1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG Bad image

Discussion in 'Virus & Other Malware Removal' started by triggso, Jan 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
    Thanks for your help, this is driving me crazy.

    The avgrsstx bad image message keeps popping up and the computer seems unstable, having explorer.exe errors and needing to be restarted several times. sometimes it is only annoying as the messages need to be answered several times for any command.

    I scanned it with MABS and removed two malware that were called something like Hijack
    Later Trend Micro Housecall removed two rootkits.
    I loaded Kaspersky and it removed a Backdoor Trojan

    But none of this changed the activity. I have uninstalled AVG and cleaned the registry with Little Registry Cleaner, Still the same.

    Here is the Hijack this Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:27:17 AM, on 1/18/2011
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.17037)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Mike\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTA2NDMyMjY3LVQzLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItVklQMTArMQ"&"prod=90"&"ver=10.0.1187
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Mike\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files\FCleaner\FCleaner.exe -a
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Kuma_Tray.lnk = C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)
    O17 - HKLM\System\CS27\Services\Tcpip\..\{29F5CC74-5490-400C-965C-D7A4E9971763}: NameServer = 200.108.96.212 200.108.96.213
    O17 - HKLM\System\CS35\Services\Tcpip\..\{29F5CC74-5490-400C-965C-D7A4E9971763}: NameServer = 200.108.96.212 200.108.96.213
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1ca195926bf5203) (gupdate1ca195926bf5203) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

    --
    End of file - 8999 bytes

    and the dds log


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Mike at 7:44:38.55 on Tue 01/18/2011
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3062.1565 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\Mike\Downloads\dds.scr
    C:\Windows\system32\conime.exe

    ============== Pseudo HJT Report ===============

    uLocal Page = \blank.htm
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://m.www.yahoo.com/
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - Symantec Intrusion Prevention
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [cdloader] "c:\users\mike\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [FTweakFCleaner] c:\program files\fcleaner\FCleaner.exe -a
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTA2NDMyMjY3LVQzLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItVklQMTArMQ"&"prod=90"&"ver=10.0.1187
    StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\kuma_t~1.lnk - c:\program files\history channel games\kgsystray\Kuma_tray.exe
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE: {4248FE82-7FCB-46AC-B270-339F08212110}
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: excluciva.pe\www
    Trusted Zone: plaxo.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\skxv44dm.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf53438&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
    FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\users\mike\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
    FF - Ext: Bible Fox: {646f1212-bb24-11db-8314-0800200c9a66} - %profile%\extensions\{646f1212-bb24-11db-8314-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
    FF - Ext: Coach Tressel 2010 Interactive Theme: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Virtus Search Opt-in: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Google Photos Screensaver: {57E72829-C158-4341-BBED-58F0AD1740FD} - c:\program files\google\google photos screensaver\FF_ext

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-9 207280]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-1-21 78104]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-7-9 632792]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-3-6 5120]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 gupdate1ca195926bf5203;Google Update Service (gupdate1ca195926bf5203);c:\program files\google\update\GoogleUpdate.exe [2009-8-9 133104]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-11 30192]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-9 358600]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-9 1141200]

    =============== Created Last 30 ================

    2011-01-18 12:16:13 -------- d-----w- c:\program files\FCleaner
    2011-01-18 12:16:13 -------- d-----w- c:\progra~2\FTWeak
    2011-01-18 11:46:18 -------- d-sh--w- C:\found.002
    2011-01-16 23:06:57 109240 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
    2011-01-16 23:06:53 150200 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
    2011-01-16 23:06:39 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-01-16 23:06:39 114243 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-01-16 22:58:41 -------- d-----w- c:\program files\Kaspersky Lab
    2011-01-16 22:58:41 -------- d-----w- c:\progra~2\Kaspersky Lab
    2011-01-16 22:39:35 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
    2011-01-15 11:43:46 -------- d-sh--w- C:\found.001
    2011-01-15 08:44:13 20 ----a-w- c:\windows\system32\AVGRSSTX.DLL
    2011-01-12 21:50:12 -------- d-----w- c:\users\mike\appdata\roaming\MusE
    2011-01-12 21:50:11 -------- d-----w- c:\users\mike\appdata\local\MusE
    2011-01-12 21:48:17 -------- d-----w- c:\program files\MuseScore
    2011-01-12 05:06:08 -------- d-----w- c:\users\mike\12 angle stone
    2011-01-09 22:07:51 -------- d-----w- c:\users\mike\appdata\roaming\LegalSounds
    2011-01-09 22:07:49 -------- d-----w- c:\program files\LegalSounds
    2011-01-08 23:16:23 -------- d-----w- c:\program files\common files\Akamai
    2011-01-08 23:14:56 -------- d-----w- c:\program files\History Channel Games
    2011-01-05 13:39:30 -------- d-----w- c:\program files\CCleaner
    2011-01-05 13:33:49 -------- d-----w- c:\users\mike\appdata\roaming\FTWeak
    2011-01-05 13:32:56 -------- d-----w- c:\users\mike\appdata\local\Little_Apps_(http___www.l
    2011-01-05 13:24:01 -------- d-----w- c:\program files\common files\Little Registry Cleaner
    2011-01-05 13:21:48 -------- d-----w- c:\program files\Little Registry Cleaner
    2011-01-01 21:19:19 -------- d-----w- c:\program files\Garden Panic

    ==================== Find3M ====================

    2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 7:49:41.50 ===============

    and the ark log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-18 08:26:37
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
    Running: eiudcy81.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    Thanks again for your help. Awaiting your reply. This is my husband´s computer and he is very worried about as he was completely wiped out by a virus about five years ago and now always fears the worst.
     
  2. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
  3. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
    bump
    I would be most grateful if someone could look at this.
     
  4. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log

    then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  6. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
    2011/01/26 00:57:51.0743 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/26 00:57:51.0743 ================================================================================
    2011/01/26 00:57:51.0743 SystemInfo:
    2011/01/26 00:57:51.0743
    2011/01/26 00:57:51.0743 OS Version: 6.0.6000 ServicePack: 0.0
    2011/01/26 00:57:51.0743 Product type: Workstation
    2011/01/26 00:57:51.0743 ComputerName: MIKE-PC
    2011/01/26 00:57:51.0743 UserName: Mike
    2011/01/26 00:57:51.0743 Windows directory: C:\Windows
    2011/01/26 00:57:51.0744 System windows directory: C:\Windows
    2011/01/26 00:57:51.0744 Processor architecture: Intel x86
    2011/01/26 00:57:51.0744 Number of processors: 2
    2011/01/26 00:57:51.0744 Page size: 0x1000
    2011/01/26 00:57:51.0744 Boot type: Normal boot
    2011/01/26 00:57:51.0744 ================================================================================
    2011/01/26 00:57:52.0623 Initialize success
    2011/01/26 00:57:55.0445 ================================================================================
    2011/01/26 00:57:55.0445 Scan started
    2011/01/26 00:57:55.0445 Mode: Manual;
    2011/01/26 00:57:55.0445 ================================================================================
    2011/01/26 00:57:56.0831 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    2011/01/26 00:57:56.0975 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    2011/01/26 00:57:57.0125 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/01/26 00:57:57.0288 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/01/26 00:57:57.0466 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/01/26 00:57:57.0532 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/01/26 00:57:57.0753 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2011/01/26 00:57:57.0937 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/01/26 00:57:58.0123 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/01/26 00:57:58.0190 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/01/26 00:57:58.0300 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/01/26 00:57:58.0366 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/01/26 00:57:58.0410 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/01/26 00:57:58.0458 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/01/26 00:57:58.0499 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/01/26 00:57:58.0610 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/01/26 00:57:58.0701 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/01/26 00:57:58.0771 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/26 00:57:58.0816 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
    2011/01/26 00:57:58.0912 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    2011/01/26 00:57:58.0980 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2011/01/26 00:57:59.0128 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/26 00:57:59.0173 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/01/26 00:57:59.0262 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/01/26 00:57:59.0331 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/01/26 00:57:59.0404 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/01/26 00:57:59.0471 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/01/26 00:57:59.0544 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/01/26 00:57:59.0687 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/01/26 00:57:59.0758 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/01/26 00:57:59.0844 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/01/26 00:57:59.0886 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
    2011/01/26 00:58:00.0009 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/01/26 00:58:00.0097 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/26 00:58:00.0162 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\Windows\system32\drivers\Cdralw2k.sys
    2011/01/26 00:58:00.0232 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/26 00:58:00.0274 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/01/26 00:58:00.0335 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    2011/01/26 00:58:00.0429 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/26 00:58:00.0469 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/01/26 00:58:00.0531 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/26 00:58:00.0591 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/01/26 00:58:00.0624 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/01/26 00:58:00.0725 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/26 00:58:00.0813 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
    2011/01/26 00:58:00.0900 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2011/01/26 00:58:01.0005 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/26 00:58:01.0443 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/26 00:58:01.0570 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/01/26 00:58:01.0648 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2011/01/26 00:58:01.0726 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/01/26 00:58:01.0809 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2011/01/26 00:58:01.0869 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/26 00:58:01.0926 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/26 00:58:02.0106 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2011/01/26 00:58:02.0212 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/26 00:58:02.0266 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/26 00:58:02.0340 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/26 00:58:02.0372 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/01/26 00:58:02.0415 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/26 00:58:02.0522 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/26 00:58:02.0603 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/26 00:58:02.0651 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/26 00:58:02.0688 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/01/26 00:58:02.0767 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/26 00:58:02.0807 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/01/26 00:58:02.0898 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    2011/01/26 00:58:02.0963 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/01/26 00:58:03.0019 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/26 00:58:03.0126 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    2011/01/26 00:58:03.0218 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/01/26 00:58:03.0273 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/01/26 00:58:03.0411 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/01/26 00:58:03.0513 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/01/26 00:58:03.0612 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
    2011/01/26 00:58:03.0639 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/26 00:58:03.0688 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/26 00:58:03.0766 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/01/26 00:58:03.0813 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/01/26 00:58:03.0863 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2011/01/26 00:58:03.0947 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/01/26 00:58:04.0008 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/26 00:58:04.0038 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/01/26 00:58:04.0091 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/01/26 00:58:04.0167 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/26 00:58:04.0210 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/26 00:58:04.0312 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
    2011/01/26 00:58:04.0368 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
    2011/01/26 00:58:04.0487 KLIF (2b7064ff5681b8dde96b98709bb78884) C:\Windows\system32\DRIVERS\klif.sys
    2011/01/26 00:58:04.0529 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
    2011/01/26 00:58:04.0566 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/01/26 00:58:04.0625 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/26 00:58:04.0698 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/26 00:58:04.0765 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/01/26 00:58:04.0816 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/01/26 00:58:04.0866 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/01/26 00:58:04.0900 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2011/01/26 00:58:04.0944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/01/26 00:58:05.0012 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2011/01/26 00:58:05.0066 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/26 00:58:05.0119 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/26 00:58:05.0167 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/26 00:58:05.0201 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/26 00:58:05.0239 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/01/26 00:58:05.0309 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/26 00:58:05.0351 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/01/26 00:58:05.0386 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/26 00:58:05.0428 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/26 00:58:05.0462 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/26 00:58:05.0516 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/26 00:58:05.0577 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/01/26 00:58:05.0617 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/01/26 00:58:05.0696 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2011/01/26 00:58:05.0737 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    2011/01/26 00:58:05.0800 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/26 00:58:05.0848 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/26 00:58:05.0907 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/26 00:58:05.0966 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/26 00:58:05.0998 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/26 00:58:06.0041 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/26 00:58:06.0095 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2011/01/26 00:58:06.0162 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/26 00:58:06.0217 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2011/01/26 00:58:06.0268 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/26 00:58:06.0299 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/26 00:58:06.0339 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/26 00:58:06.0384 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/26 00:58:06.0437 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/26 00:58:06.0468 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/26 00:58:06.0625 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    2011/01/26 00:58:06.0825 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2011/01/26 00:58:07.0040 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/01/26 00:58:07.0284 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2011/01/26 00:58:07.0415 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/01/26 00:58:07.0472 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2011/01/26 00:58:07.0504 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/26 00:58:07.0591 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/26 00:58:07.0651 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/01/26 00:58:07.0691 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2011/01/26 00:58:07.0735 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/01/26 00:58:07.0777 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/01/26 00:58:07.0815 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/01/26 00:58:07.0937 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/26 00:58:08.0011 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/01/26 00:58:08.0051 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    2011/01/26 00:58:08.0079 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/01/26 00:58:08.0134 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    2011/01/26 00:58:08.0169 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/01/26 00:58:08.0245 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/26 00:58:08.0306 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\Windows\system32\drivers\PCTCore.sys
    2011/01/26 00:58:08.0405 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/01/26 00:58:08.0532 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
    2011/01/26 00:58:08.0599 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/26 00:58:08.0653 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/01/26 00:58:08.0725 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/26 00:58:08.0786 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/01/26 00:58:08.0880 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/01/26 00:58:08.0945 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/26 00:58:08.0975 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/26 00:58:09.0039 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/26 00:58:09.0089 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/26 00:58:09.0127 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/26 00:58:09.0150 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/26 00:58:09.0193 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/26 00:58:09.0249 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/26 00:58:09.0334 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/26 00:58:09.0459 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/01/26 00:58:09.0501 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/26 00:58:09.0572 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/01/26 00:58:09.0641 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS
    2011/01/26 00:58:09.0684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/01/26 00:58:09.0763 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/01/26 00:58:09.0826 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/26 00:58:09.0890 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/01/26 00:58:09.0950 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/01/26 00:58:09.0996 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    2011/01/26 00:58:10.0065 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/01/26 00:58:10.0119 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/01/26 00:58:10.0188 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/01/26 00:58:10.0237 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/01/26 00:58:10.0295 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/01/26 00:58:10.0347 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/01/26 00:58:10.0403 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/01/26 00:58:10.0466 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/26 00:58:10.0619 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2011/01/26 00:58:10.0679 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/26 00:58:10.0728 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/26 00:58:10.0770 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/26 00:58:10.0834 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    2011/01/26 00:58:10.0955 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    2011/01/26 00:58:11.0035 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/26 00:58:11.0091 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/01/26 00:58:11.0153 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/01/26 00:58:11.0206 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/01/26 00:58:11.0257 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/01/26 00:58:11.0343 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    2011/01/26 00:58:11.0437 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/26 00:58:11.0471 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/26 00:58:11.0518 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/26 00:58:11.0564 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/26 00:58:11.0600 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/26 00:58:11.0649 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/26 00:58:11.0726 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/26 00:58:11.0799 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/01/26 00:58:11.0845 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/26 00:58:11.0901 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/01/26 00:58:11.0959 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/26 00:58:12.0023 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/01/26 00:58:12.0075 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/01/26 00:58:12.0133 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/01/26 00:58:12.0176 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/01/26 00:58:12.0231 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/26 00:58:12.0329 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
    2011/01/26 00:58:12.0377 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/26 00:58:12.0421 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/01/26 00:58:12.0481 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/26 00:58:12.0524 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/26 00:58:12.0576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/01/26 00:58:12.0615 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/26 00:58:12.0674 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/01/26 00:58:12.0714 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/26 00:58:12.0775 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/26 00:58:12.0834 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/26 00:58:12.0870 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2011/01/26 00:58:12.0908 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/01/26 00:58:12.0958 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/01/26 00:58:13.0000 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/01/26 00:58:13.0039 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    2011/01/26 00:58:13.0067 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/26 00:58:13.0119 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    2011/01/26 00:58:13.0154 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/01/26 00:58:13.0237 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/01/26 00:58:13.0290 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/26 00:58:13.0324 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/26 00:58:13.0375 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/01/26 00:58:13.0442 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/26 00:58:13.0569 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/26 00:58:13.0644 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/01/26 00:58:13.0736 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/26 00:58:13.0848 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/26 00:58:13.0926 ZTEusbmdm6k (66f57e64952273ba5a559cf9fa5fcf79) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    2011/01/26 00:58:13.0984 ZTEusbnmea (66f57e64952273ba5a559cf9fa5fcf79) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    2011/01/26 00:58:14.0019 ZTEusbser6k (66f57e64952273ba5a559cf9fa5fcf79) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    2011/01/26 00:58:14.0123 ================================================================================
    2011/01/26 00:58:14.0123 Scan finished
    2011/01/26 00:58:14.0123 ================================================================================
     
  7. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
    Here is the ComboFix Log
    At this moment it appears cured, but I will let you know Sunday or Monday because we are leaving for a trip tomorrow very early.

    ComboFix 11-01-25.01 - Mike 01/26/2011 1:14.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3062.1722 [GMT -5:00]
    Running from: c:\users\Mike\Desktop\tammy123.exe.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\AVGRSSTX.DLL
    c:\windows\system32\spool\prtprocs\w32x86\BiCProNT.dll
    c:\windows\system32\spool\prtprocs\w32x86\BiMProNT.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
    .

    2011-01-26 06:26 . 2011-01-26 06:27 -------- d-----w- c:\users\Mike\AppData\Local\temp
    2011-01-26 06:26 . 2011-01-26 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-25 15:04 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03EA3471-0F37-466C-99F5-BFCE2C46C199}\mpengine.dll
    2011-01-21 20:01 . 2011-01-21 20:16 -------- d-----w- c:\users\Mike\AppData\Local\DuplicateCleaner
    2011-01-21 20:01 . 2011-01-21 20:01 -------- d-----w- c:\program files\Duplicate Cleaner
    2011-01-20 13:55 . 2010-12-03 19:35 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
    2011-01-19 22:38 . 2011-01-19 22:38 -------- d-----w- c:\users\Mike\AppData\Roaming\Awem
    2011-01-19 18:15 . 2011-01-19 18:16 -------- d-----w- c:\program files\World Mosaics 2
    2011-01-19 17:58 . 2011-01-19 17:58 -------- d-----w- c:\program files\Cradle of Rome 2
    2011-01-18 12:16 . 2011-01-18 12:16 -------- d-----w- c:\program files\FCleaner
    2011-01-18 12:16 . 2011-01-18 12:16 -------- d-----w- c:\programdata\FTWeak
    2011-01-18 11:46 . 2011-01-18 11:46 -------- d-----w- C:\found.002
    2011-01-16 23:06 . 2010-07-02 02:34 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
    2011-01-16 23:06 . 2010-07-02 02:35 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
    2011-01-16 23:06 . 2011-01-17 00:37 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-01-16 23:06 . 2011-01-17 00:37 114243 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-01-16 22:58 . 2011-01-26 04:32 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-01-16 22:58 . 2011-01-16 22:58 -------- d-----w- c:\program files\Kaspersky Lab
    2011-01-16 22:39 . 2011-01-16 22:39 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-01-15 11:43 . 2011-01-15 11:43 -------- d-----w- C:\found.001
    2011-01-12 21:50 . 2011-01-12 21:50 -------- d-----w- c:\users\Mike\AppData\Roaming\MusE
    2011-01-12 21:50 . 2011-01-12 21:50 -------- d-----w- c:\users\Mike\AppData\Local\MusE
    2011-01-12 21:48 . 2011-01-12 21:48 -------- d-----w- c:\program files\MuseScore
    2011-01-12 05:06 . 2011-01-12 05:06 -------- d-----w- c:\users\Mike\12 angle stone
    2011-01-09 22:07 . 2011-01-09 22:07 -------- d-----w- c:\users\Mike\AppData\Roaming\LegalSounds
    2011-01-09 22:07 . 2011-01-09 22:07 -------- d-----w- c:\program files\LegalSounds
    2011-01-08 23:16 . 2011-01-25 13:16 -------- d-----w- c:\program files\Common Files\Akamai
    2011-01-08 23:14 . 2011-01-08 23:51 -------- d-----w- c:\program files\History Channel Games
    2011-01-05 13:39 . 2011-01-05 13:39 -------- d-----w- c:\program files\CCleaner
    2011-01-05 13:33 . 2011-01-18 12:16 -------- d-----w- c:\users\Mike\AppData\Roaming\FTWeak
    2011-01-05 13:32 . 2011-01-05 13:32 -------- d-----w- c:\users\Mike\AppData\Local\Little_Apps_(http___www.l
    2011-01-05 13:24 . 2011-01-05 13:32 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
    2011-01-05 13:21 . 2011-01-05 13:21 -------- d-----w- c:\program files\Little Registry Cleaner
    2011-01-01 21:19 . 2011-01-01 21:19 -------- d-----w- c:\program files\Garden Panic

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2009-08-10 01:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-08-10 01:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-10 20:01 . 2010-12-10 20:01 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2009-11-28 22:49 . 2009-11-28 22:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Backedup]
    @="{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}"
    [HKEY_CLASSES_ROOT\CLSID\{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}]
    2009-12-30 21:31 638728 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Failed]
    @="{20FA8895-5630-473A-A86A-54166558605F}"
    [HKEY_CLASSES_ROOT\CLSID\{20FA8895-5630-473A-A86A-54166558605F}]
    2009-12-30 21:31 638728 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_NotBackedup]
    @="{D432C173-DFAD-491A-A01A-4E7AE1670A6F}"
    [HKEY_CLASSES_ROOT\CLSID\{D432C173-DFAD-491A-A01A-4E7AE1670A6F}]
    2009-12-30 21:31 638728 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "cdloader"="c:\users\Mike\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-09 39408]
    "FTweakFCleaner"="c:\program files\FCleaner\FCleaner.exe" [2010-06-21 1763840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

    c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Kuma_Tray.lnk - c:\program files\History Channel Games\kgsystray\Kuma_tray.exe [2011-1-8 33472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Multiply AutoUploader.lnk]
    path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
    backup=c:\windows\pss\Multiply AutoUploader.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\American Airlines DealFinder]
    2009-03-17 08:26 759728 ----a-w- c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2010-12-03 12:39 50592 ----a-w- c:\users\Mike\AppData\Roaming\mjusbsp\cdloader2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus T23 Series]
    2007-11-29 22:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEAB.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-11-28 22:49 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2010-05-13 22:47 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2006-03-01 23:23 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2006-03-01 23:22 36864 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-06-02 16:56 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
    2009-12-30 21:31 1140488 ----a-w- c:\program files\Spare Backup\SpareTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
    2010-04-08 14:14 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-09 16:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 gupdate1ca195926bf5203;Google Update Service (gupdate1ca195926bf5203);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 133104]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
    S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-01-21 78104]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-07-16 5120]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-11 22:52]

    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 01:23]

    2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 01:23]

    2011-01-21 c:\windows\Tasks\Norton Security Scan for Mike.job
    - c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-10 21:45]

    2011-01-25 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

    2011-01-06 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

    2011-01-25 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-19 12:29]

    2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{34A1362A-B534-4723-A978-3BDF1D1CD028}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = \blank.htm
    uStart Page = hxxp://m.www.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6920
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: excluciva.pe\www
    Trusted Zone: plaxo.com\www
    FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\skxv44dm.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf53438&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Bible Fox: {646f1212-bb24-11db-8314-0800200c9a66} - %profile%\extensions\{646f1212-bb24-11db-8314-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
    FF - Ext: Coach Tressel 2010 Interactive Theme: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Virtus Search Opt-in: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Google Photos Screensaver: {57E72829-C158-4341-BBED-58F0AD1740FD} - c:\program files\Google\Google Photos Screensaver\FF_ext
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-ClamWin - c:\program files\ClamWin\bin\ClamTray.exe
    MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
    MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-26 01:26
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\Mike\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4015741094-1014505541-2555723967-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d3,c1,fb,8d,78,3e,25,dc,c8,fb,ab,4c,59,57,4d,f4,fc,b9,91,43,2e,d6,19,
    91,39,a5,93,fd,ff,d0,c0,9e,91,d6,bf,d7,65,10,d4,16,43,ed,ea,51,fa,17,65,5d,\
    "??"=hex:f9,3c,4c,01,e5,1e,f9,46,76,91,6e,b9,de,50,8d,8b

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-26 01:36:03
    ComboFix-quarantined-files.txt 2011-01-26 06:35

    Pre-Run: 151,276,486,656 bytes free
    Post-Run: 151,244,587,008 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=55 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55
    - - End Of File - - 203CCA1C587AF06D332C9FE0AED5A634
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I will wait to hear back
     
  9. triggso

    triggso Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    7
    Derek,
    Sorry our trip took longer than I anticipated because of local flooding and landslides. There is no trace of this problem now and it appears you can mark it as solved.
    Thank you very much for your help
    Tammy
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975390

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice