Infected with win32 zbot g virus and vbs generic virus

Inactive
By andrewT123
Apr 6, 2011
Topic Status:
Not open for further replies.
  1. Recently my avg anti virus picked up numerous win32 zbot g viruses and vbs generic virus. Most of the infected files were temporary internet files. When on the computer avg pops up frequently with warnings about these viruses and the pc is working slower than normal.

    I've followed the preliminary virus and malware removal thread and will post the following logs in my next posts
    •Malwarebytes Anti-Malware log
    •GMER log
    •DDS logs: both DDS.txt and Attach.txt

    Thanks in advance for any help you can give!
  2. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    Malwarebytes Anti-malware log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6281

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/04/2011 21:08:27
    mbam-log-2011-04-05 (21-08-27).txt

    Scan type: Quick scan
    Objects scanned: 148554
    Time elapsed: 12 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\p7za4d (Trojan.Downloader) -> Value: p7za4d -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    GMER log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-05 21:31:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\m52871 ST320082 rev.3.03
    Running: vi6jylmw.exe; Driver: C:\DOCUME~1\Tran\LOCALS~1\Temp\ugldipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xF7436FB2]
    SSDT sptd.sys ZwEnumerateValueKey [0xF7437340]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target0Lun0 86EE91E8
    Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target2Lun0 86EE91E8
    Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target3Lun0 86EE91E8
    Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target1Lun0 86EE91E8
    Device \Driver\m5287 -> DriverStartIo \Device\Scsi\m52871 8706027F
    Device \Driver\m5287 \Device\Scsi\m52871 8715F1E8
    Device \Driver\aib67sp4 \Device\Scsi\aib67sp41 86EE91E8
    Device \FileSystem\Ntfs \Ntfs 8715E1E8
    Device \FileSystem\Fastfat \Fat 86832340

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Device\Scsi\m52871Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST320082&Prod_6AS&Rev_3.03#4&7d6e6d7&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
  4. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    DDS log (DDS.txt)

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Tran at 21:36:38.81 on 05/04/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.293 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Tran\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uDefault_Page_URL = hxxp://www.skybroadband.com
    uInternet Connection Wizard,ShellNext = iexplore
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\gmemhpdl\osvyrpmc.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [553250] c:\docume~1\tran\locals~1\temp\553250.exe
    uRun: [276062] c:\docume~1\tran\locals~1\temp\276062.exe
    uRun: [410750] c:\docume~1\tran\locals~1\temp\410750.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [LaunchApp] Alaunch
    mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
    mRun: [<NO NAME>]
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [MFESuiteSetup] e:\applic~4\mcafee\setup.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [NetDeamon] c:\windows\mfchomeX.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mExplorerRun: [pSzyNfbngt] c:\documents and settings\all users\application data\juhmfmtk\fsdkronk.exe
    StartupFolder: c:\documents and settings\tran\start menu\programs\startup\osvyrpmc.exe
    StartupFolder: c:\docume~1\tran\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\tran\local settings\temp\{f5bcdb64-3c9e-4823-89a5-0cf1a71ad035}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\wireless 802.11g usb adapter\ZDWlan.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?cef21c9d0f154f5dac9e6f7415ff9601
    IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?cef21c9d0f154f5dac9e6f7415ff9601
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxp://register.btinternet.com/templates/btwebcontrol023.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    STS: {09979D4B-37B3-4473-BAF2-41BC787171E9} - No File
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {C91AE67B-E03D-7E97-4EA7-81E2C1041722} - C:\WINDOWS:service.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\tran\applic~1\mozilla\firefox\profiles\1088lkei.default\
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\tran\application data\mozilla\firefox\profiles\1088lkei.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
    FF - Ext: XULRunner: {88A9242A-91FB-4715-8E52-12C324680C95} - c:\documents and settings\tran\local settings\application data\{88A9242A-91FB-4715-8E52-12C324680C95}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-1-1 76544]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 243024]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-1-1 11970]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-23 127768]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-12-5 394952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-1-1 130112]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-9-7 296259]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-1-1 137793]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-1-1 611444]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-1-1 27984]
    S0 sympkwec;sympkwec;c:\windows\system32\drivers\nxqopoh.sys --> c:\windows\system32\drivers\nxqopoh.sys [?]
    S1 ktitkygk;ktitkygk;\??\c:\windows\system32\drivers\ktitkygk.sys --> c:\windows\system32\drivers\ktitkygk.sys [?]
    S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-1-1 14528]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\tran\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\tran\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [1980-1-1 14336]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 pmxscan;USB Flatbed Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2007-12-24 15104]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-7 90536]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-7 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-7 122152]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-7 115496]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-7 25768]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-7 111912]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-7 117672]
    .
    =============== Created Last 30 ================
    .
    2011-04-04 18:05:26 -------- d-----w- c:\program files\gmemhpdl
    2011-03-27 22:59:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
    2011-03-27 00:31:38 -------- d-----w- c:\docume~1\tran\applic~1\SUPERAntiSpyware.com
    2011-03-27 00:31:29 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-26 14:09:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-26 14:09:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-26 02:00:41 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-03-25 00:08:25 -------- d-----w- c:\docume~1\tran\locals~1\applic~1\{88A9242A-91FB-4715-8E52-12C324680C95}
    2011-03-23 20:49:11 -------- d-----w- c:\docume~1\tran\applic~1\.minecraft
    2011-03-15 19:39:14 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2011-03-09 15:14:21 442368 ----a-r- c:\windows\system32\vp6vfw.dll
    .
    ==================== Find3M ====================
    .
    2011-03-26 07:09:02 0 ----a-w- c:\windows\Vyoseweweci.bin
    2011-02-19 22:20:41 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
    2011-02-19 22:20:38 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    1980-01-01 07:00:00 179200 --sh--w- c:\windows\h32globv.exe
    1980-01-01 07:00:00 179200 --sh--w- c:\windows\wshostX.exe
    1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\imastop128.exe
    1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\langhome54.exe
    1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\mshoma.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST320082 rev.3.03 -> Harddisk0\DR0 -> \Device\Scsi\m52871
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87060439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870667d0]; MOV EAX, [0x8706684c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8709CAB8]
    3 CLASSPNP[0xF765BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8709E358]
    \Driver\m5287[0x8712B750] -> IRP_MJ_CREATE -> 0x87060439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
    detected disk devices:
    \Device\Scsi\m52871Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST320082&Prod_6AS&Rev_3.03#4&7d6e6d7&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 21:39:08.42 ===============
  5. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    DDS log (Attach.txt)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/07/2006 02:04:03
    System Uptime: 05/04/2011 21:11:25 (0 hours ago)
    .
    Motherboard: ACER | | ERC410Mÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2997/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 91 GiB total, 32.053 GiB free.
    D: is FIXED (FAT32) - 92 GiB total, 75.414 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM ()
    L: is CDROM ()
    M: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_00851025&REV_13\4&30748A1F&0&A8C8
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_00851025&REV_13\4&30748A1F&0&A8C8
    Service: yukonwxp
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
    Device ID: USB\VID_0846&PID_6A00\001B2F3A63CC
    Manufacturer: NETGEAR Inc.
    Name: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
    PNP Device ID: USB\VID_0846&PID_6A00\001B2F3A63CC
    Service: RTLWUSB
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&1A75BB9&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&1A75BB9&0
    Service: i8042prt
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description:
    Device ID: ROOT\IMAGE\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\IMAGE\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP677: 29/12/2010 01:29:53 - System Checkpoint
    RP678: 30/12/2010 17:49:48 - System Checkpoint
    RP679: 01/01/2011 12:40:43 - System Checkpoint
    RP680: 02/01/2011 18:55:11 - System Checkpoint
    RP681: 04/01/2011 16:14:04 - System Checkpoint
    RP682: 07/01/2011 19:01:50 - System Checkpoint
    RP683: 09/01/2011 12:59:02 - System Checkpoint
    RP684: 10/01/2011 19:21:00 - System Checkpoint
    RP685: 12/01/2011 10:16:35 - System Checkpoint
    RP686: 13/01/2011 16:56:33 - Software Distribution Service 3.0
    RP687: 15/01/2011 22:59:19 - System Checkpoint
    RP688: 17/01/2011 11:28:10 - System Checkpoint
    RP689: 18/01/2011 19:07:36 - System Checkpoint
    RP690: 21/01/2011 16:26:02 - System Checkpoint
    RP691: 22/01/2011 18:53:51 - System Checkpoint
    RP692: 28/01/2011 16:19:21 - System Checkpoint
    RP693: 29/01/2011 19:27:14 - System Checkpoint
    RP694: 01/02/2011 17:21:25 - System Checkpoint
    RP695: 02/02/2011 18:54:54 - System Checkpoint
    RP696: 03/02/2011 18:58:34 - System Checkpoint
    RP697: 04/02/2011 19:00:34 - System Checkpoint
    RP698: 07/02/2011 18:54:05 - System Checkpoint
    RP699: 09/02/2011 18:03:16 - System Checkpoint
    RP700: 10/02/2011 17:11:53 - Software Distribution Service 3.0
    RP701: 13/02/2011 00:56:19 - Installed Battlefield 2(TM)
    RP702: 13/02/2011 06:39:42 - Installed Battlefield 2 Patch v1.41
    RP703: 13/02/2011 12:48:44 - Removed Battlefield 2(TM)
    RP704: 13/02/2011 12:55:26 - Installed Battlefield 2(TM)
    RP705: 16/02/2011 21:16:33 - Software Distribution Service 3.0
    RP706: 19/02/2011 20:37:53 - System Checkpoint
    RP707: 21/02/2011 13:43:38 - System Checkpoint
    RP708: 23/02/2011 09:57:00 - System Checkpoint
    RP709: 26/02/2011 21:34:06 - System Checkpoint
    RP710: 27/02/2011 21:43:43 - System Checkpoint
    RP711: 04/03/2011 17:47:24 - System Checkpoint
    RP712: 05/03/2011 13:39:36 - Software Distribution Service 3.0
    RP713: 07/03/2011 23:42:32 - System Checkpoint
    RP714: 09/03/2011 08:00:49 - Removed Battlefield 2(TM)
    RP715: 10/03/2011 16:57:02 - Software Distribution Service 3.0
    RP716: 11/03/2011 17:21:16 - System Checkpoint
    RP717: 14/03/2011 09:08:17 - System Checkpoint
    RP718: 15/03/2011 15:38:41 - Avg Update
    RP719: 15/03/2011 19:39:00 - Avg Update
    RP720: 18/03/2011 10:42:00 - System Checkpoint
    RP721: 19/03/2011 12:36:43 - System Checkpoint
    RP722: 21/03/2011 11:48:03 - System Checkpoint
    RP723: 24/03/2011 16:56:54 - Software Distribution Service 3.0
    RP724: 26/03/2011 05:42:08 - System Checkpoint
    RP725: 26/03/2011 23:35:36 - Restore Operation
    RP726: 27/03/2011 00:21:07 - Restore Operation
    RP727: 27/03/2011 00:26:03 - Restore Operation
    RP728: 29/03/2011 15:55:04 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11
    Agere Systems PCI Soft Modem
    ATI Display Driver
    AutoUpdate
    AVG Free 9.0
    Combat Arms EU
    DivX Codec
    DivX Converter
    DivX Version Checker
    EA AutoPatch
    FlatBed Scanner
    Free YouTube to MP3 Converter version 3.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart Essential 2.01
    HP Solution Center 9.0
    Java(TM) 6 Update 17
    LUNA Plus v1.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.16)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NETGEAR WG111v2 wireless USB 2.0 adapter
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Rome - Total War
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype Toolbars
    Skype™ 5.0
    Spelling Dictionaries Support For Adobe Reader 9
    SUPERAntiSpyware
    System Requirements Lab
    System Requirements Lab CYRI
    The Sims 2
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    VC80CRTRedist - 8.0.50727.762
    Windows Essentials Media Codec Pack 2.3c
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless 802.11g USB Adapter
    XML Paper Specification Shared Components Pack 1.0
    ZoneAlarm
    ZoneAlarm Spy Blocker
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/03/2011 21:28:24, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    31/03/2011 21:28:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    31/03/2011 21:28:24, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    31/03/2011 21:28:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
    31/03/2011 21:28:23, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    31/03/2011 21:28:23, error: Service Control Manager [7000] - The Hauppauge WinTV 88x TS Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    31/03/2011 21:20:37, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    30/03/2011 17:09:27, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    30/03/2011 17:09:17, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    30/03/2011 17:08:13, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    30/03/2011 17:08:10, error: Service Control Manager [7034] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
    30/03/2011 17:07:52, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    29/03/2011 19:56:53, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
    05/04/2011 19:25:13, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001B2F3A63CC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    05/04/2011 09:35:15, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    05/04/2011 09:34:45, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    04/04/2011 23:15:57, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    04/04/2011 23:15:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
    04/04/2011 23:15:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    04/04/2011 23:15:53, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    04/04/2011 23:15:53, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    04/04/2011 23:15:52, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    04/04/2011 23:14:38, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    04/04/2011 23:14:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
    04/04/2011 19:29:06, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    Thanks for the reply,
    Heres the TDDS log you requested

    2011/04/07 17:43:33.0829 1116 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/07 17:43:35.0845 1116 ================================================================================
    2011/04/07 17:43:35.0845 1116 SystemInfo:
    2011/04/07 17:43:35.0845 1116
    2011/04/07 17:43:35.0845 1116 OS Version: 5.1.2600 ServicePack: 3.0
    2011/04/07 17:43:35.0845 1116 Product type: Workstation
    2011/04/07 17:43:35.0845 1116 ComputerName: HOME
    2011/04/07 17:43:35.0845 1116 UserName: Tran
    2011/04/07 17:43:35.0845 1116 Windows directory: C:\WINDOWS
    2011/04/07 17:43:35.0845 1116 System windows directory: C:\WINDOWS
    2011/04/07 17:43:35.0845 1116 Processor architecture: Intel x86
    2011/04/07 17:43:35.0845 1116 Number of processors: 2
    2011/04/07 17:43:35.0845 1116 Page size: 0x1000
    2011/04/07 17:43:35.0845 1116 Boot type: Normal boot
    2011/04/07 17:43:35.0845 1116 ================================================================================
    2011/04/07 17:43:37.0095 1116 Initialize success
    2011/04/07 17:43:41.0376 4804 ================================================================================
    2011/04/07 17:43:41.0376 4804 Scan started
    2011/04/07 17:43:41.0376 4804 Mode: Manual;
    2011/04/07 17:43:41.0376 4804 ================================================================================
    2011/04/07 17:43:43.0157 4804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/07 17:43:43.0204 4804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/04/07 17:43:43.0423 4804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/07 17:43:43.0470 4804 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/04/07 17:43:43.0548 4804 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/07 17:43:43.0813 4804 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/04/07 17:43:44.0017 4804 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/04/07 17:43:44.0110 4804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/04/07 17:43:44.0282 4804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/07 17:43:44.0360 4804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/07 17:43:44.0657 4804 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/04/07 17:43:44.0923 4804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/07 17:43:44.0985 4804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/07 17:43:45.0110 4804 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
    2011/04/07 17:43:45.0298 4804 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
    2011/04/07 17:43:45.0407 4804 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
    2011/04/07 17:43:45.0626 4804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/07 17:43:45.0720 4804 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2011/04/07 17:43:45.0782 4804 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2011/04/07 17:43:45.0860 4804 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    2011/04/07 17:43:45.0923 4804 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2011/04/07 17:43:45.0970 4804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/07 17:43:46.0032 4804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/04/07 17:43:46.0095 4804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/07 17:43:46.0142 4804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/07 17:43:46.0188 4804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/04/07 17:43:46.0829 4804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/07 17:43:46.0923 4804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/07 17:43:47.0220 4804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/07 17:43:47.0282 4804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/07 17:43:47.0313 4804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/07 17:43:47.0423 4804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/07 17:43:47.0642 4804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/07 17:43:47.0704 4804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/04/07 17:43:47.0735 4804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/07 17:43:47.0767 4804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/04/07 17:43:47.0860 4804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/04/07 17:43:48.0188 4804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/07 17:43:48.0313 4804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/07 17:43:48.0376 4804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/07 17:43:48.0454 4804 HCW88AUD (4ab4824d825d704c460bae9abc991beb) C:\WINDOWS\system32\drivers\hcw88aud.sys
    2011/04/07 17:43:48.0485 4804 HCW88BDA (f8ac6d8cba0b8e6b0853a62efef5ad77) C:\WINDOWS\system32\drivers\hcw88bda.sys
    2011/04/07 17:43:48.0548 4804 hcw88ts (14d12d8062c63f15ef5679dee344b644) C:\WINDOWS\system32\drivers\hcw88ts.sys
    2011/04/07 17:43:48.0595 4804 HCW88TSE (c6beab66dc3d80fb18a312916f7a832b) C:\WINDOWS\system32\drivers\hcw88tse.sys
    2011/04/07 17:43:48.0704 4804 HCW88TUNE (c84170a30cfe6aa8ecc9ab455bef2e8e) C:\WINDOWS\system32\drivers\hcw88tun.sys
    2011/04/07 17:43:48.0923 4804 hcw88vid (2bb97297023f2b5d68026eaf09eb5360) C:\WINDOWS\system32\drivers\hcw88vid.sys
    2011/04/07 17:43:49.0001 4804 HCW88XBAR (01ee0e4e3d3e8f45b6539b89e7136d96) C:\WINDOWS\system32\drivers\HCW88BAR.sys
    2011/04/07 17:43:49.0063 4804 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/04/07 17:43:49.0392 4804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/04/07 17:43:49.0501 4804 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
    2011/04/07 17:43:49.0579 4804 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/04/07 17:43:49.0704 4804 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/04/07 17:43:49.0767 4804 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/04/07 17:43:49.0829 4804 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/04/07 17:43:49.0876 4804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/07 17:43:50.0017 4804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/04/07 17:43:50.0110 4804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/04/07 17:43:50.0235 4804 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\Acer\eRecovery\int15.sys
    2011/04/07 17:43:50.0392 4804 IntcAzAudAddService (8e7d41d71d4e174f96d0be45f6b9e2ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/04/07 17:43:50.0704 4804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/04/07 17:43:50.0751 4804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/04/07 17:43:50.0798 4804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/07 17:43:50.0860 4804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/07 17:43:51.0048 4804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/07 17:43:51.0204 4804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/07 17:43:51.0251 4804 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
    2011/04/07 17:43:51.0298 4804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/07 17:43:51.0360 4804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/07 17:43:51.0423 4804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/07 17:43:51.0470 4804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/04/07 17:43:51.0532 4804 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
    2011/04/07 17:43:51.0595 4804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/07 17:43:51.0642 4804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/07 17:43:51.0892 4804 m5287 (22a5254af0de96651f27b09cdf8aa14e) C:\WINDOWS\system32\drivers\m5287.sys
    2011/04/07 17:43:52.0063 4804 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/04/07 17:43:52.0126 4804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/07 17:43:52.0173 4804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/07 17:43:52.0220 4804 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/04/07 17:43:52.0423 4804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/07 17:43:52.0501 4804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/04/07 17:43:52.0657 4804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/07 17:43:52.0751 4804 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/04/07 17:43:52.0923 4804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/07 17:43:52.0985 4804 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/07 17:43:53.0173 4804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/07 17:43:53.0235 4804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/07 17:43:53.0267 4804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/07 17:43:53.0329 4804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/07 17:43:53.0392 4804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/07 17:43:53.0423 4804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/04/07 17:43:53.0501 4804 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/07 17:43:53.0548 4804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/04/07 17:43:53.0595 4804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/07 17:43:53.0657 4804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/04/07 17:43:53.0688 4804 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/07 17:43:53.0735 4804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/07 17:43:53.0845 4804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/07 17:43:53.0892 4804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/07 17:43:54.0267 4804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/07 17:43:54.0470 4804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/07 17:43:54.0642 4804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/04/07 17:43:54.0876 4804 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2011/04/07 17:43:55.0032 4804 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2011/04/07 17:43:55.0095 4804 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
    2011/04/07 17:43:55.0282 4804 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2011/04/07 17:43:55.0360 4804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/07 17:43:55.0423 4804 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
    2011/04/07 17:43:55.0548 4804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/07 17:43:55.0735 4804 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    2011/04/07 17:43:55.0798 4804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/07 17:43:56.0251 4804 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/04/07 17:43:56.0938 4804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/07 17:43:56.0954 4804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/07 17:43:57.0032 4804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/04/07 17:43:57.0095 4804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/04/07 17:43:57.0126 4804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/07 17:43:57.0188 4804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/07 17:43:57.0251 4804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/07 17:43:57.0376 4804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/04/07 17:43:57.0657 4804 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/07 17:43:57.0767 4804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/07 17:43:57.0829 4804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/07 17:43:57.0860 4804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/07 17:43:57.0923 4804 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/04/07 17:43:58.0110 4804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/07 17:43:58.0188 4804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/07 17:43:58.0235 4804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/07 17:43:58.0282 4804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/07 17:43:58.0345 4804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/07 17:43:58.0376 4804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/07 17:43:58.0438 4804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/04/07 17:43:58.0501 4804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/07 17:43:58.0548 4804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/04/07 17:43:58.0626 4804 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2011/04/07 17:43:58.0673 4804 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/04/07 17:43:58.0767 4804 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
    2011/04/07 17:43:58.0845 4804 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
    2011/04/07 17:43:58.0907 4804 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
    2011/04/07 17:43:59.0048 4804 s0017mdm (aa689c79d62caf565357520cae065f17) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
    2011/04/07 17:43:59.0095 4804 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
    2011/04/07 17:43:59.0142 4804 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
    2011/04/07 17:43:59.0173 4804 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
    2011/04/07 17:43:59.0220 4804 s0017unic (0c970a53fc43815e948628442f8983ad) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
    2011/04/07 17:43:59.0329 4804 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/04/07 17:43:59.0360 4804 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/04/07 17:43:59.0595 4804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/07 17:43:59.0673 4804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/04/07 17:43:59.0704 4804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/04/07 17:43:59.0829 4804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/07 17:43:59.0907 4804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/04/07 17:44:00.0017 4804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/07 17:44:00.0110 4804 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/04/07 17:44:00.0110 4804 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
    2011/04/07 17:44:00.0126 4804 sptd - detected Locked file (1)
    2011/04/07 17:44:00.0173 4804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/07 17:44:00.0251 4804 srescan (bda0ecc7cba1d3b9fd7ff2881bf9b463) C:\WINDOWS\system32\ZoneLabs\srescan.sys
    2011/04/07 17:44:00.0345 4804 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/07 17:44:00.0438 4804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/04/07 17:44:00.0485 4804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/07 17:44:00.0517 4804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/07 17:44:00.0782 4804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/07 17:44:00.0876 4804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/07 17:44:00.0938 4804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/07 17:44:00.0970 4804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/07 17:44:01.0001 4804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/07 17:44:01.0095 4804 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
    2011/04/07 17:44:01.0173 4804 tosporte (150cfd8e7ed945f71600b41ff29f16fa) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    2011/04/07 17:44:01.0220 4804 Tosrfbd (cbc4f88c50b6e7ceba8af5aaa48dcdf8) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    2011/04/07 17:44:01.0251 4804 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    2011/04/07 17:44:01.0298 4804 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    2011/04/07 17:44:01.0345 4804 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    2011/04/07 17:44:01.0392 4804 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    2011/04/07 17:44:01.0423 4804 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
    2011/04/07 17:44:01.0485 4804 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    2011/04/07 17:44:01.0548 4804 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    2011/04/07 17:44:01.0610 4804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/07 17:44:01.0704 4804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/07 17:44:01.0798 4804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/07 17:44:01.0845 4804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/07 17:44:01.0892 4804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/07 17:44:01.0938 4804 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/04/07 17:44:02.0001 4804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/04/07 17:44:02.0079 4804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/07 17:44:02.0126 4804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/07 17:44:02.0173 4804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/07 17:44:02.0251 4804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/07 17:44:02.0313 4804 vsdatant (279761ad6562c0d4309cb1bbb260233f) C:\WINDOWS\system32\vsdatant.sys
    2011/04/07 17:44:02.0470 4804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/07 17:44:02.0563 4804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/07 17:44:02.0720 4804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/04/07 17:44:02.0985 4804 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    2011/04/07 17:44:03.0063 4804 ZD1211U(ZyDAS) (748ebbf816261873307695d02989e78a) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
    2011/04/07 17:44:03.0126 4804 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
    2011/04/07 17:44:03.0282 4804 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/07 17:44:03.0298 4804 ================================================================================
    2011/04/07 17:44:03.0298 4804 Scan finished
    2011/04/07 17:44:03.0298 4804 ================================================================================
    2011/04/07 17:44:03.0329 4816 Detected object count: 2
    2011/04/07 17:44:13.0220 4816 Locked file(sptd) - User select action: Skip
    2011/04/07 17:44:13.0267 4816 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/07 17:44:13.0267 4816 \HardDisk0 - ok
    2011/04/07 17:44:13.0267 4816 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/07 17:44:16.0954 4860 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Good job :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    As I'm typing this my avg has picked more VBS/generic viruses in my temporary internet files.

    I had a problem with MBRcheck as when i ran it, a few seconds later it would close saying "MBRCheck.exe has encountered a problem and needs to close. (I disabled AVG before I ran MBRCheck)
    I redownloaded it again from your link however I keep having the same problem.
    It did manage to produce a log which I'm unsure is incomplete or not. I haven't started the combofix process yet since I came on to tell you this problem.

    Here's the log MBRCheck produced

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00001ffc

    Kernel Drivers (total 147):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xF7B1B000 \WINDOWS\system32\KDCOM.DLL
    0xF7A2B000 \WINDOWS\system32\BOOTVID.dll
    0xF7430000 sptd.sys
    0xF7B1D000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF7418000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF73EA000 ACPI.sys
    0xF73D9000 pci.sys
    0xF761B000 isapnp.sys
    0xF7B1F000 aliide.sys
    0xF789B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF762B000 MountMgr.sys
    0xF73BA000 ftdisk.sys
    0xF7B21000 dmload.sys
    0xF7394000 dmio.sys
    0xF78A3000 PartMgr.sys
    0xF763B000 VolSnap.sys
    0xF737C000 atapi.sys
    0xF7369000 m5287.sys
    0xF764B000 disk.sys
    0xF765B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7349000 fltmgr.sys
    0xF7337000 sr.sys
    0xF766B000 PxHelp20.sys
    0xF7320000 KSecDD.sys
    0xF7293000 Ntfs.sys
    0xF7266000 NDIS.sys
    0xF7252000 srescan.sys
    0xF767B000 ohci1394.sys
    0xF768B000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7238000 Mup.sys
    0xF76FB000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6022000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF5832000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF581E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF57A4000 \SystemRoot\system32\drivers\hcw88vid.sys
    0xF6012000 \SystemRoot\system32\drivers\STREAM.SYS
    0xF5781000 \SystemRoot\system32\drivers\ks.sys
    0xF7AF3000 \SystemRoot\system32\drivers\hcw88aud.sys
    0xF5738000 \SystemRoot\system32\drivers\hcw88tse.sys
    0xF5602000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF79BB000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF79C3000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF55DE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF79CB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF55B6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF79D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF5FF2000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7AFF000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF55A2000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF5FE2000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7B03000 \SystemRoot\System32\Drivers\UBHelper.SYS
    0xF5FD2000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF5FC2000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7B63000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0xF553B000 \SystemRoot\System32\Drivers\akjdq82x.SYS
    0xF6D2A000 \SystemRoot\System32\Drivers\tosrfcom.sys
    0xF7D39000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7B6B000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF6D1A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF71CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5318000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF6CEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF6CDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7963000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5307000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF6CCA000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7903000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF47C4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF773B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7973000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B7B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF46C6000 \SystemRoot\system32\DRIVERS\update.sys
    0xF6A2A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF6CFA000 \SystemRoot\system32\DRIVERS\tosporte.sys
    0xF775B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF79FB000 \SystemRoot\system32\drivers\HCW88BAR.sys
    0xEFC39000 \SystemRoot\system32\drivers\hcw88tun.sys
    0xEFC15000 \SystemRoot\system32\drivers\hcw88bda.sys
    0xF4EBF000 \SystemRoot\system32\drivers\BdaSup.SYS
    0xF4EB3000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF1FB3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7BA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xEF04C000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xEF028000 \SystemRoot\system32\drivers\portcls.sys
    0xF1F33000 \SystemRoot\system32\drivers\drmk.sys
    0xED1D2000 \SystemRoot\system32\DRIVERS\klif.sys
    0xF7BCF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xED1FA000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7BD1000 \SystemRoot\System32\Drivers\Beep.SYS
    0xED395000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xEDE6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xEDE62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xED9D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xEEFC8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xEDE5A000 \SystemRoot\System32\drivers\vga.sys
    0xF7B29000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xEDE52000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF78E3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xED9CE000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xECDC1000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xECD68000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xECD2E000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xEEFB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEEFA8000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xECCF2000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xECC92000 \SystemRoot\System32\vsdatant.sys
    0xECC20000 \SystemRoot\System32\drivers\afd.sys
    0xECBF7000 \SystemRoot\system32\DRIVERS\wg111v2.sys
    0xF6002000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xECB35000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF24EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF24DC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xECB0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xECA9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF252C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xED745000 \SystemRoot\System32\Drivers\Fips.SYS
    0xED0AD000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xEFC11000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xECA66000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xEB2FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xED0C2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xEB2EC000 \SystemRoot\System32\Drivers\dump_m5287.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xED2C5000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF79E3000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xED0DC000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBD5A6000 \SystemRoot\System32\ATMFD.DLL
    0xECC42000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xEB323000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB80F8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB80BB000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF1FA3000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB800C000 \??\C:\Program Files\Acer\eRecovery\int15.sys
    0xB7DAA000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB7E2A000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xECFC8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF7B91000 \SystemRoot\system32\drivers\MSPQM.sys
    0xB749E000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB66A2000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools\daemon.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    708 C:\WINDOWS\system32\smss.exe
    776 C:\WINDOWS\system32\csrss.exe
    804 C:\WINDOWS\system32\winlogon.exe
    848 C:\WINDOWS\system32\services.exe
    868 C:\WINDOWS\system32\lsass.exe
    1040 C:\WINDOWS\system32\nvsvc32.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1156 C:\WINDOWS\system32\svchost.exe
    1196 C:\WINDOWS\system32\svchost.exe
    1288 C:\WINDOWS\system32\svchost.exe
    1336 C:\WINDOWS\system32\svchost.exe
    1412 C:\Program Files\AVG\AVG9\avgchsvx.exe
    1420 C:\Program Files\AVG\AVG9\avgrsx.exe
    1492 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1876 C:\WINDOWS\explorer.exe
    1996 C:\Program Files\Internet Explorer\iexplore.exe
    2044 C:\Program Files\Internet Explorer\iexplore.exe
    188 C:\Program Files\Internet Explorer\iexplore.exe
    756 C:\WINDOWS\system32\spoolsv.exe
    1224 C:\WINDOWS\system32\svchost.exe
    1296 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    1708 C:\WINDOWS\system32\svchost.exe
    1792 C:\WINDOWS\ehome\ehRecvr.exe
    1856 C:\WINDOWS\ehome\ehSched.exe
    1924 C:\WINDOWS\system32\svchost.exe
    2040 C:\Program Files\Java\jre6\bin\jqs.exe
    2200 C:\WINDOWS\system32\svchost.exe
    2248 C:\WINDOWS\system32\svchost.exe
    2336 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2556 C:\WINDOWS\system32\svchost.exe
    2616 C:\Program Files\AVG\AVG9\avgnsx.exe
    3060 C:\WINDOWS\ehome\ehtray.exe
    3212 C:\WINDOWS\RTHDCPL.EXE
    3320 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    3520 C:\Program Files\acer\eRecovery\Monitor.exe
    3540 C:\WINDOWS\AGRSMMSG.exe
    3568 C:\WINDOWS\system32\rundll32.exe
    3660 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3716 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3724 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    3912 C:\WINDOWS\system32\rundll32.exe
    3928 C:\Program Files\Java\jre6\bin\jusched.exe
    3956 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    1092 C:\WINDOWS\system32\dllhost.exe
    2548 C:\WINDOWS\system32\ctfmon.exe
    1448 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1440 C:\WINDOWS\ehome\ehmsas.exe
    3548 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3592 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3604 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    3084 C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    3028 C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
    3304 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    3384 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    1992 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    2568 C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    1712 C:\WINDOWS\system32\svchost.exe
    2764 C:\Program Files\Java\jre6\bin\jucheck.exe
    2684 C:\Program Files\Mozilla Firefox\firefox.exe
    4364 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4008 C:\Documents and Settings\Tran\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`fa08fc00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`a7c0fe00 (FAT32)

    PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0
  10. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Go ahead with Combofix.
  11. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    This is Andrews friend after Andrew ran combofix, combofix said it would reboot PC however when the computer boots up it comes up with black screen asking whether to boot up with xp media edition or recovery console? it automatically boots with windows xp however when the windows xp screen comes up and begins to load it then displays blue screen with white texts and restarts again.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Did you try "Last known good configuration"?

    If so.....

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
  13. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    My friend Andrews optical drive in PC is broken, is it possible to boot up that CD from an external usb optical drive?
  14. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You'll need to check, if BIOS allows it.
  15. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    I dont think my BIOS will allow me to boot from an external USB optical drive as I have tried in the past, I will however try again anyway with the instructions you gave me.
    I also tried "last known good configuration" which just gave the same results that my friend posted for me yesterday

    If I am not able to boot up from my external optical drive, what would you advise next?
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Select recovery console.

    [...]

    3. You'll find yourself at this screen:

    [​IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9


    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.
  17. andrewT123

    andrewT123 Newcomer, in training Topic Starter

    Thanks for your help but since this PC is 6 years old, we've decided to replace the pc since it doesn't seem worth the effort anymore to try and fix this one.
    I greatly appreciate all the help you given me.
    Keep up the great work :)
  18. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Not a problem.
    Thank you for letting me know :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.