Unusably slow computer

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Unusably slow computer

Post by Crush on Fri Aug 20, 2010 7:24 pm

Might have been updated again and the options changed. I'll have a look. Choose Quarantine for now and we'll deal with them later.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

TDSSkiller report

Post by hellbndr23 on Fri Aug 20, 2010 9:19 pm

2010/08/20 14:17:13.0953 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/20 14:17:13.0953 ================================================================================
2010/08/20 14:17:13.0953 SystemInfo:
2010/08/20 14:17:13.0953
2010/08/20 14:17:13.0953 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/20 14:17:13.0953 Product type: Workstation
2010/08/20 14:17:13.0953 ComputerName: BRANDON
2010/08/20 14:17:13.0953 UserName: Owner
2010/08/20 14:17:13.0953 Windows directory: C:\WINDOWS
2010/08/20 14:17:13.0953 System windows directory: C:\WINDOWS
2010/08/20 14:17:13.0953 Processor architecture: Intel x86
2010/08/20 14:17:13.0953 Number of processors: 1
2010/08/20 14:17:13.0953 Page size: 0x1000
2010/08/20 14:17:13.0953 Boot type: Normal boot
2010/08/20 14:17:13.0953 ================================================================================
2010/08/20 14:17:14.0468 Initialize success
2010/08/20 14:17:18.0281 ================================================================================
2010/08/20 14:17:18.0281 Scan started
2010/08/20 14:17:18.0281 Mode: Manual;
2010/08/20 14:17:18.0281 ================================================================================
2010/08/20 14:17:20.0671 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
2010/08/20 14:17:20.0765 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
2010/08/20 14:17:20.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/20 14:17:21.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/20 14:17:21.0140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/20 14:17:21.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/20 14:17:21.0296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/20 14:17:21.0546 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/08/20 14:17:21.0671 AON325 (f60a64e24846ca6383ae7e835c826911) C:\WINDOWS\system32\DRIVERS\AON325.SYS
2010/08/20 14:17:21.0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/20 14:17:22.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/20 14:17:22.0140 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/20 14:17:22.0140 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: cdfe4411a69c224bd1d11b2da92dac51
2010/08/20 14:17:22.0171 atapi - detected Locked file (1)
2010/08/20 14:17:22.0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/20 14:17:22.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/20 14:17:22.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/20 14:17:22.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/20 14:17:22.0796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/20 14:17:22.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/20 14:17:23.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/20 14:17:23.0093 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/20 14:17:23.0468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/20 14:17:23.0578 DM150Drv (5062ca00b96e7c3eb7c1a3ff01d03674) C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
2010/08/20 14:17:23.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/20 14:17:23.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/20 14:17:24.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/20 14:17:24.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/20 14:17:24.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/20 14:17:24.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/20 14:17:24.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/20 14:17:24.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/20 14:17:24.0671 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/20 14:17:24.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/20 14:17:24.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/20 14:17:24.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/20 14:17:25.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/20 14:17:25.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/20 14:17:25.0375 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/20 14:17:25.0515 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/20 14:17:25.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/20 14:17:25.0828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/20 14:17:25.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/20 14:17:26.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/20 14:17:26.0234 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/20 14:17:26.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/20 14:17:26.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/20 14:17:26.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/20 14:17:26.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/20 14:17:26.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/20 14:17:26.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/20 14:17:27.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/20 14:17:27.0109 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/20 14:17:27.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/20 14:17:27.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/20 14:17:27.0468 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/08/20 14:17:27.0640 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/20 14:17:27.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/20 14:17:27.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/20 14:17:27.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/20 14:17:28.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/20 14:17:28.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/20 14:17:28.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/20 14:17:28.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/20 14:17:28.0437 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/20 14:17:28.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/20 14:17:28.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/20 14:17:28.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/20 14:17:28.0750 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/20 14:17:28.0859 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/08/20 14:17:28.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/20 14:17:29.0031 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/20 14:17:29.0125 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/20 14:17:29.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/20 14:17:29.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/20 14:17:29.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/20 14:17:29.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/20 14:17:29.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/20 14:17:29.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/20 14:17:29.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/20 14:17:29.0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/20 14:17:29.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/20 14:17:29.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/20 14:17:30.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/20 14:17:30.0359 nv (29b9163a6d9c486dcaefed190130acb0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/20 14:17:30.0562 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
2010/08/20 14:17:30.0656 NVENET (5155e22da2f2e1ca4023d00f6eb31b5e) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2010/08/20 14:17:30.0734 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
2010/08/20 14:17:30.0906 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/08/20 14:17:30.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/20 14:17:31.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/20 14:17:31.0125 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/20 14:17:31.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/20 14:17:31.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/20 14:17:31.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/20 14:17:31.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/20 14:17:31.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/20 14:17:31.0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/20 14:17:32.0140 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/20 14:17:32.0250 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
2010/08/20 14:17:32.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/20 14:17:32.0390 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/20 14:17:32.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/20 14:17:32.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/20 14:17:32.0625 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/20 14:17:32.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/20 14:17:33.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/20 14:17:33.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/20 14:17:33.0265 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/20 14:17:33.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/20 14:17:33.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/20 14:17:33.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/20 14:17:33.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/20 14:17:33.0718 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/08/20 14:17:33.0843 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/20 14:17:33.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/20 14:17:34.0093 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/20 14:17:34.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/20 14:17:34.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/20 14:17:34.0390 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/20 14:17:34.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/20 14:17:34.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/20 14:17:34.0703 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/20 14:17:34.0828 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/20 14:17:34.0921 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/20 14:17:35.0015 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/08/20 14:17:35.0125 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2010/08/20 14:17:35.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/20 14:17:35.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/20 14:17:35.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/20 14:17:35.0734 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/20 14:17:35.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/20 14:17:35.0921 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/20 14:17:36.0000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/20 14:17:36.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/20 14:17:36.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/20 14:17:36.0500 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/20 14:17:36.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/20 14:17:36.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/20 14:17:36.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/20 14:17:36.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/20 14:17:36.0906 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/20 14:17:37.0015 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/20 14:17:37.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/20 14:17:37.0203 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/20 14:17:37.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/20 14:17:37.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/20 14:17:37.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/20 14:17:37.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/20 14:17:38.0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/20 14:17:38.0578 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/20 14:17:38.0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/20 14:17:39.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/20 14:17:39.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/20 14:17:39.0625 ================================================================================
2010/08/20 14:17:39.0625 Scan finished
2010/08/20 14:17:39.0625 ================================================================================
2010/08/20 14:17:39.0640 Detected object count: 1
2010/08/20 16:23:56.0546 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/20 16:23:56.0562 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: cdfe4411a69c224bd1d11b2da92dac51
2010/08/20 16:23:56.0640 C:\WINDOWS\system32\DRIVERS\atapi.sys - quarantined
2010/08/20 16:23:56.0640 Locked file(atapi) - User select action: Quarantine

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Fri Aug 20, 2010 9:57 pm

Ok. Follow up with RootRepeal please.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Mon Aug 23, 2010 9:21 pm

tried several times. rootrepeal starts, says initializing please wait, get low memory warning, hit ok, stays at initializing. let it go for an hour and nothing changed. cant crt+alt+del. force shutdown and restart.

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Tue Aug 24, 2010 3:54 am

Can you try in Safe Mode?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Wed Aug 25, 2010 8:46 pm

Tried safe mode. goes to initializing. walked away, came back screen saver was on. instead of windows logo jumping around there was a little square that said not enough memory. Tried to get comp out of screen saver, never came back. words for icons showed on screen and nothing else. no start bar no icon. could tell there was a box for the program but nothing in it. had to force shutdown.

bout ready to trash this thing and start over. just so much work to do so.

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Fri Aug 27, 2010 5:30 pm

Hi hellbndr,

Sorry for the delay.

Please navigate to the following file C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

Right click and choose Extract. When it prompts you to extract the file to a location, choose C:\

Once that is done:

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\atapi.sys | C:\Windows\System32\Drivers\atapi.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Combo fix log

Post by hellbndr23 on Mon Aug 30, 2010 8:50 pm

ComboFix 10-08-29.04 - Owner 08/30/2010 15:19:04.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.204 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\atapi.sys --> c:\Windows\System32\Drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-25 15:09 . 2010-08-25 15:09 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-20 21:23 . 2010-08-20 21:23 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-19 19:37 . 2008-06-17 21:56 45688 ----a-r- c:\windows\system32\drivers\generic.sys
2010-08-19 19:37 . 2008-06-17 21:56 20600 ----a-r- c:\windows\system32\drivers\DM150Drv.sys
2010-08-19 19:35 . 2010-08-19 19:35 -------- d-----w- c:\program files\Pitney Bowes
2010-08-19 19:34 . 2010-08-19 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Pitney Bowes
2010-08-19 19:33 . 2010-08-19 19:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7387B7C8-A3C3-4A2D-87B1-C5691A71AFC3}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 14:37 . 2005-10-27 20:27 -------- d-----w- c:\program files\Google
2010-08-10 18:07 . 2005-10-15 15:36 728 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-08-09 13:16 . 2010-08-09 13:16 19266856 ----a-w- c:\documents and settings\Owner\Application Data\Memeo\AutoBackupPro\temp\7494_me_abpro_en-US_setup.exe
2010-08-06 17:40 . 2010-08-06 17:40 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\msvcp71.dll
2010-08-06 17:40 . 2010-08-06 17:40 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\jmc.dll
2010-08-06 17:40 . 2010-08-06 17:40 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\msvcr71.dll
2010-08-06 17:40 . 2010-08-06 17:40 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21d65a45-n\decora-sse.dll
2010-08-06 17:40 . 2010-08-06 17:40 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21d65a45-n\decora-d3d.dll
2010-07-23 19:53 . 2010-07-23 19:53 -------- d-----w- c:\program files\7-Zip
2010-07-22 19:09 . 2003-01-03 13:49 -------- d-----w- c:\program files\Ahead
2010-07-21 16:03 . 2010-07-21 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2010-07-16 21:15 . 2010-07-16 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2010-07-16 21:08 . 2010-07-16 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Memeo
2010-07-16 21:08 . 2010-07-16 21:07 -------- d-----w- c:\program files\Memeo
2010-07-16 21:07 . 2010-07-16 21:07 -------- d-----w- c:\program files\Common Files\Memeo
2010-07-14 15:34 . 2010-02-11 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-14 08:32 . 2010-07-12 15:19 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-13 15:54 . 2010-07-13 15:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-07-13 15:18 . 2005-05-23 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\documents and settings\Owner\Application Data\Sys6925.Config Collection.sys
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\documents and settings\Owner\Application Data\Sys6925.Config Collection.sys
2010-07-13 13:22 . 2004-10-07 13:29 121216 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 17:49 . 2005-10-10 18:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\MSBuild
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\Reference Assemblies
2010-07-12 15:20 . 2010-07-12 15:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2010-07-12 14:52 . 2010-07-12 14:52 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\msvcp71.dll
2010-07-12 14:52 . 2010-07-12 14:52 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\jmc.dll
2010-07-12 14:52 . 2010-07-12 14:52 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\msvcr71.dll
2010-07-12 14:52 . 2003-01-03 13:44 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 14:52 . 2010-07-12 14:52 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29f31e9f-n\decora-sse.dll
2010-07-12 14:52 . 2010-07-12 14:52 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29f31e9f-n\decora-d3d.dll
2010-07-12 14:52 . 2010-07-12 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 14:52 . 2010-07-12 14:52 -------- d-----w- c:\program files\Java
2010-06-30 12:31 . 2003-01-03 11:41 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-01-03 11:42 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-01-03 11:41 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-01-03 11:41 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-01-03 12:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-24 14:37 . 2010-08-24 14:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-03-31 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"WD Button Manager"="WDBtnMgr.exe" [2005-07-01 331776]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\brandon\Programs\quick\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinVNC"="c:\program files\iTivity\bin\rfbd.exe" [2005-03-25 274432]
"iTivityODConnector"="c:\program files\iTivity\bin\connector_od.exe" [2006-11-13 299008]
"tridiavnc"="c:\program files\iTivity\bin\rfbd.exe" [2005-03-25 274432]
"iTivityODController"="c:\program files\iTivity\bin\processor_od.exe" [2006-11-13 237568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Memeo Backup Pro"="c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-04-09 136416]
"PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-05-05 3760128]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\brandon\Programs\Picasa\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-24 10872]
Cenlpdstatus.exe [2002-9-9 102400]
FTP Utility.lnk - c:\program files\KONICA MINOLTA\FTP Utility\KMFtp.exe [2004-10-27 102400]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cenlpdstatus.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cenlpdstatus.exe
backup=c:\windows\pss\Cenlpdstatus.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 02:30 543232 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 17:09 36864 ----a-w- c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\MSACCESS.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7303:UDP"= 7303:UDP:Control Center UDP Port

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/27/2005 3:31 PM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/27/2005 3:31 PM 5248]
R2 CenLPD;CenLPD;c:\program files\Century\TinyTERM\NetUtils\CenLPD.exe [10/7/2004 8:07 AM 102400]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [4/9/2010 4:19 PM 25824]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [11/17/2004 3:56 PM 23200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9d4c2231e140c;Google Update Service (gupdate1c9d4c2231e140c);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2009 1:30 PM 133104]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter Driver;c:\windows\system32\drivers\AON325.sys [2/21/2003 4:25 PM 46976]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [8/19/2010 2:37 PM 20600]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/24/2010 9:37 AM 30192]
S3 iTivityODConnector;iTivity Live Support Connector Direct;c:\program files\iTivity\bin\connector_od.exe [4/6/2010 12:34 PM 299008]
S3 iTivityODConnectToIASConnector;iTivity Live Support Connector To IAS;c:\program files\iTivity\bin\connector_od.exe [4/6/2010 12:34 PM 299008]
S3 iTivityODController;iTivity Live Support Controller;c:\program files\iTivity\bin\processor_od.exe [4/6/2010 12:34 PM 237568]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [11/17/2004 4:26 PM 15104]
S3 TridiaFTPServer;TridiaFTP Server;c:\program files\iTivity\bin\ftpd.exe [4/6/2010 12:34 PM 528448]
S3 tridiavnc;Tridia Screen Server;c:\program files\iTivity\bin\rfbd.exe [4/6/2010 12:34 PM 274432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 22:27]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:30]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:30]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026034599-3939155063-2809091464-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 14:56]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026034599-3939155063-2809091464-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 14:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{b234a570-7d2e-11d4-a4bd-0010a4c73bd0} - c:\program files\eBots\\eBzLjtPrn.exe
TCP: {4BD4F3EB-5658-4F24-A7A3-EF9FC566C4B1} = 151.164.11.201,151.164.1.8
TCP: {FF51B570-A98E-4D22-82B9-C9F63504606E} = 151.164.11.201,151.164.1.8
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4yu3lx9.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4yu3lx9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Content Uploader\npUpload.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\brandon\Programs\Picasa\Picasa2\npPicasa2.dll
FF - plugin: c:\brandon\Programs\Picasa\Picasa2\npPicasa3.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin2.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin3.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin4.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin5.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin6.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin7.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-30 15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84C3CE68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7416cb8
\Driver\atapi -> 0x84c3ce68
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72c2bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72cfa21
SendHandler -> NDIS.sys @ 0xf72ad87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 60 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AC0FFDC-D68A-4D5F-75BF0D842EDCB137}\{3647E330-7B13-5DC9-623E15C2DE512604}\{FDA52484-33A0-4DF1-40A7FB2F70E68E7D}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\WDBtnMgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Memeo\AutoBackupPro\MemeoBackup.exe
c:\program files\Memeo\AutoBackupPro\MemeoUpdater.exe
.
**************************************************************************
.
Completion time: 2010-08-30 15:53:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 20:53
ComboFix2.txt 2010-07-23 19:22
ComboFix3.txt 2010-07-20 19:52
ComboFix4.txt 2010-07-20 12:35
ComboFix5.txt 2010-08-30 20:00

Pre-Run: 79,893,188,608 bytes free
Post-Run: 80,223,899,648 bytes free

- - End Of File - - 8D366651D0A5FD3C511AF0BA6F008886

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Tue Aug 31, 2010 2:48 am

How are things running now?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Tue Aug 31, 2010 2:16 pm

A little better. Nothing earth shattering. More time will tell.

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Tue Aug 31, 2010 3:19 pm

ok scratch that. slow as ever. has random feelings of good. then something will take forever to load up.

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Tue Aug 31, 2010 4:18 pm

Is this an XP or a Vista machine?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Tue Aug 31, 2010 7:58 pm

XP

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Tue Aug 31, 2010 8:13 pm

Do you have access to another machine so you can follow instructions?

We need to boot into the Windows Recovery Console which won't allow you access to Windows on the machine

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by hellbndr23 on Tue Aug 31, 2010 9:03 pm

i can do that. will be tomorrow.

hellbndr23
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2010-02-11
OS OS : XP Media Center
Points Points : 25799
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unusably slow computer

Post by Crush on Wed Sep 01, 2010 5:50 am

Ok

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum