1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

i believe my pc is infected, possible Svchost.exe problems, help plz!

Discussion in 'Virus & Other Malware Removal' started by rizzle425, Jan 4, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    Hello there!

    my computer has been giving me multiple symptoms of infection. i cannot run windows update, it gives me an error message every time i try. when im on internet explorer (ive got to use IE because firefox crashes every 5-10 minutes, so i just uninstalled it) i constantly get redirected to this wal mart award web site, or a survey website with the same layout every time, only a diffirent name which pertains to what im searching for online at the time. IE also experiences frequent freezes when trying to load pages and sometimes cant load them at all and ive got to click refresh 5 times or so before it will actually load the page, IE also crashes alot. sometimes windows explorer stops responding and i have to either hard shut down my pc, or just let it sit until it finally starts to respond again.

    ive noticed that there are multiple instances of a "svchost.exe" running in my processes, 13 of them to be precise. and one of them uses the more memory than any other programs i use. ive done research on it, and it says that it is a windows process, however there are also viruses out there also called "svchost.exe" and i dont wanna mess around with that and possible screw up something.

    anyhow im just sick of the way my computer has been acting and i think its time that i do something about it.
    help is greatly appreciated, thanks!

    Here are all of the logs:

    hijackthis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:29:36 PM, on 1/4/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
    O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file:///E:/win/setup/iamce.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - Unknown owner - C:\Windows\system\regsrv.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

    --
    End of file - 7946 bytes




    DDS log


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Rizzle at 16:12:40.44 on Tue 01/04/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2259 [GMT -7:00]

    AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Windows\TEMP\~nsu.tmp\wsget.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Rizzle\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    uSearch Page =
    uSearch Bar =
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file:///E:/win/setup/iaieplay.dll
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

    ============= SERVICES / DRIVERS ===============

    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-18 145424]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/03/30 19:25:21];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-25 176128]
    R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-7-18 181584]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-18 50256]
    R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-7-18 497008]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-29 36432]
    R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-7-18 677128]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-18 256528]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-25 6472192]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-25 228352]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-25 100368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe --> c:\windows\system\regsrv.exe [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-04 04:42:49 388096 ----a-r- c:\users\rizzle\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-29 09:13:57 -------- d-----w- c:\program files\Feedback Tool
    2010-12-28 07:53:24 -------- d-----w- c:\users\rizzle\appdata\roaming\Registry Mechanic
    2010-12-28 07:02:58 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ed63581a-b25b-4da7-86e7-20680134c134}\mpengine.dll
    2010-12-26 02:27:59 -------- d-----w- c:\users\rizzle\appdata\roaming\FixCleaner
    2010-12-26 02:27:52 -------- d-----w- c:\program files\FixCleaner
    2010-12-17 20:57:43 -------- d-----w- c:\users\rizzle\dwhelper
    2010-12-17 20:55:22 -------- d-----w- c:\program files\AutocompletePro
    2010-12-09 16:38:28 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

    ==================== Find3M ====================

    2010-12-29 08:13:23 18 ----a-w- c:\windows\system\msg.bat
    2010-12-29 08:13:23 1646 ----a-w- c:\windows\system\msg.reg
    2010-11-25 07:01:01 4077568 ----a-w- c:\windows\system32\atiumdag.dll
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-10-31 20:29:44 22328 ----a-w- c:\users\rizzle\appdata\roaming\PnkBstrK.sys
    2010-10-31 20:29:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-10-31 20:28:53 669184 ----a-w- c:\windows\system32\pbsvc.exe
    2010-10-31 20:28:53 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-19 18:58:58 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-14 08:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-14 08:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST350062 rev.HP24 -> Harddisk0\DR0 ->

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x871B6555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x871bc7b0]; MOV EAX, [0x871bc82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x8207D962] -> \Device\Harddisk0\DR0[0x86B1CAC8]
    3 CLASSPNP[0x828978B3] -> ntkrnlpa!IofCallDriver[0x8207D962] -> [0x861555F8]
    5 acpi[0x827466BC] -> ntkrnlpa!IofCallDriver[0x8207D962] -> [0x85D49C90]
    \Driver\nvstor32[0x871A5680] -> IRP_MJ_CREATE -> 0x871B6555
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
    detected disk devices:
    \Device\00000062 -> \??\SCSI#Disk&Ven_ST350062&Prod_0AS#4&ac26b09&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x85ca61f8
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 16:13:17.82 ===============




    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-04 17:33:14
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 ST350062 rev.HP24
    Running: 44t711fi.exe; Driver: C:\Users\Rizzle\AppData\Local\Temp\fwldrpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 88EC0000 ZwCreateKey
    SSDT 88EBF240 ZwCreateProcess
    SSDT 88EBF500 ZwCreateProcessEx
    SSDT 88EC0E60 ZwCreateThread
    SSDT 88EC0580 ZwDeleteKey
    SSDT 88EC0840 ZwDeleteValueKey
    SSDT 88EC11A0 ZwLoadDriver
    SSDT 88EBFA80 ZwOpenProcess
    SSDT 88EC02C0 ZwSetValueKey
    SSDT 88EBFD40 ZwTerminateProcess
    SSDT 88EC0CC0 ZwWriteVirtualMemory
    SSDT 88EC1000 ZwCreateThreadEx
    SSDT 88EBF7C0 ZwCreateUserProcess

    INT 0x51 ? 85CA2BF8
    INT 0x62 ? 8762DBF8
    INT 0x72 ? 8762DBF8
    INT 0x92 ? 85CA1BF8
    INT 0xA2 ? 85CA2BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 1E9 820E594C 4 Bytes [00, 00, EC, 88]
    .text ntkrnlpa.exe!KeSetEvent + 209 820E596C 8 Bytes [40, F2, EB, 88, 00, F5, EB, ...]
    .text ntkrnlpa.exe!KeSetEvent + 221 820E5984 4 Bytes [60, 0E, EC, 88]
    .text ntkrnlpa.exe!KeSetEvent + 2D5 820E5A38 4 Bytes [80, 05, EC, 88]
    .text ntkrnlpa.exe!KeSetEvent + 2E1 820E5A44 4 Bytes [40, 08, EC, 88]
    .text ...
    ? System32\Drivers\spqz.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8BB4741B 5 Bytes JMP 8762D1D8
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A02000, 0x349D76, 0xE8000020]
    ? C:\Windows\system32\DRIVERS\tmcomm.sys Access is denied.
    ? C:\Windows\system32\DRIVERS\tmevtmgr.sys Access is denied.
    ? C:\Windows\system32\DRIVERS\tmactmon.sys Access is denied.
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1AA1300, 0x3AF78, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1AE4300, 0x1BCE, 0xE8000020]
    .text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA35B7000, 0x2892, 0xE8000020]
    .vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA35DA050]
    ? C:\Users\Rizzle\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 77C04D34 5 Bytes JMP 004C000A
    .text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 77C05674 5 Bytes JMP 0061000A
    .text C:\Windows\system32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 77C05DC8 5 Bytes JMP 004B000A
    .text C:\Windows\system32\svchost.exe[1188] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 0068000A
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!GetCursorPos 76470B88 5 Bytes JMP 0136000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] ntdll.dll!NtProtectVirtualMemory 77C04D34 5 Bytes JMP 0033000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] ntdll.dll!NtWriteVirtualMemory 77C05674 5 Bytes JMP 00A7000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] ntdll.dll!KiUserExceptionDispatcher 77C05DC8 5 Bytes JMP 0032000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2104] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!NtProtectVirtualMemory 77C04D34 5 Bytes JMP 0034000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!NtWriteVirtualMemory 77C05674 5 Bytes JMP 0035000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!KiUserExceptionDispatcher 77C05DC8 5 Bytes JMP 002F000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Windows\Explorer.EXE[2804] ntdll.dll!NtProtectVirtualMemory 77C04D34 5 Bytes JMP 0173000A
    .text C:\Windows\Explorer.EXE[2804] ntdll.dll!NtWriteVirtualMemory 77C05674 5 Bytes JMP 0184000A
    .text C:\Windows\Explorer.EXE[2804] ntdll.dll!KiUserExceptionDispatcher 77C05DC8 5 Bytes JMP 002F000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4280] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4548] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4920] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4996] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!SetWindowsHookExW 764587AD 5 Bytes JMP 6EAEDBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!CallNextHookEx 76458E3B 5 Bytes JMP 6EAEDD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!UnhookWindowsHookEx 764598DB 5 Bytes JMP 6EA51CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!CreateWindowExW 76461305 5 Bytes JMP 6EAF4832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxParamW 764810B0 5 Bytes JMP 6EA19315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxIndirectParamW 76482EF5 5 Bytes JMP 6EC0E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxParamA 76498152 5 Bytes JMP 6EC0DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxIndirectParamA 7649847D 5 Bytes JMP 6EC0E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxIndirectA 764AD4D9 5 Bytes JMP 6EC0DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxIndirectW 764AD5D3 5 Bytes JMP 6EC0DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxExA 764AD639 5 Bytes JMP 6EC0DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxExW 764AD65D 5 Bytes JMP 6EC0DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5748] ole32.dll!CoCreateInstance 762A9F3E 5 Bytes JMP 6EAF488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 85CA81F8
    Device \FileSystem\udfs \UdfsCdRom 887D41F8
    Device \FileSystem\udfs \UdfsDisk 887D41F8
    Device \Driver\volmgr \Device\VolMgrControl 85CA41F8
    Device \Driver\usbohci \Device\USBPDO-0 8764E1F8
    Device \Driver\usbehci \Device\USBPDO-1 876311F8

    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    Device \Driver\nvstor32 \Device\00000063 85CA71F8
    Device \Driver\volmgr \Device\HarddiskVolume1 85CA41F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{E81D856C-2A78-4958-9815-792BAE32AED4} 887A21F8
    Device \Driver\volmgr \Device\HarddiskVolume2 85CA41F8
    Device \Driver\cdrom \Device\CdRom0 876451F8
    Device \Driver\atapi \Device\Ide\IdePort0 85CA61F8
    Device \Driver\atapi \Device\Ide\IdePort1 85CA61F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 887A21F8
    Device \Driver\Smb \Device\NetbiosSmb 886DC1F8
    Device \Driver\nvstor32 \Device\RaidPort0 85CA71F8

    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    Device \Driver\iScsiPrt \Device\RaidPort1 87652500
    Device \Driver\usbohci \Device\USBFDO-0 8764E1F8
    Device \Driver\usbehci \Device\USBFDO-1 876311F8
    Device \Device\00000062 -> \??\SCSI#Disk&Ven_ST350062&Prod_0AS#4&ac26b09&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xB4 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xFE 0x8C 0x5D 0xA2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xB4 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xFE 0x8C 0x5D 0xA2 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDE9172A-DDE9-B144-F627-96525AE7577A}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDE9172A-DDE9-B144-F627-96525AE7577A}@majofelkcmphpjomglhjjjenim 0x6A 0x61 0x63 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDE9172A-DDE9-B144-F627-96525AE7577A}@napephoodpnklngfhjmgieadmfdc 0x6A 0x61 0x63 0x6D ...

    ---- EOF - GMER 1.0.15 ----



    and the attachment
     

    Attached Files:

  2. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    my questions been 48 hours and no reply yet so im just replying to "bump up" my question.
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya rizzle425,

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Before saving to your Desktop re-name Combofix to Gotcha.exe as follows:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply please,

    Kevin
     
  4. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    hello kevinf80,

    thank you for your reply, it is appreciated! i followed your instructions to the point and i can not get combofix to run. I made sure to name it gotcha.exe when i saved it, and i saved it to the desktop. i disabled my antivirus and firewall before running, but i can not seem to get it to work.

    Ive tried running normally and as administrator in regular windows, and Ive attempted running normally and as administrator in safe mode as well, all attempts failed. i got a blue screen and a system reboot every time the initial loading bar of the combofix would complete. there was one exception where i didnt get a blue screen, but my pc froze and i had to do a hard shutdown and restart.

    any ideas?

    Rizzle425
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Keep your security OFF and try the following:

    Please download Rkill and save to your Desktop.
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If you get an alert that RKill is a threat, leave that alert open and re-run RKill again.

    If RKill is successful give Combofix (Gotcha.exe) another try
     
  6. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    I downloaded the Rkill as instructed and had the same results as combofix, it either blue screened and restarted or it froze up my pc when i tried to run the rkill.exe from my desktop.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Re-boot your PC and continuously tap the F8 key until you see the Windows Advanced Menu, from the options select "Safe Mode with Networking"

    Next,

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    See if that works, post the log if successful,
     
  8. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    okay good news i got that one to work and ive got the log, here it is:


    2011/01/08 19:38:57.0634 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/08 19:38:57.0634 ================================================================================
    2011/01/08 19:38:57.0634 SystemInfo:
    2011/01/08 19:38:57.0634
    2011/01/08 19:38:57.0634 OS Version: 6.0.6002 ServicePack: 2.0
    2011/01/08 19:38:57.0634 Product type: Workstation
    2011/01/08 19:38:57.0634 ComputerName: ROWDYPC
    2011/01/08 19:38:57.0634 UserName: Rizzle
    2011/01/08 19:38:57.0634 Windows directory: C:\Windows
    2011/01/08 19:38:57.0634 System windows directory: C:\Windows
    2011/01/08 19:38:57.0634 Processor architecture: Intel x86
    2011/01/08 19:38:57.0634 Number of processors: 2
    2011/01/08 19:38:57.0634 Page size: 0x1000
    2011/01/08 19:38:57.0634 Boot type: Safe boot with network
    2011/01/08 19:38:57.0634 ================================================================================
    2011/01/08 19:38:57.0915 Initialize success
    2011/01/08 19:39:07.0977 ================================================================================
    2011/01/08 19:39:07.0977 Scan started
    2011/01/08 19:39:07.0977 Mode: Manual;
    2011/01/08 19:39:07.0977 ================================================================================
    2011/01/08 19:39:09.0272 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/01/08 19:39:09.0428 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/01/08 19:39:09.0693 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/01/08 19:39:09.0740 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/01/08 19:39:09.0833 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/01/08 19:39:09.0927 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/01/08 19:39:09.0974 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/01/08 19:39:10.0020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/01/08 19:39:10.0052 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/01/08 19:39:10.0083 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/01/08 19:39:10.0114 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/01/08 19:39:10.0130 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/01/08 19:39:10.0145 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/08 19:39:10.0332 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/08 19:39:10.0582 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/01/08 19:39:10.0676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/01/08 19:39:10.0691 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/01/08 19:39:10.0738 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/08 19:39:10.0769 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/01/08 19:39:10.0800 AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
    2011/01/08 19:39:10.0832 AtiHdmiService (5e1cbda7d52289579e25283549e99425) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/01/08 19:39:10.0988 atikmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/08 19:39:11.0050 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\Windows\system32\DRIVERS\atksgt.sys
    2011/01/08 19:39:11.0112 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/01/08 19:39:11.0144 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/01/08 19:39:11.0175 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/08 19:39:11.0206 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/01/08 19:39:11.0222 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/01/08 19:39:11.0253 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/01/08 19:39:11.0284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/01/08 19:39:11.0300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/01/08 19:39:11.0315 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/01/08 19:39:11.0331 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/01/08 19:39:11.0362 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/08 19:39:11.0409 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/08 19:39:11.0440 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/01/08 19:39:11.0487 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/01/08 19:39:11.0549 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/01/08 19:39:11.0580 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    2011/01/08 19:39:11.0612 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/01/08 19:39:11.0643 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/01/08 19:39:11.0705 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/08 19:39:11.0783 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/01/08 19:39:11.0830 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/08 19:39:11.0877 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/08 19:39:11.0924 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/01/08 19:39:12.0002 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/01/08 19:39:12.0048 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/01/08 19:39:12.0095 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/01/08 19:39:12.0142 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/01/08 19:39:12.0189 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/01/08 19:39:12.0220 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/08 19:39:12.0251 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/08 19:39:12.0282 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/01/08 19:39:12.0329 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/08 19:39:12.0360 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/08 19:39:12.0376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/08 19:39:12.0407 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/01/08 19:39:12.0454 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/08 19:39:12.0485 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/08 19:39:12.0516 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/01/08 19:39:12.0548 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/01/08 19:39:12.0594 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/08 19:39:12.0672 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/01/08 19:39:12.0813 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
    2011/01/08 19:39:12.0922 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    2011/01/08 19:39:13.0016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/01/08 19:39:13.0047 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/01/08 19:39:13.0078 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/08 19:39:13.0109 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/01/08 19:39:13.0140 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/01/08 19:39:13.0234 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/01/08 19:39:13.0296 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/01/08 19:39:13.0312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/08 19:39:13.0343 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/08 19:39:13.0390 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/01/08 19:39:13.0406 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/01/08 19:39:13.0437 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/01/08 19:39:13.0452 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/01/08 19:39:13.0499 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/08 19:39:13.0530 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/01/08 19:39:13.0546 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/01/08 19:39:13.0624 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/08 19:39:13.0671 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/08 19:39:13.0718 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\Windows\system32\DRIVERS\kl1.sys
    2011/01/08 19:39:13.0749 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/08 19:39:13.0827 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
    2011/01/08 19:39:13.0905 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/08 19:39:13.0952 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/01/08 19:39:13.0967 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/01/08 19:39:13.0998 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/01/08 19:39:14.0030 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/01/08 19:39:14.0076 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/01/08 19:39:14.0123 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/01/08 19:39:14.0154 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/01/08 19:39:14.0186 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/01/08 19:39:14.0217 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/08 19:39:14.0264 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/08 19:39:14.0295 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/08 19:39:14.0326 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/08 19:39:14.0388 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/01/08 19:39:14.0420 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/08 19:39:14.0451 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/01/08 19:39:14.0498 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/08 19:39:14.0544 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/08 19:39:14.0560 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/08 19:39:14.0591 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/08 19:39:14.0607 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/01/08 19:39:14.0669 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/01/08 19:39:14.0700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/01/08 19:39:14.0732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/01/08 19:39:14.0794 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/08 19:39:14.0825 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/08 19:39:14.0856 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/08 19:39:14.0903 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/08 19:39:14.0934 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/08 19:39:14.0950 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/08 19:39:14.0981 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/01/08 19:39:15.0044 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/08 19:39:15.0090 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/01/08 19:39:15.0122 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/08 19:39:15.0137 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/08 19:39:15.0184 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/08 19:39:15.0215 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/08 19:39:15.0231 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/08 19:39:15.0262 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/08 19:39:15.0324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/01/08 19:39:15.0371 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/01/08 19:39:15.0387 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/08 19:39:15.0449 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/08 19:39:15.0496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/01/08 19:39:15.0512 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/01/08 19:39:15.0590 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    2011/01/08 19:39:15.0808 nvlddmkm (36574da5c3a40621830783741f46b446) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/08 19:39:15.0964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/01/08 19:39:15.0995 nvrd32 (0d15327134e5871c922760acd7449e84) C:\Windows\system32\drivers\nvrd32.sys
    2011/01/08 19:39:16.0026 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
    2011/01/08 19:39:16.0042 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/01/08 19:39:16.0073 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
    2011/01/08 19:39:16.0120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/01/08 19:39:16.0182 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/01/08 19:39:16.0229 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/01/08 19:39:16.0276 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/01/08 19:39:16.0292 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/01/08 19:39:16.0354 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/01/08 19:39:16.0370 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/01/08 19:39:16.0416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/01/08 19:39:16.0448 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/01/08 19:39:16.0588 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/08 19:39:16.0604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/01/08 19:39:16.0650 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/08 19:39:16.0713 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/01/08 19:39:16.0775 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/01/08 19:39:16.0853 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/08 19:39:16.0869 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/08 19:39:16.0947 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/08 19:39:16.0978 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/08 19:39:17.0025 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/08 19:39:17.0056 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/08 19:39:17.0072 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/08 19:39:17.0118 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/08 19:39:17.0134 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/08 19:39:17.0181 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/08 19:39:17.0243 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/08 19:39:17.0274 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/01/08 19:39:17.0384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\SECDRV.SYS
    2011/01/08 19:39:17.0462 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/01/08 19:39:17.0508 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/01/08 19:39:17.0571 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/01/08 19:39:17.0618 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/01/08 19:39:17.0649 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/01/08 19:39:17.0664 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/01/08 19:39:17.0711 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/01/08 19:39:17.0867 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/01/08 19:39:17.0898 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/01/08 19:39:17.0930 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/01/08 19:39:17.0976 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/08 19:39:18.0023 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/01/08 19:39:18.0070 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2011/01/08 19:39:18.0070 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2011/01/08 19:39:18.0086 sptd - detected Locked file (1)
    2011/01/08 19:39:18.0148 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/08 19:39:18.0242 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/08 19:39:18.0273 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/08 19:39:18.0320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/08 19:39:18.0366 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/01/08 19:39:18.0413 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/01/08 19:39:18.0460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/01/08 19:39:18.0585 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/01/08 19:39:18.0663 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/08 19:39:18.0725 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/08 19:39:18.0772 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/08 19:39:18.0803 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/08 19:39:18.0850 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/08 19:39:18.0897 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/08 19:39:18.0959 tmactmon (02ffe7402fb07f2f64d1ac6866345087) C:\Windows\system32\DRIVERS\tmactmon.sys
    2011/01/08 19:39:18.0990 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\Windows\system32\DRIVERS\tmcomm.sys
    2011/01/08 19:39:19.0022 tmevtmgr (efe60b70fa964459dde55039c5b05be7) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    2011/01/08 19:39:19.0053 tmlwf (d5ce61a14f7489d1ae827de8ddd9a87d) C:\Windows\system32\DRIVERS\tmlwf.sys
    2011/01/08 19:39:19.0131 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\Windows\system32\DRIVERS\tmpreflt.sys
    2011/01/08 19:39:19.0209 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\Windows\system32\DRIVERS\tmtdi.sys
    2011/01/08 19:39:19.0240 tmwfp (abd052191da6d8d6f5357c600a179d48) C:\Windows\system32\DRIVERS\tmwfp.sys
    2011/01/08 19:39:19.0302 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\Windows\system32\DRIVERS\tmxpflt.sys
    2011/01/08 19:39:19.0349 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/08 19:39:19.0380 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/01/08 19:39:19.0427 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/08 19:39:19.0443 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/01/08 19:39:19.0490 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/08 19:39:19.0536 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/01/08 19:39:19.0568 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/01/08 19:39:19.0599 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/01/08 19:39:19.0661 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/01/08 19:39:19.0677 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/08 19:39:19.0786 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/01/08 19:39:19.0911 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/08 19:39:19.0926 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/01/08 19:39:19.0973 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/08 19:39:20.0004 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/08 19:39:20.0036 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/08 19:39:20.0082 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/08 19:39:20.0114 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/08 19:39:20.0192 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/08 19:39:20.0238 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/08 19:39:20.0270 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/01/08 19:39:20.0285 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/01/08 19:39:20.0316 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/01/08 19:39:20.0332 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/01/08 19:39:20.0363 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/01/08 19:39:20.0472 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/08 19:39:20.0504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/01/08 19:39:20.0566 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\Windows\system32\DRIVERS\vsapint.sys
    2011/01/08 19:39:20.0613 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/01/08 19:39:20.0644 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    2011/01/08 19:39:20.0675 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/01/08 19:39:20.0738 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/01/08 19:39:20.0769 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/08 19:39:20.0847 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/08 19:39:20.0878 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/01/08 19:39:20.0909 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/08 19:39:21.0221 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/01/08 19:39:21.0362 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/01/08 19:39:21.0455 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/01/08 19:39:21.0486 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/08 19:39:21.0533 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/08 19:39:21.0611 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/01/08 19:39:21.0705 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
    2011/01/08 19:39:21.0736 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/08 19:39:21.0736 ================================================================================
    2011/01/08 19:39:21.0736 Scan finished
    2011/01/08 19:39:21.0736 ================================================================================
    2011/01/08 19:39:21.0752 Detected object count: 2
    2011/01/08 19:39:56.0571 Locked file(sptd) - User select action: Skip
    2011/01/08 19:39:56.0602 \HardDisk0 - will be cured after reboot
    2011/01/08 19:39:56.0602 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/08 19:40:09.0644 Deinitialize success
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, nice job.See if Combofix (Gotcha.exe) will run now....

    Kevin
     
  10. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    okay, i got the combofix successfully complete. here is the log.



    ComboFix 11-01-08.05 - Rizzle 01/09/2011 18:27:30.1.2 - x86 NETWORK
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3582.3101 [GMT -7:00]
    Running from: c:\users\Rizzle\Desktop\gotcha.exe
    AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Trend Micro Internet Security Pro *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}\chrome.manifest
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}\chrome\content\_cfg.js
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}\chrome\content\c.js
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}\chrome\content\overlay.xul
    c:\users\Rizzle\AppData\Local\{3BA7F147-C6D8-48DA-BB5E-8651E9003C62}\install.rdf
    c:\windows\expert
    c:\windows\expert\Apps\Help.ico
    c:\windows\expert\Apps\Home.exe
    c:\windows\expert\Apps\Install.ico
    c:\windows\expert\Apps\PDF.ICO
    c:\windows\expert\Apps\Readme.ico
    c:\windows\expert\Apps\Register.exe
    c:\windows\expert\Apps\Support.exe
    c:\windows\expert\X6820.INI
    c:\windows\system32\jusched.exe
    c:\windows\system32\service
    c:\windows\system32\service\08012010_TIS17_SfFniAU.log
    c:\windows\system32\service\08122010_TIS17_SfFniAU.log
    c:\windows\system32\service\09032010_TIS17_SfFniAU.log
    c:\windows\system32\service\13042010_TIS17_SfFniAU.log
    c:\windows\system32\service\16042010_TIS17_SfFniAU.log
    c:\windows\system32\service\22062009_TIS17_SfFniAU.log
    c:\windows\system32\service\22092010_TIS17_SfFniAU.log
    c:\windows\system32\service\25042010_TIS17_SfFniAU.log
    c:\windows\system32\service\27122010_TIS17_SfFniAU.log
    c:\windows\system32\service\29092009_TIS17_SfFniAU.log
    c:\windows\system32\UACchnmiwvbmvmxghsik.db
    c:\windows\system32\uactmp.db
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_UACD.SYS


    ((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
    .

    2011-01-10 01:37 . 2011-01-10 01:39 -------- d-----w- c:\users\Rizzle\AppData\Local\temp
    2011-01-09 05:20 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-09 05:13 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EE2B0CE-D6DC-4561-9B13-DC6E65673C53}\mpengine.dll
    2011-01-06 08:52 . 2011-01-08 21:45 -------- d-----w- c:\program files\Runes of Magic
    2011-01-04 04:42 . 2011-01-04 04:42 388096 ----a-r- c:\users\Rizzle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-29 09:13 . 2010-12-29 09:13 -------- d-----w- c:\program files\Feedback Tool
    2010-12-28 07:53 . 2010-12-28 07:53 -------- d-----w- c:\users\Rizzle\AppData\Roaming\Registry Mechanic
    2010-12-26 02:27 . 2010-12-26 02:35 -------- d-----w- c:\users\Rizzle\AppData\Roaming\FixCleaner
    2010-12-26 02:27 . 2010-12-26 02:35 -------- d-----w- c:\program files\FixCleaner
    2010-12-17 20:57 . 2010-12-17 20:57 -------- d-----w- c:\users\Rizzle\dwhelper
    2010-12-17 20:55 . 2010-12-28 07:53 -------- d-----w- c:\program files\AutocompletePro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-29 08:13 . 2010-09-09 17:41 18 ----a-w- c:\windows\system\msg.bat
    2010-12-29 08:13 . 2010-09-09 17:41 1646 ----a-w- c:\windows\system\msg.reg
    2010-12-21 01:09 . 2010-09-12 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 01:08 . 2010-09-12 16:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 16:38 . 2010-12-09 16:38 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-25 07:01 . 2009-02-04 04:43 4077568 ----a-w- c:\windows\system32\atiumdag.dll
    2010-11-25 07:00 . 2010-11-25 07:00 4407808 ----a-w- c:\windows\system32\aticaldd.dll
    2010-11-25 07:00 . 2010-11-25 07:00 16201728 ----a-w- c:\windows\system32\atioglxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-11-25 07:00 . 2010-05-05 02:19 536576 ----a-w- c:\windows\system32\aticfx32.dll
    2010-11-25 07:00 . 2010-11-25 07:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-11-25 07:00 . 2010-11-25 07:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 6472192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-11-25 07:00 . 2009-12-11 20:11 52736 ----a-w- c:\windows\system32\coinst.dll
    2010-11-25 07:00 . 2010-11-25 07:00 3953152 ----a-w- c:\windows\system32\atidxx32.dll
    2010-11-25 07:00 . 2010-11-25 07:00 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-11-25 07:00 . 2010-11-25 07:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-11-25 07:00 . 2010-11-25 07:00 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-11-25 07:00 . 2010-11-25 07:00 11776 ----a-w- c:\windows\system32\atimuixx.dll
    2010-11-25 07:00 . 2009-12-11 19:50 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-11-25 07:00 . 2010-11-25 07:00 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-11-25 07:00 . 2010-11-25 07:00 19968 ----a-w- c:\windows\system32\atigktxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-11-25 07:00 . 2010-11-25 07:00 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-11-25 07:00 . 2010-11-25 07:00 228352 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-11-25 07:00 . 2010-11-25 07:00 241664 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-11-25 07:00 . 2010-05-05 01:19 3460096 ----a-w- c:\windows\system32\atiumdva.dll
    2010-11-25 07:00 . 2010-11-25 07:00 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
    2010-11-25 07:00 . 2009-12-11 19:49 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2010-11-25 07:00 . 2010-11-25 07:00 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-11-25 07:00 . 2010-11-25 07:00 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-11-25 07:00 . 2010-11-25 07:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-11-25 07:00 . 2010-11-25 07:00 294912 ----a-w- c:\windows\system32\ATIODE.exe
    2010-11-25 07:00 . 2010-11-25 07:00 100368 ----a-w- c:\windows\system32\drivers\AtihdLH3.sys
    2010-11-25 07:00 . 2010-11-25 07:00 380928 ----a-w- c:\windows\system32\atieclxx.exe
    2010-11-21 07:52 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2010-11-21 07:52 . 2009-08-18 18:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2010-10-31 20:29 . 2010-04-24 16:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-10-31 20:29 . 2009-09-09 23:47 22328 ----a-w- c:\users\Rizzle\AppData\Roaming\PnkBstrK.sys
    2010-10-31 20:29 . 2009-12-19 04:39 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-10-31 20:28 . 2010-04-24 16:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-10-31 20:28 . 2009-12-19 04:39 669184 ----a-w- c:\windows\system32\pbsvc.exe
    2010-10-19 18:58 . 2010-04-25 17:18 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-19 17:41 . 2009-12-24 20:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-14 08:36 . 2010-10-14 08:36 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-14 08:36 . 2010-10-14 08:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
    backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    2010-03-04 20:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-03-13 18:58 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-08-09 12:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
    2009-07-19 05:44 492808 ----a-w- c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 04:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
    2010-02-03 06:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-07-03 17:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2010-10-01 05:28 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-11-22 20:17 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-04-07 09:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
    2009-10-20 08:50 995528 ----a-w- c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [x]
    R3 jDEBWdowLn;jDEBWdowLn;c:\users\Rizzle\Desktop\speedy\ONWAE [x]
    R3 LlGzsiIgb;LlGzsiIgb;c:\users\Rizzle\Desktop\speedy\CQHXIH [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3584240]
    R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [x]
    R3 pHDMLilWrz;pHDMLilWrz;c:\users\Rizzle\Desktop\speedy\LHRUHPSS [x]
    R3 sikpYwCehF;sikpYwCehF;c:\users\Rizzle\Desktop\speedy\ITVBIHJM [x]
    R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WvMWWJbHA;WvMWWJbHA;c:\users\Rizzle\Desktop\speedy\LXHFB [x]
    R3 YDCxAmHXF;YDCxAmHXF;c:\users\Rizzle\Desktop\speedy\XFGFZMSC [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-02 721904]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-19 145424]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/03/30 19:25];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 18:58 87536]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-25 176128]
    S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
    S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 497008]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
    S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 677128]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-19 256528]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-25 6472192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-25 228352]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-25 100368]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-15 c:\windows\Tasks\HPCeeScheduleForRizzle.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-12 03:03]

    2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{F1EEAB40-F5C5-46ED-824D-FCBDD5D85A69}.job
    - c:\windows\system32\msfeedssync.exe [2011-01-09 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
    DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-A00F19AFCBEC - c:\users\Rizzle\AppData\Local\Temp\_A00F19AFCBEC.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    MSConfigStartUp-iOmem - c:\users\Rizzle\AppData\Local\TempImages\iOmem.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-net - c:\windows\system32\net.net
    MSConfigStartUp-ProxyFirewall - c:\program files\ProxyFirewall\ProxyFirewall.exe
    MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-09 18:42
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jDEBWdowLn]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\ONWAE"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LlGzsiIgb]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\CQHXIH"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pHDMLilWrz]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\LHRUHPSS"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sikpYwCehF]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\ITVBIHJM"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WvMWWJbHA]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\LXHFB"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\YDCxAmHXF]
    "ImagePath"="\??\c:\users\Rizzle\Desktop\speedy\XFGFZMSC"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2878287562-595671670-2002291222-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDE9172A-DDE9-B144-F627-96525AE7577A}*]
    "majofelkcmphpjomglhjjjenim"=hex:6a,61,63,6d,70,6b,64,70,61,66,6d,6d,6a,66,70,
    66,70,70,67,70,00,00
    "napephoodpnklngfhjmgieadmfdc"=hex:6a,61,63,6d,70,6b,64,70,61,66,6d,6d,6a,66,
    70,66,70,70,67,70,00,fe

    [HKEY_USERS\S-1-5-21-2878287562-595671670-2002291222-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9d,81,62,4c,43,8c,ec,d9,67,49,53,91,86,3d,56,18,5a,20,59,54,dd,ea,da,
    ad,3e,36,c0,cf,48,74,26,af,03,66,31,0a,9d,77,81,17,d1,ec,d5,c9,15,98,01,90,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

    [HKEY_USERS\S-1-5-21-2878287562-595671670-2002291222-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8e,1f,09,e2,15,bf,17,61,fc,40,1c,7c,32,cc,8c,e0,f3,41,33,61,9c,
    59,31,1b,a2,3a,d2,5e,7c,9b,62,8d,df,55,02,bd,22,fb,fc,ed,20,cd,4e,db,59,85,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-09 18:47:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-10 01:47

    Pre-Run: 301,791,678,464 bytes free
    Post-Run: 301,810,237,440 bytes free

    - - End Of File - - 8C8378AA85EE1B99237F83C999981B12
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya rizzle425,

    Proceed as follows please :-

    Step 1

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    Step 2

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    What i`d like in your reply :-

    • Log from ESET
    • OTL Txt
    • Extras Txt

    Kevin
     
  12. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    i cannot get the ESET scan to work. i clicked the link u gave, accepted security warnings, downloaded and installed, then i accepted the terms of use and clicked start. thats as far as i could get. every time i would accept terms of use and click start it would load the next page with the two tickboxes, but then it would bring up an error message every time stating that internet explorer stopped responding and windows will notify me if a solution becomes available blah blah blah.

    so i tried to start my pc in safe mode with networking however i can not get it to run in safe mode either, when i accept terms of use and click start in safe mode it just takes me to the main internet explorer window and pops up a message near the ESET tab saying "this tab has been recovered, A problem with the web page has caused Internet Explorer to close and re-open this tab.

    any ideas how i can get it to work?
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Turn off all security and try again....
     
  14. rizzle425

    rizzle425 Thread Starter

    Joined:
    Apr 8, 2007
    Messages:
    36
    I have double checked to make sure that all security is off, and it is still giving me the same problem. maybe ill try to run it in a different web browser than IE. i cant use Firefox because it crashes ever minute, literally. so i will try downloading safari and see if i can run it on there, ill post again soon with my results on that.
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Leave it for now and just run OTL...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972722

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice