Jump to content

clayhollow

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. clayhollow
    Ok. It's all done. I am so happy!! Thank you very much. You're my hero. For the day at least. =)
  2. clayhollow
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5873 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2/24/2011 6:54:47 PM mbam-log-2011-02-24 (18-54-47).txt Scan type: Quick scan Objects scanned: 152481 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. clayhollow
    okie dokie
  4. clayhollow
    Yes!! It worked!! I'm pretty sure my computer is all cleaned up!! And MSconfig is working again too. It's running so much better and faster than ever! Please watch for a donation from me. I have to go put money in my PayPal account after work. We have an electrical contracting service and I also run a seamstressing business and all my invoicing is done through this computer. Thank you so much!!!!! I am able to contact you again in the future? My PayPal account will say Aundria Clay.
  5. clayhollow
    Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Genuine Validation Code: 0 Cached Validation Code: N/A Windows Product Key: *****-*****-YRM3J-YWHFR-KB4MM Windows Product Key Hash: G7S5lalGzRkFOsQi1dDwPK7+Jbs= Windows Product ID: 55274-640-9456047-23987 Windows Product ID Type: 1 Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.3.0.pro ID: {CBDD88FD-2874-430F-BC29-520FE00CF43A}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.9.40.0 Signed By: Microsoft Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-230-1 Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A Version: N/A Windows XP Notifications Data--> Cached Result: 0 File Exists: Yes Version: 1.9.40.0 WgaTray.exe Signed By: Microsoft WgaLogon.dll Signed By: Microsoft OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 100 Genuine Microsoft Office Enterprise 2007 - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32) Default Browser: C:\Program Files\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{CBDD88FD-2874-430F-BC29-520FE00CF43A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KB4MM</PKey><PID>55274-640-9456047-23987</PID><PIDType>1</PIDType><SID>S-1-5-21-343818398-413027322-1417001333</SID><SYSTEM><Manufacturer>soyocomputer</Manufacturer><Model>P4VTE</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>Version 07.00T</Version><SMBIOSVersion major="2" minor="3"/><Date>20010402000000.000000+000</Date></BIOS><HWID>38F10F6801842043</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65167</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Licensing Data--> N/A Windows Activation Technologies--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 1B43C:Elitegroup Computer Systems Co Ltd Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005 OEM Activation 2.0 Data--> N/A
  6. clayhollow
    No, my computer guy has that and he does it for me when needed but he takes my computer for a 3-4 weeks and I was trying to avoid that.
  7. clayhollow
    SystemLook 04.09.10 by jpshortstuff Log created at 10:17 on 24/02/2011 by Administrador Administrator - Elevation successful ========== filefind ========== Searching for "msconfig.exe" No files found. Searching for "beep.sys" No files found. Searching for "wscntfy.exe" No files found. Searching for "regsvc.dll" No files found. Searching for "proquota.exe" No files found. Searching for "sfcfiles.dll" C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [08:52 26/04/2008] [08:52 26/04/2008] BAB74B55CB6B10DFAC32C8E4CCB711E1 Searching for " " No files found. -= EOF =-
  8. clayhollow
    msconfig won't open...says it can't find it???
  9. clayhollow
    My computer is running so much better!! Thank you very much! Here is the log file you requested: ComboFix 11-02-23.08 - Administrador 02/24/2011 9:21.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.126 [GMT -5:00] Running from: c:\documents and settings\Administrador\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrador\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\fgfgfgfg c:\documents and settings\All Users\Application Data\fgfgfgfg\aCoObBm08200 c:\documents and settings\All Users\Application Data\rtrtrtrtre c:\documents and settings\All Users\Application Data\rtrtrtrtre\x86\DIFxInstallLog.txt c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASWFSBLK -------\Legacy_ASWSP -------\Legacy_PFDREDYGJ -------\Legacy_VNSFSEUY -------\Service_aswFsBlk -------\Service_aswSP -------\Service_pfdredygj -------\Service_vnsfseuy ((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 ))))))))))))))))))))))))))))))) . 2011-02-23 03:50 . 2011-02-23 03:50 -------- d--h--w- c:\windows\PIF 2011-02-23 02:25 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-23 02:25 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 02:25 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 02:25 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 02:25 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-02-23 02:25 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-02-23 02:25 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-02-23 02:24 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-23 02:24 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-23 02:24 . 2011-02-23 02:24 -------- d-----w- c:\program files\Alwil Software 2011-02-23 02:24 . 2011-02-23 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2011-02-22 03:18 . 2011-02-22 03:18 -------- d-----w- c:\program files\Trend Micro 2011-02-22 01:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-22 01:43 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-21 01:50 . 2011-02-21 01:50 -------- d-----w- c:\program files\Common Files\Java 2011-02-21 01:47 . 2011-02-03 02:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-21 01:47 . 2011-02-03 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-21 01:47 . 2011-02-03 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-16 00:04 . 2011-02-16 00:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Apple Software Update 2011-02-15 23:49 . 2010-12-14 23:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-15 23:49 . 2010-12-14 23:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Bonjour 2011-02-15 23:48 . 2011-02-15 23:52 -------- d-----w- c:\program files\Common Files\Apple 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 01:45 . 2010-08-03 13:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-21 01:45 . 2010-08-03 13:38 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2009-12-21 02:39 . 2009-12-21 02:39 1956528 ----a-w- c:\program files\install_flash_player_ax.exe . ------- Sigcheck ------- [-] 2008-04-26 . BAB74B55CB6B10DFAC32C8E4CCB711E1 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\System32\drivers\beep.sys ... is missing !! c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-19 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files\Common Files\AOL\1236815878\ee\AOLSoftware.exe" [2008-11-06 41264] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-21 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2010-09-09 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1236815878\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/3/2010 8:38 AM 135336] S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2009 12:36 PM 133104] S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [7/6/2009 10:09 PM 15104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess SRService Tapisrv Themes WZCSVC Wmi WmdmPmSp winmgmt xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection WmdmPmSN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . Contents of the 'Scheduled Tasks' folder 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 17:36] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 17:36] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-413027322-1417001333-500Core.job - c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-22 05:06] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-413027322-1417001333-500UA.job - c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-22 05:06] . . ------- Supplementary Scan ------- . uStart Page = about:blank . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-24 09:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3124) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe c:\windows\system32\brss01a.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe . ************************************************************************** . Completion time: 2011-02-24 09:38:53 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-24 14:38 ComboFix2.txt 2011-02-24 14:17 ComboFix3.txt 2011-02-23 19:04 Pre-Run: 131,395,092,480 bytes free Post-Run: 131,298,226,176 bytes free - - End Of File - - 15A1DA5CF804EF44923622F76E27D5A9
  10. clayhollow
    2011/02/23 12:44:03.0859 3956 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/23 12:44:05.0593 3956 ================================================================================ 2011/02/23 12:44:05.0593 3956 SystemInfo: 2011/02/23 12:44:05.0593 3956 2011/02/23 12:44:05.0593 3956 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/23 12:44:05.0593 3956 Product type: Workstation 2011/02/23 12:44:05.0593 3956 ComputerName: ADMIN 2011/02/23 12:44:05.0593 3956 UserName: Administrador 2011/02/23 12:44:05.0593 3956 Windows directory: C:\WINDOWS 2011/02/23 12:44:05.0593 3956 System windows directory: C:\WINDOWS 2011/02/23 12:44:05.0593 3956 Processor architecture: Intel x86 2011/02/23 12:44:05.0593 3956 Number of processors: 1 2011/02/23 12:44:05.0593 3956 Page size: 0x1000 2011/02/23 12:44:05.0593 3956 Boot type: Normal boot 2011/02/23 12:44:05.0593 3956 ================================================================================ 2011/02/23 12:44:07.0062 3956 Initialize success 2011/02/23 12:44:10.0265 0924 ================================================================================ 2011/02/23 12:44:10.0265 0924 Scan started 2011/02/23 12:44:10.0265 0924 Mode: Manual; 2011/02/23 12:44:10.0265 0924 ================================================================================ 2011/02/23 12:44:13.0375 0924 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/02/23 12:44:13.0906 0924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/23 12:44:14.0109 0924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/23 12:44:14.0562 0924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/23 12:44:14.0937 0924 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/23 12:44:16.0687 0924 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/02/23 12:44:16.0859 0924 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/02/23 12:44:17.0187 0924 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/02/23 12:44:17.0312 0924 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys 2011/02/23 12:44:17.0453 0924 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/02/23 12:44:17.0546 0924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/23 12:44:17.0609 0924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/23 12:44:17.0718 0924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/23 12:44:17.0968 0924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/23 12:44:18.0218 0924 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/02/23 12:44:18.0500 0924 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/02/23 12:44:18.0687 0924 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/02/23 12:44:19.0000 0924 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 2011/02/23 12:44:19.0140 0924 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys 2011/02/23 12:44:19.0234 0924 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 2011/02/23 12:44:19.0359 0924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/23 12:44:19.0593 0924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/23 12:44:19.0718 0924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/23 12:44:19.0906 0924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/23 12:44:20.0250 0924 cmuda (be8cb37c2094a72057c794afb753cce8) C:\WINDOWS\system32\drivers\cmuda.sys 2011/02/23 12:44:20.0828 0924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/23 12:44:21.0031 0924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/23 12:44:21.0093 0924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/23 12:44:21.0140 0924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/23 12:44:21.0234 0924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/23 12:44:21.0343 0924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/23 12:44:21.0421 0924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/23 12:44:21.0500 0924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/23 12:44:21.0546 0924 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 2011/02/23 12:44:21.0593 0924 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 2011/02/23 12:44:21.0625 0924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/23 12:44:21.0656 0924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/23 12:44:21.0718 0924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/23 12:44:21.0765 0924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/23 12:44:21.0812 0924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/23 12:44:21.0875 0924 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/02/23 12:44:21.0906 0924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/23 12:44:22.0031 0924 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys 2011/02/23 12:44:22.0140 0924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/23 12:44:22.0265 0924 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/23 12:44:22.0296 0924 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/23 12:44:22.0343 0924 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/23 12:44:22.0406 0924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/23 12:44:22.0515 0924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/23 12:44:22.0593 0924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/23 12:44:22.0734 0924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/23 12:44:22.0781 0924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/23 12:44:22.0828 0924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/23 12:44:22.0875 0924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/23 12:44:22.0906 0924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/23 12:44:22.0937 0924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/23 12:44:22.0984 0924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/23 12:44:23.0156 0924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/23 12:44:23.0203 0924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/23 12:44:23.0218 0924 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/23 12:44:23.0265 0924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/23 12:44:23.0312 0924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/23 12:44:23.0421 0924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/23 12:44:23.0468 0924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/23 12:44:23.0500 0924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/23 12:44:23.0531 0924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/23 12:44:23.0593 0924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/23 12:44:23.0687 0924 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/23 12:44:23.0734 0924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/23 12:44:23.0812 0924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/23 12:44:23.0859 0924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/23 12:44:23.0890 0924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/23 12:44:23.0921 0924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/23 12:44:23.0953 0924 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/23 12:44:24.0015 0924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/23 12:44:24.0078 0924 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/23 12:44:24.0109 0924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/23 12:44:24.0140 0924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/23 12:44:24.0171 0924 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/23 12:44:24.0203 0924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/23 12:44:24.0250 0924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/23 12:44:24.0328 0924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/23 12:44:24.0375 0924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/23 12:44:24.0453 0924 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/02/23 12:44:24.0531 0924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/23 12:44:24.0812 0924 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/23 12:44:25.0046 0924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/23 12:44:25.0078 0924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/23 12:44:25.0140 0924 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/02/23 12:44:25.0203 0924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/23 12:44:25.0234 0924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/23 12:44:25.0281 0924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/23 12:44:25.0328 0924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/23 12:44:25.0437 0924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/23 12:44:25.0625 0924 Suspicious service (NoAccess): pfdredygj 2011/02/23 12:44:25.0687 0924 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/23 12:44:25.0718 0924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/23 12:44:25.0750 0924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/23 12:44:25.0796 0924 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/23 12:44:25.0968 0924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/23 12:44:26.0000 0924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/23 12:44:26.0062 0924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/23 12:44:26.0093 0924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/23 12:44:26.0140 0924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/23 12:44:26.0171 0924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/23 12:44:26.0250 0924 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/23 12:44:26.0312 0924 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/23 12:44:26.0359 0924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/23 12:44:26.0421 0924 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/02/23 12:44:26.0453 0924 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/02/23 12:44:26.0546 0924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/23 12:44:26.0593 0924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/23 12:44:26.0625 0924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/23 12:44:26.0671 0924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/23 12:44:26.0796 0924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/23 12:44:26.0859 0924 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/23 12:44:26.0953 0924 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/23 12:44:27.0031 0924 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/02/23 12:44:27.0125 0924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/23 12:44:27.0156 0924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/23 12:44:27.0296 0924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/23 12:44:27.0375 0924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/23 12:44:27.0437 0924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/23 12:44:27.0500 0924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/23 12:44:27.0546 0924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/23 12:44:27.0656 0924 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 2011/02/23 12:44:27.0718 0924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/23 12:44:27.0796 0924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/23 12:44:27.0875 0924 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/02/23 12:44:27.0953 0924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/23 12:44:28.0015 0924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/23 12:44:28.0187 0924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/23 12:44:28.0234 0924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/23 12:44:28.0281 0924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/23 12:44:28.0343 0924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/23 12:44:28.0375 0924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/23 12:44:28.0437 0924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/23 12:44:28.0500 0924 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 2011/02/23 12:44:28.0531 0924 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/23 12:44:28.0546 0924 Suspicious service (NoAccess): vnsfseuy 2011/02/23 12:44:28.0593 0924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/23 12:44:28.0656 0924 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/02/23 12:44:28.0718 0924 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/23 12:44:28.0812 0924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/23 12:44:28.0953 0924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/02/23 12:44:29.0015 0924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/02/23 12:44:29.0093 0924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/23 12:44:29.0156 0924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/23 12:44:29.0218 0924 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/23 12:44:29.0218 0924 ================================================================================ 2011/02/23 12:44:29.0218 0924 Scan finished 2011/02/23 12:44:29.0218 0924 ================================================================================ 2011/02/23 12:44:29.0250 2248 Detected object count: 1 2011/02/23 12:44:33.0359 2248 \HardDisk0 - will be cured after reboot 2011/02/23 12:44:33.0359 2248 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/23 12:44:53.0453 4048 Deinitialize success ComboFix 11-02-23.01 - Administrador 02/23/2011 13:47:51.1.1 - x86 Running from: c:\documents and settings\Administrador\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrador\Local Settings\Application Data\{97A81BF4-06EB-4881-8917-94D5278A06B2} c:\documents and settings\Administrador\Local Settings\Application Data\{97A81BF4-06EB-4881-8917-94D5278A06B2}\chrome.manifest c:\documents and settings\Administrador\Local Settings\Application Data\{97A81BF4-06EB-4881-8917-94D5278A06B2}\chrome\content\_cfg.js c:\documents and settings\Administrador\Local Settings\Application Data\{97A81BF4-06EB-4881-8917-94D5278A06B2}\chrome\content\overlay.xul c:\documents and settings\Administrador\Local Settings\Application Data\{97A81BF4-06EB-4881-8917-94D5278A06B2}\install.rdf c:\documents and settings\Administrador\Recent\Thumbs.db c:\program files\Windows Media Player\1.txt c:\program files\Windows Media Player\2.txt C:\sysmon c:\windows\system32\msconfig.exe c:\windows\system32\ReadMe.txt c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 03:50 . 2011-02-23 03:50 -------- d--h--w- c:\windows\PIF 2011-02-23 02:25 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-23 02:25 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 02:25 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 02:25 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 02:25 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-02-23 02:25 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-02-23 02:25 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-02-23 02:24 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-23 02:24 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-23 02:24 . 2011-02-23 02:24 -------- d-----w- c:\program files\Alwil Software 2011-02-23 02:24 . 2011-02-23 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2011-02-22 03:18 . 2011-02-22 03:18 -------- d-----w- c:\program files\Trend Micro 2011-02-22 01:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-22 01:43 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-21 01:50 . 2011-02-21 01:50 -------- d-----w- c:\program files\Common Files\Java 2011-02-21 01:47 . 2011-02-03 02:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-21 01:47 . 2011-02-03 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-21 01:47 . 2011-02-03 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-19 05:21 . 2011-02-21 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\fgfgfgfg 2011-02-16 00:04 . 2011-02-16 00:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-02-15 23:52 . 2011-02-15 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\rtrtrtrtre 2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Apple Software Update 2011-02-15 23:49 . 2010-12-14 23:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-15 23:49 . 2010-12-14 23:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Bonjour 2011-02-15 23:48 . 2011-02-15 23:52 -------- d-----w- c:\program files\Common Files\Apple 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 01:45 . 2010-08-03 13:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-21 01:45 . 2010-08-03 13:38 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2009-12-21 02:39 . 2009-12-21 02:39 1956528 ----a-w- c:\program files\install_flash_player_ax.exe . ------- Sigcheck ------- [-] 2008-04-26 . BAB74B55CB6B10DFAC32C8E4CCB711E1 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\System32\drivers\beep.sys ... is missing !! c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-19 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files\Common Files\AOL\1236815878\ee\AOLSoftware.exe" [2008-11-06 41264] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-21 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2010-09-09 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87sdhfush87fsufhuie3fddf HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1236815878\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104] R2 pfdredygj;Image System;c:\windows\system32\svchost.exe [2008-04-14 14336] R2 vnsfseuy;Driver Installer;c:\windows\system32\svchost.exe [2008-04-14 14336] R3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S1 aswSP;aswSP; [x] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-02-21 135336] S2 aswFsBlk;aswFsBlk; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vnsfseuy pfdredygj . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 17:36] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 17:36] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-413027322-1417001333-500Core.job - c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-22 05:06] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-413027322-1417001333-500UA.job - c:\documents and settings\Administrador\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-22 05:06] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local . . ------- File Associations ------- . . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 14:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfdredygj] "ServiceDll"="c:\windows\system32\xpwho.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vnsfseuy] "ServiceDll"="c:\windows\system32\xpwho.dll" . Completion time: 2011-02-23 14:04:49 ComboFix-quarantined-files.txt 2011-02-23 19:04 Pre-Run: 131,294,081,024 bytes free Post-Run: 131,609,706,496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 792F93BAA430950609FEF8461B7ED675
  11. clayhollow
    Here are my log files as requested: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5835 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2/21/2011 8:57:08 PM mbam-log-2011-02-21 (20-57-08).txt Scan type: Quick scan Objects scanned: 160013 Time elapsed: 8 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: c:\program files\f3setupinstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\sysmon\f3install (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\administrador\configura ark.zip Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.