 3652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/14 14:49:02.0234 3652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/14 14:49:02.0265 3652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/14 14:49:02.0296 3652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/14 14:49:02.0296 3652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/14 14:49:02.0312 3652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/14 14:49:02.0328 3652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/14 14:49:02.0343 3652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/14 14:49:02.0359 3652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/14 14:49:02.0375 3652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 14:49:02.0390 3652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/14 14:49:02.0390 3652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/14 14:49:02.0406 3652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/14 14:49:02.0437 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 14:49:02.0453 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/14 14:49:02.0468 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 14:49:02.0500 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 14:49:02.0578 3652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/14 14:49:02.0578 3652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/14 14:49:02.0609 3652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/14 14:49:02.0625 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 14:49:02.0656 3652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/14 14:49:02.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 14:49:02.0671 3652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/14 14:49:02.0687 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 14:49:02.0703 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 14:49:02.0734 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 14:49:02.0765 3652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/14 14:49:02.0781 3652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/14 14:49:02.0781 3652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/14 14:49:02.0796 3652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/14 14:49:02.0812 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 14:49:02.0859 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 14:49:02.0890 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 14:49:02.0906 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 14:49:02.0906 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 14:49:02.0937 3652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/14 14:49:02.0953 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 14:49:02.0968 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 14:49:02.0984 3652 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/07/14 14:49:03.0015 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 14:49:03.0031 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 14:49:03.0046 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 14:49:03.0046 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 14:49:03.0062 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 14:49:03.0078 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 14:49:03.0078 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 14:49:03.0093 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 14:49:03.0125 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 14:49:03.0156 3652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/14 14:49:03.0187 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 14:49:03.0203 3652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/14 14:49:03.0234 3652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/14 14:49:03.0250 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/14 14:49:03.0281 3652 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 14:49:03.0312 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 14:49:03.0328 3652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/14 14:49:03.0468 3652 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/14 14:49:03.0578 3652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/14 14:49:03.0593 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 14:49:03.0625 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 14:49:03.0640 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 14:49:03.0671 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 14:49:03.0703 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 14:49:03.0718 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 14:49:03.0750 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 14:49:03.0796 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 14:49:03.0843 3652 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys

2011/07/14 14:49:03.0859 3652 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

2011/07/14 14:49:03.0859 3652 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/07/14 14:49:03.0890 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 14:49:03.0906 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 14:49:03.0921 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 14:49:03.0953 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 14:49:03.0984 3652 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys

2011/07/14 14:49:04.0000 3652 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys

2011/07/14 14:49:04.0015 3652 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys

2011/07/14 14:49:04.0031 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 14:49:04.0046 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 14:49:04.0062 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 14:49:04.0093 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 14:49:04.0109 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 14:49:04.0109 3652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/14 14:49:04.0156 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 14:49:04.0218 3652 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 14:49:04.0234 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 14:49:04.0265 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 14:49:04.0281 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 14:49:04.0312 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 14:49:04.0328 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 14:49:04.0343 3652 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/07/14 14:49:04.0359 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 14:49:04.0375 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 14:49:04.0390 3652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 14:49:04.0421 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 14:49:04.0453 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 14:49:04.0468 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 14:49:04.0484 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 14:49:04.0500 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 14:49:04.0562 3652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 14:49:04.0593 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 14:49:04.0625 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 14:49:04.0656 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 14:49:04.0843 3652 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 14:49:04.0953 3652 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/07/14 14:49:04.0968 3652 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/07/14 14:49:05.0000 3652 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/07/14 14:49:05.0015 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 14:49:05.0015 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 14:49:05.0046 3652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 14:49:05.0062 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/14 14:49:05.0078 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 14:49:05.0093 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 14:49:05.0109 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 14:49:05.0125 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/14 14:49:05.0140 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/14 14:49:05.0187 3652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/14 14:49:05.0203 3652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/14 14:49:05.0250 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 14:49:05.0265 3652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/14 14:49:05.0281 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 14:49:05.0296 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 14:49:05.0296 3652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/14 14:49:05.0312 3652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/14 14:49:05.0312 3652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/14 14:49:05.0328 3652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/14 14:49:05.0343 3652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/14 14:49:05.0359 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 14:49:05.0359 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 14:49:05.0375 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 14:49:05.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 14:49:05.0437 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 14:49:05.0484 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 14:49:05.0500 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 14:49:05.0531 3652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 14:49:05.0546 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 14:49:05.0578 3652 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys

2011/07/14 14:49:05.0593 3652 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys

2011/07/14 14:49:05.0625 3652 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys

2011/07/14 14:49:05.0656 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 14:49:05.0656 3652 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/14 14:49:05.0671 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/14 14:49:05.0687 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/14 14:49:05.0718 3652 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys

2011/07/14 14:49:05.0718 3652 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys

2011/07/14 14:49:05.0734 3652 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/07/14 14:49:05.0781 3652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/14 14:49:05.0796 3652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/14 14:49:05.0828 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 14:49:05.0875 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 14:49:05.0906 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 14:49:05.0937 3652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/14 14:49:05.0937 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 14:49:05.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 14:49:05.0968 3652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/14 14:49:05.0984 3652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/14 14:49:06.0000 3652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/14 14:49:06.0000 3652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/14 14:49:06.0046 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 14:49:06.0078 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 14:49:06.0109 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 14:49:06.0125 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 14:49:06.0125 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 14:49:06.0156 3652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/14 14:49:06.0187 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 14:49:06.0203 3652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/14 14:49:06.0203 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 14:49:06.0234 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 14:49:06.0265 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 14:49:06.0265 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 14:49:06.0281 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/14 14:49:06.0312 3652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 14:49:06.0343 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 14:49:06.0375 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 14:49:06.0375 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 14:49:06.0406 3652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/14 14:49:06.0437 3652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/14 14:49:06.0468 3652 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2011/07/14 14:49:06.0500 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 14:49:06.0515 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 14:49:06.0546 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 14:49:06.0609 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 14:49:06.0625 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/14 14:49:06.0640 3652 MBR (0x1B8) (035ce1c0bf49cb716bd6db7a4cf480b7) \Device\Harddisk0\DR0

2011/07/14 14:49:06.0656 3652 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/14 14:49:06.0671 3652 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0

2011/07/14 14:49:06.0671 3652 ================================================================================

2011/07/14 14:49:06.0671 3652 Scan finished

2011/07/14 14:49:06.0671 3652 ================================================================================

2011/07/14 14:49:06.0671 4624 Detected object count: 1

2011/07/14 14:49:06.0671 4624 Actual detected object count: 1

2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/14 14:49:26.0546 4624 \Device\Harddisk0\DR0 - ok

2011/07/14 14:49:26.0546 4624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/14 14:49:36.0921 3748 Deinitialize success

Link to post
Share on other sites

just ran tdskiller again and got this log:

2011/07/14 18:00:39.0562 0408 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 18:00:39.0750 0408 ================================================================================

2011/07/14 18:00:39.0750 0408 SystemInfo:

2011/07/14 18:00:39.0750 0408

2011/07/14 18:00:39.0750 0408 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 18:00:39.0750 0408 Product type: Workstation

2011/07/14 18:00:39.0750 0408 ComputerName: JMATTIC

2011/07/14 18:00:39.0750 0408 UserName: John Merrett

2011/07/14 18:00:39.0750 0408 Windows directory: C:\WINDOWS

2011/07/14 18:00:39.0750 0408 System windows directory: C:\WINDOWS

2011/07/14 18:00:39.0750 0408 Processor architecture: Intel x86

2011/07/14 18:00:39.0750 0408 Number of processors: 4

2011/07/14 18:00:39.0750 0408 Page size: 0x1000

2011/07/14 18:00:39.0750 0408 Boot type: Normal boot

2011/07/14 18:00:39.0750 0408 ================================================================================

2011/07/14 18:00:40.0000 0408 Initialize success

2011/07/14 18:00:42.0000 0272 ================================================================================

2011/07/14 18:00:42.0000 0272 Scan started

2011/07/14 18:00:42.0000 0272 Mode: Manual;

2011/07/14 18:00:42.0000 0272 ================================================================================

2011/07/14 18:00:42.0218 0272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/14 18:00:42.0265 0272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 18:00:42.0296 0272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/14 18:00:42.0312 0272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/14 18:00:42.0375 0272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 18:00:42.0453 0272 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 18:00:42.0500 0272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/14 18:00:42.0531 0272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/14 18:00:42.0546 0272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/14 18:00:42.0578 0272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/14 18:00:42.0593 0272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/14 18:00:42.0609 0272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/14 18:00:42.0656 0272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/14 18:00:42.0687 0272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/14 18:00:42.0703 0272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/14 18:00:42.0718 0272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 18:00:42.0734 0272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/14 18:00:42.0750 0272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/14 18:00:42.0765 0272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/14 18:00:42.0796 0272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 18:00:42.0812 0272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/14 18:00:42.0843 0272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 18:00:42.0875 0272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 18:00:42.0968 0272 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/14 18:00:42.0984 0272 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/14 18:00:43.0000 0272 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/14 18:00:43.0031 0272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 18:00:43.0046 0272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/14 18:00:43.0062 0272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 18:00:43.0078 0272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/14 18:00:43.0093 0272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 18:00:43.0093 0272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 18:00:43.0156 0272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 18:00:43.0187 0272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/14 18:00:43.0203 0272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/14 18:00:43.0234 0272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/14 18:00:43.0265 0272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/14 18:00:43.0281 0272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 18:00:43.0328 0272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 18:00:43.0359 0272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 18:00:43.0375 0272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 18:00:43.0390 0272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 18:00:43.0406 0272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/14 18:00:43.0421 0272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 18:00:43.0437 0272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 18:00:43.0468 0272 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/07/14 18:00:43.0500 0272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 18:00:43.0515 0272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 18:00:43.0531 0272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 18:00:43.0546 0272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 18:00:43.0562 0272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 18:00:43.0578 0272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 18:00:43.0593 0272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 18:00:43.0625 0272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 18:00:43.0656 0272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 18:00:43.0671 0272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/14 18:00:43.0718 0272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 18:00:43.0734 0272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/14 18:00:43.0750 0272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/14 18:00:43.0765 0272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/14 18:00:43.0812 0272 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 18:00:43.0828 0272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 18:00:43.0875 0272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/14 18:00:44.0000 0272 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/14 18:00:44.0046 0272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/14 18:00:44.0078 0272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 18:00:44.0109 0272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 18:00:44.0125 0272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 18:00:44.0156 0272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 18:00:44.0171 0272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 18:00:44.0187 0272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 18:00:44.0218 0272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 18:00:44.0250 0272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 18:00:44.0265 0272 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys

2011/07/14 18:00:44.0281 0272 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

2011/07/14 18:00:44.0296 0272 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys

2011/07/14 18:00:44.0328 0272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 18:00:44.0343 0272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 18:00:44.0359 0272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 18:00:44.0406 0272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 18:00:44.0437 0272 m5287 (87cf2d570f452a5c1b9fc5c5a44389a5) C:\WINDOWS\system32\DRIVERS\m5287.sys

2011/07/14 18:00:44.0453 0272 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys

2011/07/14 18:00:44.0484 0272 m5289 (e1ca1ea9ad7c8c50ea533829a6854d63) C:\WINDOWS\system32\DRIVERS\m5289.sys

2011/07/14 18:00:44.0500 0272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 18:00:44.0531 0272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 18:00:44.0546 0272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 18:00:44.0578 0272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 18:00:44.0593 0272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 18:00:44.0609 0272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/14 18:00:44.0625 0272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 18:00:44.0671 0272 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 18:00:44.0703 0272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 18:00:44.0718 0272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 18:00:44.0750 0272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 18:00:44.0765 0272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 18:00:44.0812 0272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 18:00:44.0828 0272 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/07/14 18:00:44.0843 0272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 18:00:44.0859 0272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 18:00:44.0859 0272 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 18:00:44.0921 0272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 18:00:44.0937 0272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 18:00:44.0968 0272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 18:00:44.0984 0272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 18:00:45.0015 0272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 18:00:45.0078 0272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 18:00:45.0093 0272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 18:00:45.0125 0272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 18:00:45.0171 0272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 18:00:45.0359 0272 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 18:00:45.0515 0272 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/07/14 18:00:45.0531 0272 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/07/14 18:00:45.0562 0272 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/07/14 18:00:45.0578 0272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 18:00:45.0593 0272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 18:00:45.0609 0272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 18:00:45.0625 0272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/14 18:00:45.0640 0272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 18:00:45.0656 0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 18:00:45.0671 0272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 18:00:45.0687 0272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/14 18:00:45.0718 0272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/14 18:00:45.0781 0272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/14 18:00:45.0796 0272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/14 18:00:45.0843 0272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 18:00:45.0859 0272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/14 18:00:45.0875 0272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 18:00:45.0890 0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 18:00:45.0906 0272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/14 18:00:45.0921 0272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/14 18:00:45.0937 0272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/14 18:00:45.0953 0272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/14 18:00:45.0968 0272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/14 18:00:45.0984 0272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 18:00:46.0000 0272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 18:00:46.0015 0272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 18:00:46.0031 0272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 18:00:46.0062 0272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 18:00:46.0062 0272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 18:00:46.0078 0272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 18:00:46.0109 0272 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 18:00:46.0140 0272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 18:00:46.0187 0272 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys

2011/07/14 18:00:46.0203 0272 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys

2011/07/14 18:00:46.0234 0272 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys

2011/07/14 18:00:46.0250 0272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 18:00:46.0265 0272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/14 18:00:46.0281 0272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/14 18:00:46.0312 0272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/14 18:00:46.0359 0272 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys

2011/07/14 18:00:46.0375 0272 SI3114r (19b8d029bce41c88fc53167726774502) C:\WINDOWS\system32\DRIVERS\SI3114R.sys

2011/07/14 18:00:46.0390 0272 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/07/14 18:00:46.0437 0272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/14 18:00:46.0468 0272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/14 18:00:46.0500 0272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 18:00:46.0546 0272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 18:00:46.0578 0272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 18:00:46.0609 0272 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/14 18:00:46.0609 0272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 18:00:46.0625 0272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 18:00:46.0640 0272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/14 18:00:46.0656 0272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/14 18:00:46.0671 0272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/14 18:00:46.0703 0272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/14 18:00:46.0734 0272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 18:00:46.0781 0272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 18:00:46.0828 0272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 18:00:46.0828 0272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 18:00:46.0843 0272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 18:00:46.0875 0272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/14 18:00:46.0906 0272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 18:00:46.0921 0272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/14 18:00:46.0968 0272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 18:00:47.0015 0272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 18:00:47.0031 0272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 18:00:47.0062 0272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 18:00:47.0062 0272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/14 18:00:47.0109 0272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 18:00:47.0140 0272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 18:00:47.0171 0272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 18:00:47.0203 0272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 18:00:47.0218 0272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/14 18:00:47.0250 0272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/14 18:00:47.0265 0272 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2011/07/14 18:00:47.0296 0272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 18:00:47.0328 0272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 18:00:47.0343 0272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 18:00:47.0406 0272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 18:00:47.0437 0272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/14 18:00:47.0468 0272 MBR (0x1B8) (564fd35314278444c09289c7d23e0635) \Device\Harddisk0\DR0

2011/07/14 18:00:47.0515 0272 Boot (0x1200) (2b775db2c3f04c9044bf673eff506911) \Device\Harddisk0\DR0\Partition0

2011/07/14 18:00:47.0515 0272 ================================================================================

2011/07/14 18:00:47.0515 0272 Scan finished

2011/07/14 18:00:47.0515 0272 ================================================================================

2011/07/14 18:00:47.0515 1948 Detected object count: 0

2011/07/14 18:00:47.0515 1948 Actual detected object count: 0

2011/07/14 18:00:58.0140 0792 Deinitialize success

Link to post
Share on other sites

Ok funny cause the log file time it was ran reflect he same exact time.

TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
Either way it is clean now.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

ESET OnlineScan

  1. Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check esetScanArchives.png and check Remove found threats
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push esetListThreats.png

[*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the esetBack.png button.

[*]Push esetFinish.png

Link to post
Share on other sites

Hi, there were 2 logs:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5722

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

09/02/2011 19:43:20

mbam-log-2011-02-09 (19-43-20).txt

Scan type: Quick scan

Objects scanned: 165751

Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Palladium) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\fheydbueyj.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\john merrett\my documents\downloads\clickpotatoinstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\s3nr0egd\sd[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\ro122366.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\ro122390.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\john merrett\application data\asdfasfas.bat (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7143

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

15/07/2011 12:40:53

mbam-log-2011-07-15 (12-40-53).txt

Scan type: Quick scan

Objects scanned: 187568

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

sorry for the delay. here's the eset scan:

C:\Documents and Settings\LocalService\Application Data\S6Di447m.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\aXRSV2.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\cIeNm3T7.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\cmCCf.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\dKjrMerja.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\ESudkdV8.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\GOWtlb.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\H9odr.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\HH2CJkQi.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\hJjfm1IeM.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\IMHFZ3.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\JAtfxmzX1r.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\kLYIn.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\KtBTOURfE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\LPvYvGnP7.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\MwKNrWLR.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\oSjdF1OVD9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\P1XPE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\q9M0vQ.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Rd70LVmiO.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\RSya666j.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\S0S6tMgL.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\UD4381.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\VbGomio.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\VOJxzWa.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\wi9odN.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\wLS0t.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\WSgvKUK5e.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\x7rlLGRE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\XmNj0l9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\xQGFiD3MD9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\XvQA5.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\yeHen3YY6L.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\yOHFL2.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Z7kEm.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\ZxiKxB6yE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\3190d05e-26076cdc Java/Agent.CV trojan deleted - quarantined

C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Recycle.Bin\B6232F3A82E.exe.vir Win32/Spy.SpyEye.CA trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\ufawupucus.dll.vir a variant of Win32/Kryptik.NZL trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\wmsrot.dll.vir a variant of Win32/Kryptik.QFM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002170.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002174.exe Win32/Spy.SpyEye.CA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002176.dll a variant of Win32/Kryptik.NZL trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP2\A0002177.dll a variant of Win32/Kryptik.QFM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{657D8F8D-8F01-4AA1-88FC-4169285A640E}\RP3\A0002312.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\WINDOWS\system32\345.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Hi,

things running fine. The otl log is as follows:

OTL logfile created on: 15/07/2011 20:46:41 - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Merrett\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.28% Memory free

5.09 Gb Paging File | 4.27 Gb Available in Paging File | 83.89% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 396.48 Gb Free Space | 86.03% Space Free | Partition Type: NTFS

Computer Name: JMATTIC | User Name: John Merrett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)

PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)

PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John Merrett\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)

SRV - (SPF4) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)

SRV - (SbPF.Launcher) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)

SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )

DRV - (m5288) -- C:\WINDOWS\system32\DRIVERS\m5288.sys (ULi Electronics Inc.)

DRV - (m5287) -- C:\WINDOWS\system32\DRIVERS\m5287.sys (ULi Electronics Inc.)

DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (SI3114r) -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys (Silicon Image, Inc)

DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc)

DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc697c5&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 7171

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:16:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/04 12:39:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/02/08 19:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/07/12 10:17:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

[2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions

[2010/01/11 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/07/12 21:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions

[2011/01/29 15:18:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/18 15:13:16 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/07/12 21:39:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\John Merrett\Application Data\Mozilla\Firefox\Profiles\bz10o2jh.default\extensions\plugin@yontoo.com

File not found (No name found) --

[2009/05/04 12:39:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/10/26 10:17:55 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: ([2011/07/14 15:27:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)

O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)

O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\John Merrett\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/22 19:15:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 12:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/15 12:50:27 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\John Merrett\Desktop\esetsmartinstaller_enu.exe

[2011/07/14 17:59:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/14 15:03:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/14 15:03:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/14 15:03:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/14 15:03:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/14 15:02:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/14 15:02:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John Merrett\Start Menu\Programs\Administrative Tools

[2011/07/14 15:01:05 | 004,151,632 | R--- | C] (Swearware) -- C:\Documents and Settings\John Merrett\Desktop\ComboFix.exe

[2011/07/14 14:46:49 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John Merrett\Desktop\TDSSKiller.exe

[2011/07/14 10:04:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe

[2011/07/13 10:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/07/13 10:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM

[2011/07/13 10:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/07/12 22:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/07/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/07/12 21:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/07/12 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage

[2011/06/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstaCodecs

[2011/06/16 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\InstaCodecs

[2011/06/16 10:11:58 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/15 20:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/15 16:15:47 | 000,000,306 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2011/07/15 12:50:27 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\John Merrett\Desktop\esetsmartinstaller_enu.exe

[2011/07/15 10:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/15 09:51:00 | 000,012,640 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/15 09:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/14 15:27:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/14 15:07:05 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2011/07/14 15:01:10 | 004,151,632 | R--- | M] (Swearware) -- C:\Documents and Settings\John Merrett\Desktop\ComboFix.exe

[2011/07/14 14:46:39 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtezinexil.dat

[2011/07/14 14:46:26 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\John Merrett\Desktop\tdsskiller.zip

[2011/07/14 13:29:50 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/14 13:02:33 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/07/14 13:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/07/14 10:15:40 | 000,302,592 | ---- | M] () -- C:\qmpn4v8n.exe

[2011/07/14 10:10:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John Merrett\Desktop\tmdwsyyb.exe

[2011/07/14 10:09:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sfoguqizevaxik.bin

[2011/07/14 10:04:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Merrett\Desktop\OTL.exe

[2011/07/13 10:46:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/12 22:30:52 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John Merrett\Desktop\TDSSKiller.exe

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/01 09:52:27 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/07/01 09:52:27 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/06/28 13:05:41 | 000,542,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/28 13:05:41 | 000,108,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 15:03:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/14 15:03:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/14 15:03:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/14 15:03:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/14 15:03:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/14 14:46:25 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\John Merrett\Desktop\tdsskiller.zip

[2011/07/14 13:02:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/07/14 10:15:40 | 000,302,592 | ---- | C] () -- C:\qmpn4v8n.exe

[2011/07/14 10:10:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John Merrett\Desktop\tmdwsyyb.exe

[2011/07/13 10:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/12 21:41:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gtezinexil.dat

[2011/07/12 21:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoguqizevaxik.bin

[2011/06/16 15:57:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/02/08 14:00:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/02/08 14:00:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/02/08 14:00:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/02/08 14:00:54 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/02/07 12:11:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\housecall.guid.cache

[2011/02/06 21:10:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2011/01/20 16:49:17 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John Merrett\Application Data\start_pal

[2010/02/28 18:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2010/01/11 16:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/10/22 18:09:19 | 000,000,306 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2009/06/30 21:36:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/08 15:51:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\msmark2.dat.vir

[2009/06/08 14:30:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2009/06/08 12:53:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2009/06/08 12:53:09 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2007/11/17 13:15:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI

[2007/11/15 13:34:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini

[2007/11/15 13:34:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll

[2007/11/15 13:34:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll

[2007/11/15 12:51:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/11/15 12:14:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\John Merrett\Local Settings\Application Data\fusioncache.dat

[2007/11/08 10:27:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/11/07 18:14:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2007/06/29 01:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/29 01:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2007/06/29 01:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/29 01:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2007/06/29 01:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin

[2007/06/29 01:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/29 01:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2007/06/29 01:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/05/23 02:34:18 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007/05/23 02:13:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2007/05/23 02:13:09 | 000,542,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2007/05/23 02:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2007/05/23 02:13:09 | 000,108,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2007/05/23 02:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2007/05/23 02:13:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2007/05/23 02:13:09 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2007/05/23 02:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/05/23 02:13:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2007/05/23 02:13:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2007/05/23 02:13:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2007/05/23 02:13:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2007/05/22 20:09:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/05/22 20:09:21 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/05/22 19:19:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/05/22 19:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/05/22 19:13:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007/05/22 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007/05/22 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007/05/22 19:13:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007/05/22 19:13:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007/05/22 19:13:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini

[2007/05/22 19:13:14 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2011/02/08 19:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/05/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\linnworks

[2011/02/09 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/06/08 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2011/02/08 17:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/24 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support

[2007/09/29 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[2009/06/08 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\dtuser

[2009/06/08 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\pdf995

[2010/03/19 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TeamViewer

[2009/05/24 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Merrett\Application Data\TS Support

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.


    ======Next======
    • Double click on OTL to run it.
    • Click on the Cleanup button at the top.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
    • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.