Inactive Infected with win32 zbot g virus and vbs generic virus

Status
Not open for further replies.
A

andrewT123

Posts: 11   +0
Recently my avg anti virus picked up numerous win32 zbot g viruses and vbs generic virus. Most of the infected files were temporary internet files. When on the computer avg pops up frequently with warnings about these viruses and the pc is working slower than normal.

I've followed the preliminary virus and malware removal thread and will post the following logs in my next posts
•Malwarebytes Anti-Malware log
•GMER log
•DDS logs: both DDS.txt and Attach.txt

Thanks in advance for any help you can give!
 
Malwarebytes Anti-malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6281

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/04/2011 21:08:27
mbam-log-2011-04-05 (21-08-27).txt

Scan type: Quick scan
Objects scanned: 148554
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\p7za4d (Trojan.Downloader) -> Value: p7za4d -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\mav.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-05 21:31:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\m52871 ST320082 rev.3.03
Running: vi6jylmw.exe; Driver: C:\DOCUME~1\Tran\LOCALS~1\Temp\ugldipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7436FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7437340]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7385B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target0Lun0 86EE91E8
Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target2Lun0 86EE91E8
Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target3Lun0 86EE91E8
Device \Driver\aib67sp4 \Device\Scsi\aib67sp41Port3Path0Target1Lun0 86EE91E8
Device \Driver\m5287 -> DriverStartIo \Device\Scsi\m52871 8706027F
Device \Driver\m5287 \Device\Scsi\m52871 8715F1E8
Device \Driver\aib67sp4 \Device\Scsi\aib67sp41 86EE91E8
Device \FileSystem\Ntfs \Ntfs 8715E1E8
Device \FileSystem\Fastfat \Fat 86832340

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Device\Scsi\m52871Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST320082&Prod_6AS&Rev_3.03#4&7d6e6d7&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS log (DDS.txt)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tran at 21:36:38.81 on 05/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.293 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tran\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.skybroadband.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\gmemhpdl\osvyrpmc.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [553250] c:\docume~1\tran\locals~1\temp\553250.exe
uRun: [276062] c:\docume~1\tran\locals~1\temp\276062.exe
uRun: [410750] c:\docume~1\tran\locals~1\temp\410750.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchApp] Alaunch
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [<NO NAME>]
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MFESuiteSetup] e:\applic~4\mcafee\setup.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NetDeamon] c:\windows\mfchomeX.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mExplorerRun: [pSzyNfbngt] c:\documents and settings\all users\application data\juhmfmtk\fsdkronk.exe
StartupFolder: c:\documents and settings\tran\start menu\programs\startup\osvyrpmc.exe
StartupFolder: c:\docume~1\tran\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\tran\local settings\temp\{f5bcdb64-3c9e-4823-89a5-0cf1a71ad035}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\wireless 802.11g usb adapter\ZDWlan.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?cef21c9d0f154f5dac9e6f7415ff9601
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?cef21c9d0f154f5dac9e6f7415ff9601
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxp://register.btinternet.com/templates/btwebcontrol023.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
STS: {09979D4B-37B3-4473-BAF2-41BC787171E9} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {C91AE67B-E03D-7E97-4EA7-81E2C1041722} - C:\WINDOWS:service.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tran\applic~1\mozilla\firefox\profiles\1088lkei.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tran\application data\mozilla\firefox\profiles\1088lkei.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: XULRunner: {88A9242A-91FB-4715-8E52-12C324680C95} - c:\documents and settings\tran\local settings\application data\{88A9242A-91FB-4715-8E52-12C324680C95}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
============= SERVICES / DRIVERS ===============
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-1-1 76544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 243024]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-1-1 11970]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-23 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-12-5 394952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-1-1 130112]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-9-7 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-1-1 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-1-1 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-1-1 27984]
S0 sympkwec;sympkwec;c:\windows\system32\drivers\nxqopoh.sys --> c:\windows\system32\drivers\nxqopoh.sys [?]
S1 ktitkygk;ktitkygk;\??\c:\windows\system32\drivers\ktitkygk.sys --> c:\windows\system32\drivers\ktitkygk.sys [?]
S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-1-1 14528]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\tran\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\tran\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [1980-1-1 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pmxscan;USB Flatbed Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2007-12-24 15104]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-7 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-7 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-7 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-7 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-7 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-7 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-7 117672]
.
=============== Created Last 30 ================
.
2011-04-04 18:05:26 -------- d-----w- c:\program files\gmemhpdl
2011-03-27 22:59:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2011-03-27 00:31:38 -------- d-----w- c:\docume~1\tran\applic~1\SUPERAntiSpyware.com
2011-03-27 00:31:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-26 14:09:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 14:09:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-26 02:00:41 -------- d-----w- c:\windows\system32\MpEngineStore
2011-03-25 00:08:25 -------- d-----w- c:\docume~1\tran\locals~1\applic~1\{88A9242A-91FB-4715-8E52-12C324680C95}
2011-03-23 20:49:11 -------- d-----w- c:\docume~1\tran\applic~1\.minecraft
2011-03-15 19:39:14 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-09 15:14:21 442368 ----a-r- c:\windows\system32\vp6vfw.dll
.
==================== Find3M ====================
.
2011-03-26 07:09:02 0 ----a-w- c:\windows\Vyoseweweci.bin
2011-02-19 22:20:41 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-02-19 22:20:38 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
1980-01-01 07:00:00 179200 --sh--w- c:\windows\h32globv.exe
1980-01-01 07:00:00 179200 --sh--w- c:\windows\wshostX.exe
1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\imastop128.exe
1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\langhome54.exe
1980-01-01 07:00:00 179200 --sh--w- c:\windows\system32\mshoma.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST320082 rev.3.03 -> Harddisk0\DR0 -> \Device\Scsi\m52871
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87060439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870667d0]; MOV EAX, [0x8706684c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8709CAB8]
3 CLASSPNP[0xF765BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8709E358]
\Driver\m5287[0x8712B750] -> IRP_MJ_CREATE -> 0x87060439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\Scsi\m52871Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST320082&Prod_6AS&Rev_3.03#4&7d6e6d7&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:39:08.42 ===============
 
DDS log (Attach.txt)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/07/2006 02:04:03
System Uptime: 05/04/2011 21:11:25 (0 hours ago)
.
Motherboard: ACER | | ERC410Mÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2997/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 91 GiB total, 32.053 GiB free.
D: is FIXED (FAT32) - 92 GiB total, 75.414 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_00851025&REV_13\4&30748A1F&0&A8C8
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_00851025&REV_13\4&30748A1F&0&A8C8
Service: yukonwxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
Device ID: USB\VID_0846&PID_6A00\001B2F3A63CC
Manufacturer: NETGEAR Inc.
Name: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
PNP Device ID: USB\VID_0846&PID_6A00\001B2F3A63CC
Service: RTLWUSB
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1A75BB9&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1A75BB9&0
Service: i8042prt
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\IMAGE\0000
Service:
.
==== System Restore Points ===================
.
RP677: 29/12/2010 01:29:53 - System Checkpoint
RP678: 30/12/2010 17:49:48 - System Checkpoint
RP679: 01/01/2011 12:40:43 - System Checkpoint
RP680: 02/01/2011 18:55:11 - System Checkpoint
RP681: 04/01/2011 16:14:04 - System Checkpoint
RP682: 07/01/2011 19:01:50 - System Checkpoint
RP683: 09/01/2011 12:59:02 - System Checkpoint
RP684: 10/01/2011 19:21:00 - System Checkpoint
RP685: 12/01/2011 10:16:35 - System Checkpoint
RP686: 13/01/2011 16:56:33 - Software Distribution Service 3.0
RP687: 15/01/2011 22:59:19 - System Checkpoint
RP688: 17/01/2011 11:28:10 - System Checkpoint
RP689: 18/01/2011 19:07:36 - System Checkpoint
RP690: 21/01/2011 16:26:02 - System Checkpoint
RP691: 22/01/2011 18:53:51 - System Checkpoint
RP692: 28/01/2011 16:19:21 - System Checkpoint
RP693: 29/01/2011 19:27:14 - System Checkpoint
RP694: 01/02/2011 17:21:25 - System Checkpoint
RP695: 02/02/2011 18:54:54 - System Checkpoint
RP696: 03/02/2011 18:58:34 - System Checkpoint
RP697: 04/02/2011 19:00:34 - System Checkpoint
RP698: 07/02/2011 18:54:05 - System Checkpoint
RP699: 09/02/2011 18:03:16 - System Checkpoint
RP700: 10/02/2011 17:11:53 - Software Distribution Service 3.0
RP701: 13/02/2011 00:56:19 - Installed Battlefield 2(TM)
RP702: 13/02/2011 06:39:42 - Installed Battlefield 2 Patch v1.41
RP703: 13/02/2011 12:48:44 - Removed Battlefield 2(TM)
RP704: 13/02/2011 12:55:26 - Installed Battlefield 2(TM)
RP705: 16/02/2011 21:16:33 - Software Distribution Service 3.0
RP706: 19/02/2011 20:37:53 - System Checkpoint
RP707: 21/02/2011 13:43:38 - System Checkpoint
RP708: 23/02/2011 09:57:00 - System Checkpoint
RP709: 26/02/2011 21:34:06 - System Checkpoint
RP710: 27/02/2011 21:43:43 - System Checkpoint
RP711: 04/03/2011 17:47:24 - System Checkpoint
RP712: 05/03/2011 13:39:36 - Software Distribution Service 3.0
RP713: 07/03/2011 23:42:32 - System Checkpoint
RP714: 09/03/2011 08:00:49 - Removed Battlefield 2(TM)
RP715: 10/03/2011 16:57:02 - Software Distribution Service 3.0
RP716: 11/03/2011 17:21:16 - System Checkpoint
RP717: 14/03/2011 09:08:17 - System Checkpoint
RP718: 15/03/2011 15:38:41 - Avg Update
RP719: 15/03/2011 19:39:00 - Avg Update
RP720: 18/03/2011 10:42:00 - System Checkpoint
RP721: 19/03/2011 12:36:43 - System Checkpoint
RP722: 21/03/2011 11:48:03 - System Checkpoint
RP723: 24/03/2011 16:56:54 - Software Distribution Service 3.0
RP724: 26/03/2011 05:42:08 - System Checkpoint
RP725: 26/03/2011 23:35:36 - Restore Operation
RP726: 27/03/2011 00:21:07 - Restore Operation
RP727: 27/03/2011 00:26:03 - Restore Operation
RP728: 29/03/2011 15:55:04 - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
ATI Display Driver
AutoUpdate
AVG Free 9.0
Combat Arms EU
DivX Codec
DivX Converter
DivX Version Checker
EA AutoPatch
FlatBed Scanner
Free YouTube to MP3 Converter version 3.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart Essential 2.01
HP Solution Center 9.0
Java(TM) 6 Update 17
LUNA Plus v1.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v2 wireless USB 2.0 adapter
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
NVIDIA nView Desktop Manager
Rome - Total War
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.0
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab CYRI
The Sims 2
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VC80CRTRedist - 8.0.50727.762
Windows Essentials Media Codec Pack 2.3c
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Wireless 802.11g USB Adapter
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
31/03/2011 21:28:24, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
31/03/2011 21:28:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
31/03/2011 21:28:24, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/03/2011 21:28:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
31/03/2011 21:28:23, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/03/2011 21:28:23, error: Service Control Manager [7000] - The Hauppauge WinTV 88x TS Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
31/03/2011 21:20:37, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
30/03/2011 17:09:27, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2011 17:09:17, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
30/03/2011 17:08:13, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2011 17:08:10, error: Service Control Manager [7034] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
30/03/2011 17:07:52, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
29/03/2011 19:56:53, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 19:25:13, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001B2F3A63CC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
05/04/2011 09:35:15, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
05/04/2011 09:34:45, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2011 23:15:57, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
04/04/2011 23:15:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
04/04/2011 23:15:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
04/04/2011 23:15:53, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
04/04/2011 23:15:53, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
04/04/2011 23:15:52, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
04/04/2011 23:14:38, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
04/04/2011 23:14:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
04/04/2011 19:29:06, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thanks for the reply,
Heres the TDDS log you requested

2011/04/07 17:43:33.0829 1116 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 17:43:35.0845 1116 ================================================================================
2011/04/07 17:43:35.0845 1116 SystemInfo:
2011/04/07 17:43:35.0845 1116
2011/04/07 17:43:35.0845 1116 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/07 17:43:35.0845 1116 Product type: Workstation
2011/04/07 17:43:35.0845 1116 ComputerName: HOME
2011/04/07 17:43:35.0845 1116 UserName: Tran
2011/04/07 17:43:35.0845 1116 Windows directory: C:\WINDOWS
2011/04/07 17:43:35.0845 1116 System windows directory: C:\WINDOWS
2011/04/07 17:43:35.0845 1116 Processor architecture: Intel x86
2011/04/07 17:43:35.0845 1116 Number of processors: 2
2011/04/07 17:43:35.0845 1116 Page size: 0x1000
2011/04/07 17:43:35.0845 1116 Boot type: Normal boot
2011/04/07 17:43:35.0845 1116 ================================================================================
2011/04/07 17:43:37.0095 1116 Initialize success
2011/04/07 17:43:41.0376 4804 ================================================================================
2011/04/07 17:43:41.0376 4804 Scan started
2011/04/07 17:43:41.0376 4804 Mode: Manual;
2011/04/07 17:43:41.0376 4804 ================================================================================
2011/04/07 17:43:43.0157 4804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/07 17:43:43.0204 4804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/07 17:43:43.0423 4804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/07 17:43:43.0470 4804 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/07 17:43:43.0548 4804 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/07 17:43:43.0813 4804 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/04/07 17:43:44.0017 4804 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/07 17:43:44.0110 4804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/07 17:43:44.0282 4804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/07 17:43:44.0360 4804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/07 17:43:44.0657 4804 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/07 17:43:44.0923 4804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/07 17:43:44.0985 4804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/07 17:43:45.0110 4804 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/04/07 17:43:45.0298 4804 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/04/07 17:43:45.0407 4804 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/04/07 17:43:45.0626 4804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/07 17:43:45.0720 4804 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/07 17:43:45.0782 4804 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/07 17:43:45.0860 4804 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/07 17:43:45.0923 4804 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/07 17:43:45.0970 4804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/07 17:43:46.0032 4804 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/07 17:43:46.0095 4804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/07 17:43:46.0142 4804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/07 17:43:46.0188 4804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/07 17:43:46.0829 4804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/07 17:43:46.0923 4804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/07 17:43:47.0220 4804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/07 17:43:47.0282 4804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/07 17:43:47.0313 4804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/07 17:43:47.0423 4804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/07 17:43:47.0642 4804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/07 17:43:47.0704 4804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/07 17:43:47.0735 4804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/07 17:43:47.0767 4804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/07 17:43:47.0860 4804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/07 17:43:48.0188 4804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/07 17:43:48.0313 4804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/07 17:43:48.0376 4804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/07 17:43:48.0454 4804 HCW88AUD (4ab4824d825d704c460bae9abc991beb) C:\WINDOWS\system32\drivers\hcw88aud.sys
2011/04/07 17:43:48.0485 4804 HCW88BDA (f8ac6d8cba0b8e6b0853a62efef5ad77) C:\WINDOWS\system32\drivers\hcw88bda.sys
2011/04/07 17:43:48.0548 4804 hcw88ts (14d12d8062c63f15ef5679dee344b644) C:\WINDOWS\system32\drivers\hcw88ts.sys
2011/04/07 17:43:48.0595 4804 HCW88TSE (c6beab66dc3d80fb18a312916f7a832b) C:\WINDOWS\system32\drivers\hcw88tse.sys
2011/04/07 17:43:48.0704 4804 HCW88TUNE (c84170a30cfe6aa8ecc9ab455bef2e8e) C:\WINDOWS\system32\drivers\hcw88tun.sys
2011/04/07 17:43:48.0923 4804 hcw88vid (2bb97297023f2b5d68026eaf09eb5360) C:\WINDOWS\system32\drivers\hcw88vid.sys
2011/04/07 17:43:49.0001 4804 HCW88XBAR (01ee0e4e3d3e8f45b6539b89e7136d96) C:\WINDOWS\system32\drivers\HCW88BAR.sys
2011/04/07 17:43:49.0063 4804 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/04/07 17:43:49.0392 4804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/07 17:43:49.0501 4804 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/04/07 17:43:49.0579 4804 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/07 17:43:49.0704 4804 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/07 17:43:49.0767 4804 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/07 17:43:49.0829 4804 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/07 17:43:49.0876 4804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/07 17:43:50.0017 4804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/07 17:43:50.0110 4804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/07 17:43:50.0235 4804 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\Acer\eRecovery\int15.sys
2011/04/07 17:43:50.0392 4804 IntcAzAudAddService (8e7d41d71d4e174f96d0be45f6b9e2ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/07 17:43:50.0704 4804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/07 17:43:50.0751 4804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/07 17:43:50.0798 4804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/07 17:43:50.0860 4804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/07 17:43:51.0048 4804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/07 17:43:51.0204 4804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/07 17:43:51.0251 4804 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/04/07 17:43:51.0298 4804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/07 17:43:51.0360 4804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/07 17:43:51.0423 4804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/07 17:43:51.0470 4804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/07 17:43:51.0532 4804 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/04/07 17:43:51.0595 4804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/07 17:43:51.0642 4804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/07 17:43:51.0892 4804 m5287 (22a5254af0de96651f27b09cdf8aa14e) C:\WINDOWS\system32\drivers\m5287.sys
2011/04/07 17:43:52.0063 4804 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/07 17:43:52.0126 4804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/07 17:43:52.0173 4804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/07 17:43:52.0220 4804 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/07 17:43:52.0423 4804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/07 17:43:52.0501 4804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/07 17:43:52.0657 4804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/07 17:43:52.0751 4804 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/07 17:43:52.0923 4804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/07 17:43:52.0985 4804 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/07 17:43:53.0173 4804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/07 17:43:53.0235 4804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/07 17:43:53.0267 4804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/07 17:43:53.0329 4804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/07 17:43:53.0392 4804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/07 17:43:53.0423 4804 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/07 17:43:53.0501 4804 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/07 17:43:53.0548 4804 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/07 17:43:53.0595 4804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/07 17:43:53.0657 4804 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/07 17:43:53.0688 4804 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/07 17:43:53.0735 4804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/07 17:43:53.0845 4804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/07 17:43:53.0892 4804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/07 17:43:54.0267 4804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/07 17:43:54.0470 4804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/07 17:43:54.0642 4804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/07 17:43:54.0876 4804 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/04/07 17:43:55.0032 4804 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/04/07 17:43:55.0095 4804 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/04/07 17:43:55.0282 4804 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/04/07 17:43:55.0360 4804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/07 17:43:55.0423 4804 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/04/07 17:43:55.0548 4804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/07 17:43:55.0735 4804 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/04/07 17:43:55.0798 4804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/07 17:43:56.0251 4804 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/07 17:43:56.0938 4804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/07 17:43:56.0954 4804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/07 17:43:57.0032 4804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/07 17:43:57.0095 4804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/07 17:43:57.0126 4804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/07 17:43:57.0188 4804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/07 17:43:57.0251 4804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/07 17:43:57.0376 4804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/07 17:43:57.0657 4804 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/07 17:43:57.0767 4804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/07 17:43:57.0829 4804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/07 17:43:57.0860 4804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/07 17:43:57.0923 4804 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/07 17:43:58.0110 4804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/07 17:43:58.0188 4804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/07 17:43:58.0235 4804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/07 17:43:58.0282 4804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/07 17:43:58.0345 4804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/07 17:43:58.0376 4804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/07 17:43:58.0438 4804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/07 17:43:58.0501 4804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/07 17:43:58.0548 4804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/07 17:43:58.0626 4804 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/07 17:43:58.0673 4804 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/07 17:43:58.0767 4804 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/04/07 17:43:58.0845 4804 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2011/04/07 17:43:58.0907 4804 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2011/04/07 17:43:59.0048 4804 s0017mdm (aa689c79d62caf565357520cae065f17) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2011/04/07 17:43:59.0095 4804 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2011/04/07 17:43:59.0142 4804 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2011/04/07 17:43:59.0173 4804 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2011/04/07 17:43:59.0220 4804 s0017unic (0c970a53fc43815e948628442f8983ad) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2011/04/07 17:43:59.0329 4804 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/07 17:43:59.0360 4804 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/07 17:43:59.0595 4804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/07 17:43:59.0673 4804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/07 17:43:59.0704 4804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/07 17:43:59.0829 4804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/07 17:43:59.0907 4804 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/07 17:44:00.0017 4804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/07 17:44:00.0110 4804 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/07 17:44:00.0110 4804 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/04/07 17:44:00.0126 4804 sptd - detected Locked file (1)
2011/04/07 17:44:00.0173 4804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/07 17:44:00.0251 4804 srescan (bda0ecc7cba1d3b9fd7ff2881bf9b463) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/04/07 17:44:00.0345 4804 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/07 17:44:00.0438 4804 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/07 17:44:00.0485 4804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/07 17:44:00.0517 4804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/07 17:44:00.0782 4804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/07 17:44:00.0876 4804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/07 17:44:00.0938 4804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/07 17:44:00.0970 4804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/07 17:44:01.0001 4804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/07 17:44:01.0095 4804 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/04/07 17:44:01.0173 4804 tosporte (150cfd8e7ed945f71600b41ff29f16fa) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/04/07 17:44:01.0220 4804 Tosrfbd (cbc4f88c50b6e7ceba8af5aaa48dcdf8) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/04/07 17:44:01.0251 4804 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/04/07 17:44:01.0298 4804 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/04/07 17:44:01.0345 4804 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/04/07 17:44:01.0392 4804 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/04/07 17:44:01.0423 4804 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/04/07 17:44:01.0485 4804 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/04/07 17:44:01.0548 4804 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/04/07 17:44:01.0610 4804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/07 17:44:01.0704 4804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/07 17:44:01.0798 4804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/07 17:44:01.0845 4804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/07 17:44:01.0892 4804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/07 17:44:01.0938 4804 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/07 17:44:02.0001 4804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/07 17:44:02.0079 4804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/07 17:44:02.0126 4804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/07 17:44:02.0173 4804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/07 17:44:02.0251 4804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/07 17:44:02.0313 4804 vsdatant (279761ad6562c0d4309cb1bbb260233f) C:\WINDOWS\system32\vsdatant.sys
2011/04/07 17:44:02.0470 4804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/07 17:44:02.0563 4804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/07 17:44:02.0720 4804 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/07 17:44:02.0985 4804 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/07 17:44:03.0063 4804 ZD1211U(ZyDAS) (748ebbf816261873307695d02989e78a) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/04/07 17:44:03.0126 4804 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
2011/04/07 17:44:03.0282 4804 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/07 17:44:03.0298 4804 ================================================================================
2011/04/07 17:44:03.0298 4804 Scan finished
2011/04/07 17:44:03.0298 4804 ================================================================================
2011/04/07 17:44:03.0329 4816 Detected object count: 2
2011/04/07 17:44:13.0220 4816 Locked file(sptd) - User select action: Skip
2011/04/07 17:44:13.0267 4816 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/07 17:44:13.0267 4816 \HardDisk0 - ok
2011/04/07 17:44:13.0267 4816 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/07 17:44:16.0954 4860 Deinitialize success
 
Good job :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
As I'm typing this my avg has picked more VBS/generic viruses in my temporary internet files.

I had a problem with MBRcheck as when i ran it, a few seconds later it would close saying "MBRCheck.exe has encountered a problem and needs to close. (I disabled AVG before I ran MBRCheck)
I redownloaded it again from your link however I keep having the same problem.
It did manage to produce a log which I'm unsure is incomplete or not. I haven't started the combofix process yet since I came on to tell you this problem.

Here's the log MBRCheck produced

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00001ffc

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B1B000 \WINDOWS\system32\KDCOM.DLL
0xF7A2B000 \WINDOWS\system32\BOOTVID.dll
0xF7430000 sptd.sys
0xF7B1D000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7418000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF73EA000 ACPI.sys
0xF73D9000 pci.sys
0xF761B000 isapnp.sys
0xF7B1F000 aliide.sys
0xF789B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF762B000 MountMgr.sys
0xF73BA000 ftdisk.sys
0xF7B21000 dmload.sys
0xF7394000 dmio.sys
0xF78A3000 PartMgr.sys
0xF763B000 VolSnap.sys
0xF737C000 atapi.sys
0xF7369000 m5287.sys
0xF764B000 disk.sys
0xF765B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7349000 fltmgr.sys
0xF7337000 sr.sys
0xF766B000 PxHelp20.sys
0xF7320000 KSecDD.sys
0xF7293000 Ntfs.sys
0xF7266000 NDIS.sys
0xF7252000 srescan.sys
0xF767B000 ohci1394.sys
0xF768B000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7238000 Mup.sys
0xF76FB000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6022000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5832000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF581E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF57A4000 \SystemRoot\system32\drivers\hcw88vid.sys
0xF6012000 \SystemRoot\system32\drivers\STREAM.SYS
0xF5781000 \SystemRoot\system32\drivers\ks.sys
0xF7AF3000 \SystemRoot\system32\drivers\hcw88aud.sys
0xF5738000 \SystemRoot\system32\drivers\hcw88tse.sys
0xF5602000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79BB000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79C3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF55DE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79CB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF55B6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5FF2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AFF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF55A2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF5FE2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B03000 \SystemRoot\System32\Drivers\UBHelper.SYS
0xF5FD2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF5FC2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF553B000 \SystemRoot\System32\Drivers\akjdq82x.SYS
0xF6D2A000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xF7D39000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B6B000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF6D1A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5318000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6CEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6CDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7963000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5307000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6CCA000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7943000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7903000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF47C4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF773B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7973000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B7B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF46C6000 \SystemRoot\system32\DRIVERS\update.sys
0xF6A2A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6CFA000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xF775B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79FB000 \SystemRoot\system32\drivers\HCW88BAR.sys
0xEFC39000 \SystemRoot\system32\drivers\hcw88tun.sys
0xEFC15000 \SystemRoot\system32\drivers\hcw88bda.sys
0xF4EBF000 \SystemRoot\system32\drivers\BdaSup.SYS
0xF4EB3000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF1FB3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEF04C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEF028000 \SystemRoot\system32\drivers\portcls.sys
0xF1F33000 \SystemRoot\system32\drivers\drmk.sys
0xED1D2000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7BCF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xED1FA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BD1000 \SystemRoot\System32\Drivers\Beep.SYS
0xED395000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xEDE6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEDE62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xED9D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEEFC8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEDE5A000 \SystemRoot\System32\drivers\vga.sys
0xF7B29000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEDE52000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78E3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED9CE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECDC1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xECD68000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xECD2E000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEEFB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEEFA8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xECCF2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xECC92000 \SystemRoot\System32\vsdatant.sys
0xECC20000 \SystemRoot\System32\drivers\afd.sys
0xECBF7000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0xF6002000 \SystemRoot\system32\DRIVERS\netbios.sys
0xECB35000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF24EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF24DC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xECB0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xECA9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF252C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xED745000 \SystemRoot\System32\Drivers\Fips.SYS
0xED0AD000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEFC11000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xECA66000 \SystemRoot\System32\Drivers\avgldx86.sys
0xEB2FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xED0C2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xEB2EC000 \SystemRoot\System32\Drivers\dump_m5287.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xED2C5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79E3000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xED0DC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD5A6000 \SystemRoot\System32\ATMFD.DLL
0xECC42000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEB323000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB80F8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB80BB000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1FA3000 \SystemRoot\system32\drivers\sysaudio.sys
0xB800C000 \??\C:\Program Files\Acer\eRecovery\int15.sys
0xB7DAA000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7E2A000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xECFC8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7B91000 \SystemRoot\system32\drivers\MSPQM.sys
0xB749E000 \SystemRoot\System32\Drivers\HTTP.sys
0xB66A2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools\daemon.dll

Processes (total 63):
0 System Idle Process
4 System
708 C:\WINDOWS\system32\smss.exe
776 C:\WINDOWS\system32\csrss.exe
804 C:\WINDOWS\system32\winlogon.exe
848 C:\WINDOWS\system32\services.exe
868 C:\WINDOWS\system32\lsass.exe
1040 C:\WINDOWS\system32\nvsvc32.exe
1108 C:\WINDOWS\system32\svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1196 C:\WINDOWS\system32\svchost.exe
1288 C:\WINDOWS\system32\svchost.exe
1336 C:\WINDOWS\system32\svchost.exe
1412 C:\Program Files\AVG\AVG9\avgchsvx.exe
1420 C:\Program Files\AVG\AVG9\avgrsx.exe
1492 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1876 C:\WINDOWS\explorer.exe
1996 C:\Program Files\Internet Explorer\iexplore.exe
2044 C:\Program Files\Internet Explorer\iexplore.exe
188 C:\Program Files\Internet Explorer\iexplore.exe
756 C:\WINDOWS\system32\spoolsv.exe
1224 C:\WINDOWS\system32\svchost.exe
1296 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1708 C:\WINDOWS\system32\svchost.exe
1792 C:\WINDOWS\ehome\ehRecvr.exe
1856 C:\WINDOWS\ehome\ehSched.exe
1924 C:\WINDOWS\system32\svchost.exe
2040 C:\Program Files\Java\jre6\bin\jqs.exe
2200 C:\WINDOWS\system32\svchost.exe
2248 C:\WINDOWS\system32\svchost.exe
2336 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2556 C:\WINDOWS\system32\svchost.exe
2616 C:\Program Files\AVG\AVG9\avgnsx.exe
3060 C:\WINDOWS\ehome\ehtray.exe
3212 C:\WINDOWS\RTHDCPL.EXE
3320 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3520 C:\Program Files\acer\eRecovery\Monitor.exe
3540 C:\WINDOWS\AGRSMMSG.exe
3568 C:\WINDOWS\system32\rundll32.exe
3660 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3716 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3724 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3912 C:\WINDOWS\system32\rundll32.exe
3928 C:\Program Files\Java\jre6\bin\jusched.exe
3956 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1092 C:\WINDOWS\system32\dllhost.exe
2548 C:\WINDOWS\system32\ctfmon.exe
1448 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1440 C:\WINDOWS\ehome\ehmsas.exe
3548 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3592 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3604 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
3084 C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
3028 C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
3304 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
3384 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
1992 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
2568 C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
1712 C:\WINDOWS\system32\svchost.exe
2764 C:\Program Files\Java\jre6\bin\jucheck.exe
2684 C:\Program Files\Mozilla Firefox\firefox.exe
4364 C:\Program Files\Mozilla Firefox\plugin-container.exe
4008 C:\Documents and Settings\Tran\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`fa08fc00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`a7c0fe00 (FAT32)

PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0
 
This is Andrews friend after Andrew ran combofix, combofix said it would reboot PC however when the computer boots up it comes up with black screen asking whether to boot up with xp media edition or recovery console? it automatically boots with windows xp however when the windows xp screen comes up and begins to load it then displays blue screen with white texts and restarts again.
 
Did you try "Last known good configuration"?

If so.....

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
My friend Andrews optical drive in PC is broken, is it possible to boot up that CD from an external usb optical drive?
 
I dont think my BIOS will allow me to boot from an external USB optical drive as I have tried in the past, I will however try again anyway with the instructions you gave me.
I also tried "last known good configuration" which just gave the same results that my friend posted for me yesterday

If I am not able to boot up from my external optical drive, what would you advise next?
 
asking whether to boot up with xp media edition or recovery console
Click to expand...
Select recovery console.

[...]

3. You'll find yourself at this screen:

xp_src_console.gif


4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

6. This will bring you to a prompt that says:

C:\WINDOWS>

7. Type:

cd \

Press Enter

Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

8. The prompt should now say:

C:\>

9. Type:

cd system~1\_resto~1

Press Enter.

===============================================================================

Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

Type: cd \

Press Enter

Type: cd windows\system32\config

Press Enter

Type: ren system system.bak

Press Enter

(note the spaces between ren and system, and then between system and system.bak)

Type: exit

Press Enter

now the computer should restart, then follow steps 1-9

===============================================================================

10. Type:

dir

Press Enter

NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

11. Type:

cd rp{with the second to the last restore point number }

Press Enter

Example: cd rp9. if rp10 is the last restore point

12. Type:

cd snapshot

Press Enter.

NOTICE: Now the command prompt will look like this:

c:\system~1\resto~1\rp9\snapshot

Note : restore point 9 assumed for clarity of the content.


13. Type:

copy _registry_machine_system c:\windows\system32\config\system

Press Enter

14. Type:

Exit

Press Enter.

Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

copy _registry_machine_software c:\windows\system32\config\software

Alternatively, select different restore point.
 
Thanks for your help but since this PC is 6 years old, we've decided to replace the pc since it doesn't seem worth the effort anymore to try and fix this one.
I greatly appreciate all the help you given me.
Keep up the great work :)
 
Status
Not open for further replies.

Similar threads

W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
S
Solved Computer infected, do I upgrade OS or clean Malware first?
2
Replies
39
Views
9K
Broni
Broni
Tuyen
Factory reset or could this be fixed?
2 3
Replies
61
Views
8K
Cycloid Torus
Cycloid Torus

Latest posts

Back