help

View previous topic View next topic Go down

help

Post by systema on Wed 20 Oct 2010, 5:26 pm

Cannot even post

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by systema on Wed 20 Oct 2010, 5:27 pm

Anytime I even attempt to post the results of the scan it redirects me to a non working page, any suggestions?

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by systema on Wed 20 Oct 2010, 5:39 pm

here we go, on different computer.
Cannot access the real web browser on my computer, can anyone please help. Thank you a million times over in advance.




OTL logfile created on: 10/19/2010 11:06:49 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\mike\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.21 Gb Total Space | 9.37 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 208.77 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

Computer Name: MIKE-F8FDVGFAV7 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 23:05:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\My Documents\Downloads\OTL.com
PRC - [2010/09/14 15:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/09 13:56:38 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/11/27 16:29:57 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 19:55:08 | 000,839,680 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2007/03/16 07:06:34 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/19 23:05:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\My Documents\Downloads\OTL.com
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 19:37:41 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/12 14:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2009/07/21 16:22:24 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/05/02 22:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/11 09:01:16 | 000,323,584 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/26 01:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/08/28 16:10:06 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/19 00:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/19 22:37:50 | 000,000,000 | ---D | M]

[2008/09/15 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions
[2010/10/19 22:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions
[2010/05/14 17:12:44 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/03/01 08:38:37 | 000,000,000 | ---D | M] (Map with Google) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
[2010/01/13 20:41:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/09/17 10:50:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/29 00:32:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/11 01:17:17 | 000,003,138 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\searchplugins\ebay-search-suggest.xml
[2010/02/28 22:03:47 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\searchplugins\google-maps.xml
[2010/10/19 00:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/17 22:34:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Thu 21 Oct 2010, 10:14 am

Hello.
I think the OTL.txt log was cut off, please post the full log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Thu 21 Oct 2010, 1:00 pm

OTL logfile created on: 10/20/2010 5:03:36 PM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\mike\Desktop\virus stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.21 Gb Total Space | 10.18 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 208.77 Gb Free Space | 56.03% Space Free | Partition Type: NTFS

Computer Name: MIKE-F8FDVGFAV7 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 03:02:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/19 23:05:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\virus stuff\OTL.com
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/09 13:56:38 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/11/27 16:29:57 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 19:55:08 | 000,839,680 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2007/03/16 07:06:34 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/19 23:05:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Desktop\virus stuff\OTL.com
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 19:37:41 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/12 14:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2009/07/21 16:22:24 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/05/02 22:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/11 09:01:16 | 000,323,584 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/26 01:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/08/28 16:10:06 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 03:02:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 03:02:43 | 000,000,000 | ---D | M]

[2008/09/15 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions
[2010/10/20 00:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions
[2010/05/14 17:12:44 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/03/01 08:38:37 | 000,000,000 | ---D | M] (Map with Google) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
[2010/01/13 20:41:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/09/17 10:50:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/29 00:32:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/11 01:17:17 | 000,003,138 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\searchplugins\ebay-search-suggest.xml
[2010/02/28 22:03:47 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\searchplugins\google-maps.xml
[2010/10/19 00:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/17 22:34:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} [You must be registered and logged in to see this link.] (IASRunner Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/06/02 13:55:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9de8d89a-4960-11df-aa50-001617f9a52c}\Shell - "" = AutoRun
O33 - MountPoints2\{9de8d89a-4960-11df-aa50-001617f9a52c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9de8d89a-4960-11df-aa50-001617f9a52c}\Shell\AutoRun\command - "" = G:\TotalLock.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TotalLock.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {51507868-A8ED-A51E-243E-449991766875} - Browser Customizations
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {70B9602B-E17D-9E7A-FFF9-C14660338873} - Java (Sun)
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A9FF50F3-8453-585B-586D-4095459AF0A7} - Adobe Shockwave Director 10.4
ActiveX: {B3DA1A57-6743-852B-EE36-6C1AD5271325} - DirectAnimation
ActiveX: {B95AA0DD-5051-8131-1E8F-5128CD175FD2} - Themes Setup
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MIDI5 - C:\WINDOWS\System32\Diomidi.DLL (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: MIDI6 - mbx2midu.dll File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave5 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by systema on Thu 21 Oct 2010, 1:01 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 14:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/19 00:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Digital Rescue 4 Premium
[2010/10/19 00:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Migo Software
[2010/10/19 00:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2010/10/19 00:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/10/19 00:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Avira
[2010/10/19 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/18 23:48:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/18 23:48:34 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/18 23:48:34 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/18 23:48:34 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/18 23:48:34 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/18 23:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/18 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/18 12:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
[2010/10/18 03:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/18 03:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/10/18 01:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Files
[2010/09/20 21:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Desktop\Blood Sugar Sex Magik
[2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/20 17:01:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/20 17:00:57 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/20 17:00:55 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/20 17:00:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 12:39:16 | 002,341,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/20 04:01:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/20 04:00:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/20 00:50:10 | 000,011,402 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\LAPTOP COMPUTER.docx
[2010/10/19 23:31:55 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 22:37:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/19 02:58:42 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Avira AntiVir Control Center.lnk
[2010/10/19 00:14:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 00:05:16 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/14 22:28:24 | 000,010,806 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Alexandra Colman.docx
[2010/10/11 10:39:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/05 11:55:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 00:42:18 | 000,011,402 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\LAPTOP COMPUTER.docx
[2010/10/19 22:37:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/19 02:58:42 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Avira AntiVir Control Center.lnk
[2010/10/19 00:05:16 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/14 22:28:24 | 000,010,806 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\Alexandra Colman.docx
[2010/05/30 17:49:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/12/28 09:09:21 | 000,016,437 | ---- | C] () -- C:\WINDOWS\46195py540z.dll
[2009/12/23 21:57:19 | 000,013,673 | ---- | C] () -- C:\WINDOWS\System32\9988spyz6f5.dll
[2009/12/23 03:15:39 | 000,014,820 | ---- | C] () -- C:\WINDOWS\System32\98956zpy25f.dll
[2009/12/22 07:05:02 | 000,002,597 | ---- | C] () -- C:\WINDOWS\System32\43f2s9yw5re2z35.dll
[2009/12/22 00:41:46 | 000,013,731 | ---- | C] () -- C:\WINDOWS\3z8485py97.dll
[2009/12/21 01:54:11 | 000,014,715 | ---- | C] () -- C:\WINDOWS\4cf7thrzat25159.dll
[2009/12/13 10:33:30 | 000,015,618 | ---- | C] () -- C:\WINDOWS\System32\2462haz95ool45a.dll
[2009/11/17 22:17:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/13 15:33:40 | 000,015,380 | ---- | C] () -- C:\WINDOWS\System32\11787ha9ktozl255.dll
[2009/11/02 21:36:26 | 000,009,669 | ---- | C] () -- C:\WINDOWS\5352ztro9360.dll
[2009/11/01 22:25:19 | 000,015,479 | ---- | C] () -- C:\WINDOWS\System32\267z69pambot5f8.dll
[2009/11/01 21:59:34 | 000,004,270 | ---- | C] () -- C:\WINDOWS\3d85addw9rez505.dll
[2009/10/24 17:06:30 | 000,012,155 | ---- | C] () -- C:\WINDOWS\58398trzj417.dll
[2009/10/10 04:06:11 | 000,016,554 | ---- | C] () -- C:\WINDOWS\211z9w59m32.dll
[2009/10/04 16:34:05 | 000,010,818 | ---- | C] () -- C:\WINDOWS\System32\52c2spywarez5539.dll
[2009/09/24 22:02:16 | 000,011,148 | ---- | C] () -- C:\WINDOWS\5df0downlozder2189.dll
[2009/09/24 20:11:24 | 000,008,036 | ---- | C] () -- C:\WINDOWS\System32\3691spzware1053.dll
[2009/09/14 16:09:54 | 000,013,631 | ---- | C] () -- C:\WINDOWS\System32\5b52dow5load9r247z.dll
[2009/09/07 23:12:17 | 000,013,997 | ---- | C] () -- C:\WINDOWS\44dzt9reat261325.dll
[2009/09/06 02:03:26 | 000,018,156 | ---- | C] () -- C:\WINDOWS\System32\15d8viz499.dll
[2009/08/24 19:26:41 | 000,006,579 | ---- | C] () -- C:\WINDOWS\2d55tz5eat246439.dll
[2009/08/22 20:05:39 | 000,016,101 | ---- | C] () -- C:\WINDOWS\System32\9zbac5door3172.dll
[2009/08/11 04:37:35 | 000,002,979 | ---- | C] () -- C:\WINDOWS\10z035irus379.dll
[2009/08/04 06:21:37 | 000,004,049 | ---- | C] () -- C:\WINDOWS\40a5spywa5917z8.dll
[2009/07/16 21:46:46 | 000,018,334 | ---- | C] () -- C:\WINDOWS\552zp9470.dll
[2009/07/12 21:11:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/07/08 09:45:49 | 000,011,288 | ---- | C] () -- C:\WINDOWS\System32\3a8b9teal5125z.dll
[2009/06/20 06:12:54 | 000,011,119 | ---- | C] () -- C:\WINDOWS\5a5v59z615.dll
[2009/06/18 20:08:09 | 000,002,793 | ---- | C] () -- C:\WINDOWS\System32\4b569zief388.dll
[2009/06/15 21:29:56 | 000,008,651 | ---- | C] () -- C:\WINDOWS\System32\z1945v5rus10c.dll
[2009/06/14 04:37:55 | 000,009,198 | ---- | C] () -- C:\WINDOWS\System32\z9830troj5f9.dll
[2009/06/12 02:01:51 | 000,006,630 | ---- | C] () -- C:\WINDOWS\12373zacktool4395.dll
[2009/06/11 05:45:02 | 000,009,777 | ---- | C] () -- C:\WINDOWS\39a5szarse1852.dll
[2009/06/10 22:07:46 | 000,008,796 | ---- | C] () -- C:\WINDOWS\z8ethi9f1655.dll
[2009/05/27 16:58:02 | 000,016,159 | ---- | C] () -- C:\WINDOWS\System32\1735spywa5ez922.dll
[2009/05/17 09:57:17 | 000,011,573 | ---- | C] () -- C:\WINDOWS\6z53spyware2009.dll
[2009/05/17 09:57:16 | 000,013,527 | ---- | C] () -- C:\WINDOWS\System32\5ec3v9r2995z.dll
[2009/05/17 09:57:16 | 000,004,420 | ---- | C] () -- C:\WINDOWS\1629zvi5us5699.dll
[2009/05/17 09:57:11 | 000,011,148 | ---- | C] () -- C:\WINDOWS\System32\79895py931z.dll
[2009/05/17 09:57:10 | 000,018,220 | ---- | C] () -- C:\WINDOWS\System32\230z4h5cktool299.dll
[2009/05/17 09:57:05 | 000,012,770 | ---- | C] () -- C:\WINDOWS\5959zir2959.dll
[2009/05/17 09:57:05 | 000,003,259 | ---- | C] () -- C:\WINDOWS\733f5hreat38z9.dll
[2009/05/17 09:57:04 | 000,015,210 | ---- | C] () -- C:\WINDOWS\9208z5iruse2.dll
[2009/05/17 09:57:03 | 000,017,754 | ---- | C] () -- C:\WINDOWS\4009hzckto9l7265.dll
[2009/05/17 09:57:03 | 000,009,787 | ---- | C] () -- C:\WINDOWS\System32\151dz9reat16390.dll
[2009/05/17 09:57:03 | 000,007,186 | ---- | C] () -- C:\WINDOWS\System32\2z134wo9m259.dll
[2009/05/17 09:57:03 | 000,004,855 | ---- | C] () -- C:\WINDOWS\2f1dsp9za5e1054.dll
[2009/05/17 09:57:02 | 000,017,228 | ---- | C] () -- C:\WINDOWS\System32\315viz959.dll
[2009/05/17 09:56:55 | 000,013,547 | ---- | C] () -- C:\WINDOWS\System32\10348zor92a15.dll
[2009/05/17 09:56:53 | 000,002,799 | ---- | C] () -- C:\WINDOWS\System32\1510zworm6399.dll
[2009/05/17 09:56:52 | 000,010,019 | ---- | C] () -- C:\WINDOWS\88339irusz885.dll
[2009/05/17 09:56:52 | 000,003,048 | ---- | C] () -- C:\WINDOWS\System32\59f8st95lz689.dll
[2009/05/17 09:56:50 | 000,013,652 | ---- | C] () -- C:\WINDOWS\System32\5809ste5l9z38.dll
[2009/05/17 09:56:50 | 000,002,526 | ---- | C] () -- C:\WINDOWS\System32\97500zorm6bd.dll
[2009/05/17 09:56:48 | 000,006,511 | ---- | C] () -- C:\WINDOWS\4865doznl9ader968.dll
[2009/05/17 09:56:47 | 000,012,004 | ---- | C] () -- C:\WINDOWS\9bdz5ddware1437.dll
[2009/05/17 09:56:44 | 000,011,122 | ---- | C] () -- C:\WINDOWS\System32\17551v9rzs3de.dll
[2009/05/17 09:56:43 | 000,014,116 | ---- | C] () -- C:\WINDOWS\System32\55f7spzware32239.dll
[2009/05/17 09:56:42 | 000,016,721 | ---- | C] () -- C:\WINDOWS\219csparsez575.dll
[2009/05/17 09:56:42 | 000,009,956 | ---- | C] () -- C:\WINDOWS\System32\4b26szyw9r595.dll
[2009/05/17 09:56:41 | 000,004,089 | ---- | C] () -- C:\WINDOWS\System32\46edv9r5z36.dll
[2009/05/17 09:56:41 | 000,003,012 | ---- | C] () -- C:\WINDOWS\System32\58185hack9ozl49f.dll
[2009/05/17 09:56:40 | 000,015,201 | ---- | C] () -- C:\WINDOWS\System32\23232spambz95d.dll
[2009/05/17 09:56:36 | 000,006,248 | ---- | C] () -- C:\WINDOWS\25b7downloade93179z.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/10 08:10:33 | 000,010,276 | ---- | C] () -- C:\WINDOWS\System32\4989thief17z5.dll
[2009/02/02 15:33:57 | 000,003,131 | ---- | C] () -- C:\WINDOWS\279615orm2c7z.dll
[2009/01/31 22:52:11 | 000,013,647 | ---- | C] () -- C:\WINDOWS\2749virz775.dll
[2009/01/23 14:30:18 | 000,015,411 | ---- | C] () -- C:\WINDOWS\1d55steal5z069.dll
[2009/01/20 15:53:59 | 000,004,553 | ---- | C] () -- C:\WINDOWS\32150virz9225.dll
[2009/01/13 01:37:30 | 000,015,370 | ---- | C] () -- C:\WINDOWS\15475zr9j5c2.dll
[2008/12/26 09:49:00 | 000,016,639 | ---- | C] () -- C:\WINDOWS\System32\50c0back5oor10z79.dll
[2008/12/20 08:30:29 | 000,006,574 | ---- | C] () -- C:\WINDOWS\System32\z9c85hreat971.dll
[2008/12/10 04:52:29 | 000,002,874 | ---- | C] () -- C:\WINDOWS\z835vir32699.dll
[2008/12/06 22:41:47 | 000,012,861 | ---- | C] () -- C:\WINDOWS\System32\1bc5backdoor2998z.dll
[2008/12/04 04:32:46 | 000,010,821 | ---- | C] () -- C:\WINDOWS\System32\1305trzj698.dll
[2008/11/30 21:21:28 | 000,011,877 | ---- | C] () -- C:\WINDOWS\System32\ce759wnlzader1243.dll
[2008/11/30 01:06:50 | 000,000,906 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/24 10:15:43 | 000,013,070 | ---- | C] () -- C:\WINDOWS\2961zs9ambot65b.dll
[2008/11/20 21:21:51 | 000,005,796 | ---- | C] () -- C:\WINDOWS\2600a5dware29z0.dll
[2008/11/11 00:50:12 | 000,004,326 | ---- | C] () -- C:\WINDOWS\System32\1447spz9bot5b95.dll
[2008/11/07 03:34:33 | 000,011,853 | ---- | C] () -- C:\WINDOWS\System32\96z65hief3117.dll
[2008/11/02 21:47:19 | 000,007,512 | ---- | C] () -- C:\WINDOWS\9z15v5r3109.dll
[2008/10/28 02:40:06 | 000,015,263 | ---- | C] () -- C:\WINDOWS\2099thzeat25415.dll
[2008/10/22 16:32:21 | 000,014,096 | ---- | C] () -- C:\WINDOWS\859wozm55d.dll
[2008/10/19 15:53:53 | 000,016,205 | ---- | C] () -- C:\WINDOWS\5z121virus429.dll
[2008/10/18 22:50:36 | 000,005,397 | ---- | C] () -- C:\WINDOWS\16080hacktz5l9a3.dll
[2008/10/14 09:29:01 | 000,016,517 | ---- | C] () -- C:\WINDOWS\6589wo9m5e5z.dll
[2008/10/11 22:04:46 | 000,002,936 | ---- | C] () -- C:\WINDOWS\z8e5s5eal9569.dll
[2008/10/11 03:36:32 | 000,004,749 | ---- | C] () -- C:\WINDOWS\5580dzwnlo5d9r987.dll
[2008/10/04 13:27:15 | 000,015,915 | ---- | C] () -- C:\WINDOWS\System32\33695zoj1cf9.dll
[2008/10/01 16:22:08 | 000,013,737 | ---- | C] () -- C:\WINDOWS\219z2tro95eb.dll
[2008/09/25 20:03:38 | 000,003,905 | ---- | C] () -- C:\WINDOWS\System32\6bfcbz9kdoor3605.dll
[2008/09/24 10:21:06 | 000,006,356 | ---- | C] () -- C:\WINDOWS\System32\a89backdoo5z314.dll
[2008/09/12 00:58:40 | 000,016,805 | ---- | C] () -- C:\WINDOWS\System32\3475zddware559.dll
[2008/09/04 21:38:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/08/25 22:43:59 | 000,014,978 | ---- | C] () -- C:\WINDOWS\5f96down9oader25z9.dll
[2008/08/24 19:39:32 | 000,011,625 | ---- | C] () -- C:\WINDOWS\z9c05py9are2867.dll
[2008/08/22 16:39:03 | 000,009,183 | ---- | C] () -- C:\WINDOWS\zb37s9ywar5994.dll
[2008/08/20 17:58:02 | 000,013,615 | ---- | C] () -- C:\WINDOWS\System32\z365steal2958.dll
[2008/08/16 02:04:47 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\19a0thizf2595.dll
[2008/08/15 16:02:31 | 000,011,595 | ---- | C] () -- C:\WINDOWS\System32\255c9hizf1354.dll
[2008/08/13 03:14:01 | 000,003,016 | ---- | C] () -- C:\WINDOWS\System32\25302vizus391.dll
[2008/08/10 12:38:09 | 000,015,846 | ---- | C] () -- C:\WINDOWS\System32\39175iz158.dll
[2008/08/05 15:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 14:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/25 05:00:43 | 000,014,375 | ---- | C] () -- C:\WINDOWS\System32\14900not-9-5irus51z.dll
[2008/07/18 07:21:48 | 000,010,785 | ---- | C] () -- C:\WINDOWS\13325zroj957.dll
[2008/07/16 06:48:15 | 000,018,163 | ---- | C] () -- C:\WINDOWS\System32\5682zpy692.dll
[2008/07/05 12:04:14 | 000,014,129 | ---- | C] () -- C:\WINDOWS\System32\7792szam9ot75.dll
[2008/07/05 03:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 03:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 03:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/07/04 05:07:33 | 000,017,432 | ---- | C] () -- C:\WINDOWS\490steal9z35.dll
[2008/06/27 10:41:46 | 000,006,918 | ---- | C] () -- C:\WINDOWS\System32\5520trzj2919.dll
[2008/06/26 11:49:10 | 000,016,037 | ---- | C] () -- C:\WINDOWS\14688z95m1ff.dll
[2008/06/22 09:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/16 19:13:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/06/16 18:22:55 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/16 18:22:52 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/16 18:22:52 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/13 03:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 10:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 04:00:53 | 000,010,389 | ---- | C] () -- C:\WINDOWS\System32\4051thre9t6z71.dll
[2008/06/09 23:43:21 | 000,017,661 | ---- | C] () -- C:\WINDOWS\56cvirz799.dll
[2008/06/02 14:31:03 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/02 14:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/02 06:48:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/28 07:01:46 | 000,003,900 | ---- | C] () -- C:\WINDOWS\19zworm3465.dll
[2008/05/27 13:25:55 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\2451zvi5usc49.dll
[2008/05/26 11:42:49 | 000,003,404 | ---- | C] () -- C:\WINDOWS\806hac5to9lza.dll
[2008/05/16 09:28:06 | 000,014,508 | ---- | C] () -- C:\WINDOWS\System32\4951z5y134.dll
[2008/05/06 18:42:38 | 000,014,953 | ---- | C] () -- C:\WINDOWS\5805bac9z5or681.dll
[2008/05/06 16:39:20 | 000,010,756 | ---- | C] () -- C:\WINDOWS\5189spy95z.dll
[2008/05/03 10:50:38 | 000,005,442 | ---- | C] () -- C:\WINDOWS\System32\z49b9parse5053.dll
[2008/05/02 22:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/26 14:51:50 | 000,015,623 | ---- | C] () -- C:\WINDOWS\System32\5ce9th5efz625.dll
[2008/04/25 19:38:06 | 000,012,421 | ---- | C] () -- C:\WINDOWS\9750vir9sz99.dll
[2008/04/24 04:50:49 | 000,013,402 | ---- | C] () -- C:\WINDOWS\System32\39zfspa5se9139.dll
[2008/04/22 04:28:17 | 000,002,725 | ---- | C] () -- C:\WINDOWS\System32\7992vir5z3c6.dll
[2008/04/04 21:07:37 | 000,008,467 | ---- | C] () -- C:\WINDOWS\System32\11258zacktool59d9.dll
[2008/03/27 15:13:00 | 000,004,681 | ---- | C] () -- C:\WINDOWS\System32\6d75pa9ze359.dll
[2008/03/23 02:29:19 | 000,015,089 | ---- | C] () -- C:\WINDOWS\65349irz596.dll
[2008/03/19 07:40:34 | 000,004,901 | ---- | C] () -- C:\WINDOWS\System32\1912do5nloader9909z.dll
[2008/03/11 18:42:42 | 000,012,766 | ---- | C] () -- C:\WINDOWS\39575orm4cz.dll
[2008/03/01 07:07:31 | 000,012,375 | ---- | C] () -- C:\WINDOWS\System32\25995worm689z.dll
[2008/02/26 02:40:33 | 000,005,455 | ---- | C] () -- C:\WINDOWS\System32\2d72back5zo91028.dll
[2008/02/10 13:06:51 | 000,006,279 | ---- | C] () -- C:\WINDOWS\System32\5622spy5are91z4.dll
[2008/02/06 15:58:49 | 000,004,341 | ---- | C] () -- C:\WINDOWS\119etzi9f5253.dll
[2008/02/04 05:55:40 | 000,009,553 | ---- | C] () -- C:\WINDOWS\System32\z146wo9m5895.dll
[2008/01/28 16:48:21 | 000,012,649 | ---- | C] () -- C:\WINDOWS\10753no9-a-viruz7d.dll
[2008/01/23 10:42:21 | 000,003,403 | ---- | C] () -- C:\WINDOWS\27991zot-a-viru559.dll
[2008/01/15 08:05:53 | 000,016,469 | ---- | C] () -- C:\WINDOWS\22755notza-vir9s42b.dll
[2008/01/10 03:54:32 | 000,016,335 | ---- | C] () -- C:\WINDOWS\System32\691eazdware5779.dll
[2008/01/09 05:04:34 | 000,011,491 | ---- | C] () -- C:\WINDOWS\z7489sp551f.dll
[2008/01/06 08:34:42 | 000,016,344 | ---- | C] () -- C:\WINDOWS\System32\7859thrzat22993.dll
[2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2008/06/02 13:55:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/06/02 14:12:09 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2008/06/02 14:12:09 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/11/17 22:50:55 | 000,035,718 | ---- | M] () -- C:\ComboFix.txt
[2008/06/02 13:55:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/29 23:36:25 | 000,000,000 | ---- | M] () -- C:\DVDPATH.TXT
[2008/06/02 13:55:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/19 22:24:33 | 000,014,963 | ---- | M] () -- C:\JavaRa.log
[2008/06/02 13:55:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/06/02 14:09:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/02 14:58:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/20 17:00:46 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2009/08/29 12:28:01 | 000,058,590 | ---- | M] () -- C:\test.png

< %PROGRAMFILES%*. >
[2010/03/27 17:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/15 01:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2006/06/15 22:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2008/11/25 17:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/18 19:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2009/05/20 14:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/01/13 23:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/07/28 12:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/02 18:16:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/05/29 18:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/05/31 06:35:59 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/02 13:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/26 21:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/10/19 00:22:47 | 000,000,000 | ---D | M] -- C:\Program Files\Convar
[2010/06/01 22:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\Digidesign
[2010/10/18 03:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\DiskInternals
[2009/11/17 01:03:53 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/05/02 20:21:07 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/08/21 18:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/06/01 22:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/27 15:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/05/30 17:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\InterLok
[2010/06/02 21:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/11 17:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/06/15 23:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java(2)
[2010/05/31 19:51:53 | 000,000,000 | ---D | M] -- C:\Program Files\M-Audio
[2009/05/20 11:55:54 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/18 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/21 19:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/05/18 18:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/06/02 13:55:41 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/28 22:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2008/06/02 14:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/29 11:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/06/02 14:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/08/11 20:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/05/19 20:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/08/11 20:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/19 00:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Migo Software
[2010/08/11 00:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/09/05 17:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/20 03:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/01/13 22:47:47 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 WAV Converter
[2008/06/02 14:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/02 13:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/02 13:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/21 01:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/06/02 14:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/29 00:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/06/02 13:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/18 23:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/08/21 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/05/31 19:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\PACE Anti-Piracy
[2009/02/07 17:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\RdDrv001
[2008/11/27 16:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/10/18 22:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Recover Files
[2009/05/19 20:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/11/25 17:21:16 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/03/02 16:34:56 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/17 18:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/06/02 14:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2008/06/02 13:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/08 21:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/06/26 21:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2009/11/18 19:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze(2)
[2010/06/26 21:16:49 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2009/05/18 18:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/04/06 19:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/06/02 14:59:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/06/02 14:59:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/02 14:35:25 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/06/02 13:55:41 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/11/18 19:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Xobni

< %appdata%*.* >
[2008/06/02 06:48:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\mike\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 05:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swtools\drivers\chipsets\q2chp02us13\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swtools\drivers\chipsets\q2chp02us13\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swtools\drivers\chipsets\q2chp02us13\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swtools\drivers\chipsets\q2chp02us13\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1248 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:BsO1TFZSmJYZCN8DaGn5EgqMd
@Alternate Data Stream - 1223 bytes -> C:\Program Files\Outlook Express:xhx7OVijOoep0kILWNItf
@Alternate Data Stream - 1171 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:3WdRD7Z0kR9p55khdqjBDFdMg
@Alternate Data Stream - 1100 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dpDEhd0koffg5wZHCk2LzxAQa
@Alternate Data Stream - 1075 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:PWWHXfmAsvO2dTSArDMLOWU

< End of report >

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Fri 22 Oct 2010, 11:07 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Fri 22 Oct 2010, 6:47 pm

ComboFix 10-10-21.02 - mike 10/22/2010 0:18.1.1 - x86
Running from: c:\documents and settings\mike\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\101athrez959955.ocx
c:\windows\10554spamzot6989.cpl
c:\windows\10753no9-a-viruz7d.dll
c:\windows\109235pz39.exe
c:\windows\10addz59e33.ocx
c:\windows\10z035irus379.dll
c:\windows\11253t5oj39z.cpl
c:\windows\11465spz549.cpl
c:\windows\1176659rm5z8.exe
c:\windows\119etzi9f5253.dll
c:\windows\120z9sp5mbot9b4.cpl
c:\windows\12373zacktool4395.dll
c:\windows\123z0worm495.cpl
c:\windows\130zadd5are9581.cpl
c:\windows\13325zroj957.dll
c:\windows\134z0sp9m5ot25d.ocx
c:\windows\13z95ackdoor49.cpl
c:\windows\14255szy92f.exe
c:\windows\14304trz91735.cpl
c:\windows\14688z95m1ff.dll
c:\windows\1538woz958e.ocx
c:\windows\15475zr9j5c2.dll
c:\windows\15589ownl5adzr1752.cpl
c:\windows\15591spy486z.cpl
c:\windows\159285roj2z1.cpl
c:\windows\15z89worm72c.cpl
c:\windows\1600z9rus585.ocx
c:\windows\16080hacktz5l9a3.dll
c:\windows\1629zvi5us5699.dll
c:\windows\164285oz-a-virus918.cpl
c:\windows\16900z5oj2fa.cpl
c:\windows\16903wo5m695z.exe
c:\windows\169395irus6z2.ocx
c:\windows\170269otza-vir5s3ae.ocx
c:\windows\179z3worm5d8.ocx
c:\windows\18154spamb9t5z.ocx
c:\windows\1837ztroj5b39.exe
c:\windows\184z6not-a-59rus13c.cpl
c:\windows\190969z5us547.ocx
c:\windows\19404virusz9d5.ocx
c:\windows\19585n9t-a-virusz24.exe
c:\windows\19zworm3465.dll
c:\windows\1b8dth5ef24z99.exe
c:\windows\1bd7dow9loa5zr1743.cpl
c:\windows\1d05d5wnloadez5499.ocx
c:\windows\1d55steal5z069.dll
c:\windows\1e885ddwa9e1z.ocx
c:\windows\1z296spa5bot212.exe
c:\windows\2060t9reaz25231.cpl
c:\windows\2099thzeat25415.dll
c:\windows\209c5i9579z.exe
c:\windows\211z9w59m32.dll
c:\windows\2170hzc5tool7d29.cpl
c:\windows\21976hackzool305.ocx
c:\windows\219csparsez575.dll
c:\windows\219z2tro95eb.dll
c:\windows\2259zackdoor5523.ocx
c:\windows\22714sp9225z.exe
c:\windows\22755notza-vir9s42b.dll
c:\windows\2281s9yz415.cpl
c:\windows\24594no9-azvirus399.exe
c:\windows\24709szy45a.cpl
c:\windows\24898wor9zd5.exe
c:\windows\24898z5rm47b.cpl
c:\windows\2499threat418z5.cpl
c:\windows\24z29worm7475.cpl
c:\windows\2500spazbot395.ocx
c:\windows\25628hazktool491.exe
c:\windows\2599spyware1231z.cpl
c:\windows\25a4spyware2z129.ocx
c:\windows\25b7downloade93179z.dll
c:\windows\25z59ddware88.ocx
c:\windows\2600a5dware29z0.dll
c:\windows\261fztea54459.exe
c:\windows\26705orm7z49.cpl
c:\windows\267335ot9a-virzs9.cpl
c:\windows\26950nz9-a-virus6.cpl
c:\windows\27015tr5z7a89.exe
c:\windows\27126haczt5o94f0.exe
c:\windows\271599pz5d.ocx
c:\windows\2749virz775.dll
c:\windows\279615orm2c7z.dll
c:\windows\27991zot-a-viru559.dll
c:\windows\279zv9rus4935.ocx
c:\windows\2818zhacktool952.ocx
c:\windows\28575v9rusz3c.ocx
c:\windows\2961zs9ambot65b.dll
c:\windows\29652s9yz5.cpl
c:\windows\29729hzcktool3515.ocx
c:\windows\2a69z5ckdoor260.exe
c:\windows\2b81s9y5are122z.exe
c:\windows\2be1backdoz93225.ocx
c:\windows\2d55tz5eat246439.dll
c:\windows\2d9z5ownloader1847.exe
c:\windows\2f1dsp9za5e1054.dll
c:\windows\2f69addzare20935.cpl
c:\windows\30090v5rzs6f3.exe
c:\windows\305z5viru9265.cpl
c:\windows\30e4t59ef29z4.cpl
c:\windows\31055hacztool903.cpl
c:\windows\3115hackt5ol469z.exe
c:\windows\3141v5zus669.cpl
c:\windows\31d1spyware9575z.cpl
c:\windows\32030zackt5ol499.ocx
c:\windows\32150virz9225.dll
c:\windows\3585addwarez9.exe
c:\windows\35fd9pyware32z3.ocx
c:\windows\3895vizus3b5.cpl
c:\windows\39575orm4cz.dll
c:\windows\3984azdwar5567.cpl
c:\windows\3991hackto5lzc9.cpl
c:\windows\399spywarez7995.ocx
c:\windows\39a5szarse1852.dll
c:\windows\3a635ir931z.exe
c:\windows\3a68ad5zare27529.ocx
c:\windows\3b35adzwa9e384.exe
c:\windows\3b97steaz2595.exe
c:\windows\3b99sp5zar92982.exe
c:\windows\3d85addw9rez505.dll
c:\windows\3ec9t5iez2640.cpl
c:\windows\3z8485py97.dll
c:\windows\4009hzckto9l7265.dll
c:\windows\40a5spywa5917z8.dll
c:\windows\4295vir96z.exe
c:\windows\43705ir24z9.cpl
c:\windows\442fth59f233z.ocx
c:\windows\44dzt9reat261325.dll
c:\windows\458dtzief2909.ocx
c:\windows\4594adzware1975.exe
c:\windows\459estezl355.exe
c:\windows\45z5sparse959.exe
c:\windows\45zteal5079.ocx
c:\windows\46195py540z.dll
c:\windows\4690addw9ze6645.ocx
c:\windows\47829zckdoo5915.cpl
c:\windows\47ec95ief299z.cpl
c:\windows\47z25ddwa9e2682.exe
c:\windows\4865doznl9ader968.dll
c:\windows\48fbspa5se2964z.exe
c:\windows\490steal9z35.dll
c:\windows\4cebad5ware95z5.ocx
c:\windows\4cf7thrzat25159.dll
c:\windows\4e5z5tea933.ocx
c:\windows\4f38back9oo51z84.exe
c:\windows\4fd05h9ef321z.ocx
c:\windows\50319no9-a-zirus669.ocx
c:\windows\504dadd9are3z88.cpl
c:\windows\5189spy95z.dll
c:\windows\51czba9kdoor5236.cpl
c:\windows\52z2not-a-v9rus25b.ocx
c:\windows\5352ztro9360.dll
c:\windows\537zsp9rse71.cpl
c:\windows\539esteal247z.exe
c:\windows\53ezsp5rse14049.cpl
c:\windows\55283haz9tool3b0.cpl
c:\windows\552zp9470.dll
c:\windows\555thizf691.cpl
c:\windows\5566thief9232z.cpl
c:\windows\5580dzwnlo5d9r987.dll
c:\windows\5584zs9y75f.ocx
c:\windows\559zvir28539.exe
c:\windows\55c5backdooz1942.ocx
c:\windows\55zt9ief1658.cpl
c:\windows\56489zoj4f2.ocx
c:\windows\56cvirz799.dll
c:\windows\579tzief13569.ocx
c:\windows\5805bac9z5or681.dll
c:\windows\58398trzj417.dll
c:\windows\584backdzor2992.ocx
c:\windows\589bvi51031z.ocx
c:\windows\59255dzware1315.ocx
c:\windows\59380spamboz2d7.ocx
c:\windows\594stzal1996.cpl
c:\windows\5959zir2959.dll
c:\windows\597dbackdo5r2z0.exe
c:\windows\5989hazktoole5.cpl
c:\windows\59b8spyware5z71.exe
c:\windows\59e0bzck9o5r610.cpl
c:\windows\5a259irz030.ocx
c:\windows\5a5v59z615.dll
c:\windows\5b53downloade92496z.cpl
c:\windows\5cz6spywar92933.exe
c:\windows\5d9cs5ywaze1469.exe
c:\windows\5df0downlozder2189.dll
c:\windows\5ef5bac59oor1123z.ocx
c:\windows\5f59addwar5z890.ocx
c:\windows\5f96down9oader25z9.dll
c:\windows\5z121virus429.dll
c:\windows\5z395worm28.cpl
c:\windows\5zb5spar9e5606.exe
c:\windows\5zb7spywa9e844.ocx
c:\windows\5zb9threat8308.ocx
c:\windows\627zbackdoor9595.exe
c:\windows\639st5al1997z.ocx
c:\windows\6459spywar5498z.ocx
c:\windows\65349irz596.dll
c:\windows\6587vizu569a9.ocx
c:\windows\6589wo9m5e5z.dll
c:\windows\66a7thr5a9993z.cpl
c:\windows\66b99zwnloader6955.exe
c:\windows\66cbb5ck9oor207z.ocx
c:\windows\679fzir563.exe
c:\windows\6860s95zbota6.exe
c:\windows\689d5zeal708.ocx
c:\windows\69c9spyware5z50.ocx
c:\windows\6cc3zh9eat5542.exe
c:\windows\6effthz591321.ocx
c:\windows\6ezsteal20965.ocx
c:\windows\6f58zir759.exe
c:\windows\6z53spyware2009.dll
c:\windows\6zb5ba5kdoo91098.ocx
c:\windows\70359ot-z-virus353.ocx
c:\windows\703e5irz179.ocx
c:\windows\725a9hiez1861.ocx
c:\windows\7282spyza5e1159.exe
c:\windows\733f5hreat38z9.dll
c:\windows\743ath5eat25729z.ocx
c:\windows\74529roj18fz.cpl
c:\windows\74z1hacktoo59f.ocx
c:\windows\755btzief379.exe
c:\windows\75a6sze9l494.cpl
c:\windows\75d9addwarz1198.cpl
c:\windows\75f4vir3z559.exe
c:\windows\7679spar5z9247.cpl
c:\windows\7707vzr9539.exe
c:\windows\7765thizf2559.exe
c:\windows\7842w5r9zb1.exe
c:\windows\78d9addwar520z2.ocx
c:\windows\79aste5l24z6.cpl
c:\windows\79f79hrezt1225.exe
c:\windows\7c54zteal955.cpl
c:\windows\7c95downlzader7405.exe
c:\windows\7d59spar9e4z7.ocx
c:\windows\7f64z5wn9oader449.ocx
c:\windows\7z92a5dware1928.ocx
c:\windows\806hac5to9lza.dll
c:\windows\81z45acktoo919d.cpl
c:\windows\8219zot-a-v9rus7a5.exe
c:\windows\859wozm55d.dll
c:\windows\8673not-a-5irus9b9z.exe
c:\windows\88339irusz885.dll
c:\windows\9084zspy1695.cpl
c:\windows\90898spazbot6615.cpl
c:\windows\91viz5094.exe
c:\windows\9208z5iruse2.dll
c:\windows\9235wzrmec.ocx
c:\windows\92423za5ktool292.cpl
c:\windows\92z25spy29c.cpl
c:\windows\933z9spambot5fd.exe
c:\windows\948z7troj5df.ocx
c:\windows\9506tr9j55z.cpl
c:\windows\95182trojz15.cpl
c:\windows\951sp9mzot5ec.ocx
c:\windows\956z3wo5m7e3.ocx
c:\windows\957cbackdoorz07.ocx
c:\windows\959zsteal1049.ocx
c:\windows\95a2thzef2491.cpl
c:\windows\9688spy5zb.cpl
c:\windows\96faspz5are291.ocx
c:\windows\9750vir9sz99.dll
c:\windows\9839threat1521z.ocx
c:\windows\995zvir5105.cpl
c:\windows\99d5v5r252z.cpl
c:\windows\9b76t5zef377.cpl
c:\windows\9bdz5ddware1437.dll
c:\windows\9z15v5r3109.dll
c:\windows\ca9dwarz1850.exe
c:\windows\d779par5ez481.cpl
c:\windows\fz2spyw5re9858.exe
c:\windows\system32\10348zor92a15.dll
c:\windows\system32\11258zacktool59d9.dll
c:\windows\system32\11787ha9ktozl255.dll
c:\windows\system32\11z39hackt59l63c.exe
c:\windows\system32\123zthr5at9293.exe
c:\windows\system32\125z5not-a-vir9s571.ocx
c:\windows\system32\12958sp59z.ocx
c:\windows\system32\1305trzj698.dll
c:\windows\system32\139z25irus97.ocx
c:\windows\system32\141d59arsz2148.ocx
c:\windows\system32\1447spz9bot5b95.dll
c:\windows\system32\145z9virus50c.ocx
c:\windows\system32\14900not-9-5irus51z.dll
c:\windows\system32\14z8dow5loader978.ocx
c:\windows\system32\1510zworm6399.dll
c:\windows\system32\15145tro9z295.ocx
c:\windows\system32\151dz9reat16390.dll
c:\windows\system32\153249rojz16.cpl
c:\windows\system32\1589steal2z59.ocx
c:\windows\system32\1592zddware2481.ocx
c:\windows\system32\15963wzrm5f9.exe
c:\windows\system32\159zba5kdoor1150.cpl
c:\windows\system32\15d8viz499.dll
c:\windows\system32\1729baczd5or954.exe
c:\windows\system32\1735spywa5ez922.dll
c:\windows\system32\17551v9rzs3de.dll
c:\windows\system32\175dstzal95.ocx
c:\windows\system32\1912do5nloader9909z.dll
c:\windows\system32\19359spzm5ot554.cpl
c:\windows\system32\19569spzmbot795.cpl
c:\windows\system32\198spzm5ot101.exe
c:\windows\system32\1999zspy5e8.exe
c:\windows\system32\19a0thizf2595.dll
c:\windows\system32\19d5szyware4205.ocx
c:\windows\system32\1bc5backdoor2998z.dll
c:\windows\system32\1dc59dzwar53120.ocx
c:\windows\system32\1dc8t9reaz29507.cpl
c:\windows\system32\1e55vir29z5.exe
c:\windows\system32\1e5ethzeat93554.cpl
c:\windows\system32\1f5c9parsez44.ocx
c:\windows\system32\1z07v9r514.exe
c:\windows\system32\1z095troj768.exe
c:\windows\system32\1z520s5y19.ocx
c:\windows\system32\1z6viru59a3.cpl
c:\windows\system32\2009downloaderz865.ocx
c:\windows\system32\21982vz9us151.ocx
c:\windows\system32\22496tzoj765.cpl
c:\windows\system32\225z9not5a-virus759.ocx
c:\windows\system32\22645zot-a-9iru56cc.exe
c:\windows\system32\22717not-5-vzrus4d19.ocx
c:\windows\system32\22849hacktzol985.cpl
c:\windows\system32\230z4h5cktool299.dll
c:\windows\system32\23232spambz95d.dll
c:\windows\system32\234fv5r789z.ocx
c:\windows\system32\235115r9j6dz.exe
c:\windows\system32\2355bazkd95r551.cpl
c:\windows\system32\23820t5o977z.ocx
c:\windows\system32\23cfadzwa951183.exe
c:\windows\system32\23fzspars5194.cpl
c:\windows\system32\2451zvi5usc49.dll
c:\windows\system32\2462haz95ool45a.dll
c:\windows\system32\24963w5rm4zf.ocx
c:\windows\system32\2508viru95a9z.cpl
c:\windows\system32\2509z9dware1977.cpl
c:\windows\system32\25302vizus391.dll
c:\windows\system32\255069orm447z.exe
c:\windows\system32\2550spzrse22509.ocx
c:\windows\system32\255b9irz26.exe
c:\windows\system32\255c9hizf1354.dll
c:\windows\system32\25995worm689z.dll
c:\windows\system32\25cdth9eat7578z.ocx
c:\windows\system32\26053noz-a-virus79d.cpl
c:\windows\system32\267z69pambot5f8.dll
c:\windows\system32\26934not-a-5zrus33d.cpl
c:\windows\system32\26z9thi5f499.exe
c:\windows\system32\27205acktozl9b2.ocx
c:\windows\system32\27892hacktooz5f.exe
c:\windows\system32\27z22spambot659.cpl
c:\windows\system32\2895stealz939.ocx
c:\windows\system32\28bd5par9z704.exe
c:\windows\system32\290325py129z.exe
c:\windows\system32\29559spazbot265.ocx
c:\windows\system32\29z1spy6b85.cpl
c:\windows\system32\2b4et9iefz545.cpl
c:\windows\system32\2d72back5zo91028.dll
c:\windows\system32\2ee8s5y9arz2358.cpl
c:\windows\system32\2z134wo9m259.dll
c:\windows\system32\3079s5z427.exe
c:\windows\system32\31001haczt5ol917.exe
c:\windows\system32\3145a9ktoolz41.ocx
c:\windows\system32\315viz959.dll
c:\windows\system32\31692sza9bo539c.cpl
c:\windows\system32\319z7ha9ktoo556b.ocx
c:\windows\system32\31b9spz5are16589.ocx
c:\windows\system32\3358addzare8579.cpl
c:\windows\system32\33695zoj1cf9.dll
c:\windows\system32\3475zddware559.dll
c:\windows\system32\359adownloader5z4.ocx
c:\windows\system32\35z3w9rm390.ocx
c:\windows\system32\35z4back9oor2731.exe
c:\windows\system32\3691spzware1053.dll
c:\windows\system32\39175iz158.dll
c:\windows\system32\391bzdd5are2844.exe
c:\windows\system32\39222troj515z.ocx
c:\windows\system32\39595ownl9ader8z9.cpl
c:\windows\system32\3999ir215z.cpl
c:\windows\system32\39ev5z93.ocx
c:\windows\system32\39zfspa5se9139.dll
c:\windows\system32\3a8b9teal5125z.dll
c:\windows\system32\3c4bv5rz4959.ocx
c:\windows\system32\3ccdo5n9oader4z5.cpl
c:\windows\system32\3d4f5ownloader3z29.cpl
c:\windows\system32\3ddc9hi5f2625z.cpl
c:\windows\system32\3fback5oor95z.ocx
c:\windows\system32\3z1bac9door3153.cpl
c:\windows\system32\3z3edow95oader816.cpl
c:\windows\system32\3z7do9nloader2505.cpl
c:\windows\system32\3z95thief25129.exe
c:\windows\system32\3za5spyw5re2957.exe
c:\windows\system32\4051thre9t6z71.dll
c:\windows\system32\406et5r9at25z70.ocx
c:\windows\system32\427zw95m3ea.ocx
c:\windows\system32\428bs59alz831.cpl
c:\windows\system32\4359pyz3f.ocx
c:\windows\system32\43f2s9yw5re2z35.dll
c:\windows\system32\4528addwzre419.exe
c:\windows\system32\4599rozc6.cpl
c:\windows\system32\45fcadd9arz7545.cpl
c:\windows\system32\46edv9r5z36.dll
c:\windows\system32\4926ste5l174z.ocx
c:\windows\system32\4951z5y134.dll
c:\windows\system32\4989thief17z5.dll
c:\windows\system32\4994spazbot357.exe
c:\windows\system32\4b26szyw9r595.dll
c:\windows\system32\4b569zief388.dll
c:\windows\system32\4c8dspyw9re5574z.cpl
c:\windows\system32\4d86downlo9der2535z.cpl
c:\windows\system32\4d9a9parse1z25.ocx
c:\windows\system32\50589zief3252.exe
c:\windows\system32\5090v9rus69z.ocx
c:\windows\system32\509sp97az.exe
c:\windows\system32\50c0back5oor10z79.dll
c:\windows\system32\52225tr9z192.ocx
c:\windows\system32\52498spamboz298.exe
c:\windows\system32\52c2spywarez5539.dll
c:\windows\system32\5351vi5z319.exe
c:\windows\system32\5375ba9kdoor121z.exe
c:\windows\system32\53z9t5ief2764.ocx
c:\windows\system32\5419t5oz6bc9.cpl
c:\windows\system32\54cztea92655.ocx
c:\windows\system32\5520trzj2919.dll
c:\windows\system32\5550spaz59t705.exe
c:\windows\system32\5552thzef1195.ocx
c:\windows\system32\55f7spzware32239.dll
c:\windows\system32\5622spy5are91z4.dll
c:\windows\system32\56693spamboz775.cpl
c:\windows\system32\5682zpy692.dll
c:\windows\system32\5787bac5doo91911z.cpl
c:\windows\system32\579znot-a-virus4a9.ocx
c:\windows\system32\57b5thze9397.exe
c:\windows\system32\5809ste5l9z38.dll
c:\windows\system32\58185hack9ozl49f.dll
c:\windows\system32\58f8zhreat94425.exe
c:\windows\system32\5913spambzt5a9.exe
c:\windows\system32\598d5tealz94.ocx
c:\windows\system32\59adaddwaze2599.cpl
c:\windows\system32\59f8st95lz689.dll
c:\windows\system32\5b15zpy5are9319.exe
c:\windows\system32\5b52dow5load9r247z.dll
c:\windows\system32\5c64s5e9lz357.cpl
c:\windows\system32\5ce9th5efz625.dll
c:\windows\system32\5d85s59rse49z.cpl
c:\windows\system32\5dc6thre9t79z5.exe
c:\windows\system32\5e9e5iz1969.cpl
c:\windows\system32\5ec3v9r2995z.dll
c:\windows\system32\5fa4addwar93z5.cpl
c:\windows\system32\61e8back95or1446z.exe
c:\windows\system32\6530trzj49.cpl
c:\windows\system32\655threaz24955.exe
c:\windows\system32\6592downloader15z8.exe
c:\windows\system32\65dedownlo95ez299.ocx
c:\windows\system32\65f9ad9warz164.cpl
c:\windows\system32\6748spz9b5t2bc.exe
c:\windows\system32\685cvi91865z.cpl
c:\windows\system32\691eazdware5779.dll
c:\windows\system32\6bc5parsez196.cpl
c:\windows\system32\6bfcbz9kdoor3605.dll
c:\windows\system32\6d75pa9ze359.dll
c:\windows\system32\7151nzt-a-virus359.cpl
c:\windows\system32\7152zot-a-5i9us40f.ocx
c:\windows\system32\7156troj18z9.ocx
c:\windows\system32\74905owzloade92173.ocx
c:\windows\system32\750dbackdoz91744.ocx
c:\windows\system32\75f49ackzoo543.cpl
c:\windows\system32\7675pambzt95.cpl
c:\windows\system32\76b5zh9eat25195.ocx
c:\windows\system32\7792szam9ot75.dll
c:\windows\system32\77a09zreat15839.ocx
c:\windows\system32\7859thrzat22993.dll
c:\windows\system32\79895py931z.dll
c:\windows\system32\798worm50z5.exe
c:\windows\system32\7992vir5z3c6.dll
c:\windows\system32\79czb5ckdoor29.ocx
c:\windows\system32\7b89zhre5t5942.cpl
c:\windows\system32\7d56dzwn9oader938.ocx
c:\windows\system32\7dcca5dzare2091.exe
c:\windows\system32\8017haczt5ol9b6.exe
c:\windows\system32\83015p926z.exe
c:\windows\system32\8331sp9mboz325.exe
c:\windows\system32\8339s5ambo9z79.cpl
c:\windows\system32\8397not-a-vz59s526.exe
c:\windows\system32\8953hac9zool1dd.cpl
c:\windows\system32\90z09w5rm5ea.exe
c:\windows\system32\91615viruz788.exe
c:\windows\system32\9190zac95ool62b.exe
c:\windows\system32\92z9spambo55d.ocx
c:\windows\system32\9352spazse2932.exe
c:\windows\system32\9359ackdoo5107z.exe
c:\windows\system32\93z8tro5573.exe
c:\windows\system32\941z3wor578a.ocx
c:\windows\system32\958spyz5re1499.cpl
c:\windows\system32\95z59worm5e7.cpl
c:\windows\system32\96z65hief3117.dll
c:\windows\system32\9740not-a-zi5us169.cpl
c:\windows\system32\97500zorm6bd.dll
c:\windows\system32\9891hack5ozl9d4.exe
c:\windows\system32\98956zpy25f.dll
c:\windows\system32\9988dzwnlo5der1817.cpl
c:\windows\system32\9988spyz6f5.dll
c:\windows\system32\99zspywa5e823.cpl
c:\windows\system32\9ce0thiez2546.exe
c:\windows\system32\9d2evirz525.ocx
c:\windows\system32\9z1fvi51309.cpl
c:\windows\system32\9z71vi9us56.cpl
c:\windows\system32\9zaa95ware1144.cpl
c:\windows\system32\9zbac5door3172.dll
c:\windows\system32\a89backdoo5z314.dll
c:\windows\system32\ae5zhief9685.ocx
c:\windows\system32\b9dzpyware18645.cpl
c:\windows\system32\c79downzoad5r3156.cpl
c:\windows\system32\ce759wnlzader1243.dll
c:\windows\system32\fedtzre9515419.cpl
c:\windows\system32\fthiez9755.ocx
c:\windows\system32\fthr9at514z5.cpl
c:\windows\system32\z146wo9m5895.dll
c:\windows\system32\z1779t5oj689.exe
c:\windows\system32\z1945v5rus10c.dll
c:\windows\system32\z365steal2958.dll
c:\windows\system32\z3abac9door254.cpl
c:\windows\system32\z49b9parse5053.dll
c:\windows\system32\z54viru9395.ocx
c:\windows\system32\z57985roj79d.ocx
c:\windows\system32\z587tro5609.cpl
c:\windows\system32\z638v5r9970.exe
c:\windows\system32\z6725worm590.ocx
c:\windows\system32\z9459ir5829.exe
c:\windows\system32\z96astea52497.exe
c:\windows\system32\z980not-a-v5rus52c.ocx
c:\windows\system32\z9830troj5f9.dll
c:\windows\system32\z9c85hreat971.dll
c:\windows\system32\ze01spars524589.ocx
c:\windows\z09199roj5e7.ocx
c:\windows\z15509py2ac.ocx
c:\windows\z37es9arse4615.ocx
c:\windows\z5102troj499.ocx
c:\windows\z5515tro928a.cpl
c:\windows\z558thief2979.cpl
c:\windows\z59fsparse1754.exe
c:\windows\z6955worm735.cpl
c:\windows\z7489sp551f.dll
c:\windows\z835vir32699.dll
c:\windows\z8e5s5eal9569.dll
c:\windows\z8ethi9f1655.dll
c:\windows\z98fspy5are2277.exe
c:\windows\z998stea56299.exe
c:\windows\z9c05py9are2867.dll
c:\windows\zb37s9ywar5994.dll
c:\windows\zd9thre5t17229.ocx
c:\windows\ze3cbac5doo91727.cpl
c:\windows\zf10sp5rse16579.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-20 21:15 . 2010-10-20 21:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-19 07:42 . 2010-10-19 07:42 -------- d-----w- c:\windows\Digital Rescue 4 Premium
2010-10-19 07:42 . 2010-10-19 07:42 -------- d-----w- c:\program files\Migo Software
2010-10-19 07:22 . 2010-10-19 07:22 -------- d-----w- c:\program files\Convar
2010-10-19 07:14 . 2010-10-19 07:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-10-19 07:06 . 2010-10-19 07:06 -------- d-----w- c:\documents and settings\mike\Application Data\Avira
2010-10-19 06:48 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-19 06:48 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 06:48 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-19 06:48 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-19 06:48 . 2010-10-19 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-19 05:35 . 2010-10-19 05:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-18 19:33 . 2010-10-20 08:11 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-10-18 10:29 . 2010-10-18 10:29 -------- d-----w- c:\program files\DiskInternals
2010-10-18 08:53 . 2010-10-19 05:34 -------- d-----w- c:\program files\Recover Files
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-27 185872]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="d:\additional programs\quicktime\qttask.exe" [2009-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave5"=Digi32.dll
"MIDI5"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Additional Programs\\Itunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Additional Programs\\vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/18/2010 11:48 PM 135336]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [5/30/2010 5:49 PM 16400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 6:35 PM 135664]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/23/2009 11:36 AM 54328]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [5/31/2010 7:51 PM 158600]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 01:35]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 01:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\mike\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\NOS\bin\np_gp.dll
FF - plugin: c:\program files\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: d:\additional programs\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\additional programs\Divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\additional programs\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-{9F1D8E17-2AE6-4608-901D-42146D7D9C68} - c:\program files\InstallShield Installation Information\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}\setup.exe



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x840F7446]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb9de6bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9df3a21
SendHandler -> NDIS.sys @ 0xb9dd187b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:0a,8c,c7,7d,92,1c,23,2b,e9,78,f4,19,57,8f,51,cd,8b,bb,8c,79,ec,
02,0a,8f,32,42,1f,4a,9f,73,2d,1b,1f,58,11,7a,96,3c,66,1e,c9,a2,09,5b,52,13,\
"rkeysecu"=hex:bb,ef,ff,78,01,c0,e5,fd,0a,13,dd,82,78,16,2e,c1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\hnetcfg.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2010-10-22 00:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 07:44
ComboFix2.txt 2009-11-18 05:50

Pre-Run: 10,891,247,616 bytes free
Post-Run: 12,075,728,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8CB2D239A4D3DA7432090A9DFC225788

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Sat 23 Oct 2010, 10:49 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Sat 23 Oct 2010, 11:21 am

2010/10/22 17:20:28.0218 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/22 17:20:28.0218 ================================================================================
2010/10/22 17:20:28.0218 SystemInfo:
2010/10/22 17:20:28.0218
2010/10/22 17:20:28.0218 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/22 17:20:28.0218 Product type: Workstation
2010/10/22 17:20:28.0218 ComputerName: MIKE-F8FDVGFAV7
2010/10/22 17:20:28.0218 UserName: mike
2010/10/22 17:20:28.0218 Windows directory: C:\WINDOWS
2010/10/22 17:20:28.0218 System windows directory: C:\WINDOWS
2010/10/22 17:20:28.0218 Processor architecture: Intel x86
2010/10/22 17:20:28.0218 Number of processors: 1
2010/10/22 17:20:28.0218 Page size: 0x1000
2010/10/22 17:20:28.0218 Boot type: Normal boot
2010/10/22 17:20:28.0218 ================================================================================
2010/10/22 17:20:28.0765 Initialize success
2010/10/22 17:20:31.0453 ================================================================================
2010/10/22 17:20:31.0453 Scan started
2010/10/22 17:20:31.0453 Mode: Manual;
2010/10/22 17:20:31.0453 ================================================================================
2010/10/22 17:20:32.0140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/22 17:20:32.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/22 17:20:32.0312 ADIHdAudAddService (d81da6943a4c03dbb1e1db8ae74c75f3) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/10/22 17:20:32.0406 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/10/22 17:20:32.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/22 17:20:32.0562 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/22 17:20:32.0968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/22 17:20:33.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/22 17:20:33.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/22 17:20:33.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/22 17:20:33.0296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/22 17:20:33.0406 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/22 17:20:33.0531 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/22 17:20:33.0593 b57w2k (452649bd89ce0775cf3e25ec2a5b348d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/22 17:20:33.0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/22 17:20:33.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/22 17:20:34.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/22 17:20:34.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/22 17:20:34.0218 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/22 17:20:34.0500 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\WINDOWS\system32\DRIVERS\diginet.sys
2010/10/22 17:20:34.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/22 17:20:34.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/22 17:20:34.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/22 17:20:34.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/22 17:20:34.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/22 17:20:35.0125 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/22 17:20:35.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/22 17:20:35.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/22 17:20:35.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/22 17:20:35.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/22 17:20:35.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/22 17:20:35.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/22 17:20:35.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/22 17:20:35.0812 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/22 17:20:35.0890 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/22 17:20:35.0906 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/22 17:20:35.0984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/22 17:20:36.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/22 17:20:36.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/10/22 17:20:36.0328 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2010/10/22 17:20:36.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/22 17:20:36.0609 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/22 17:20:36.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/22 17:20:36.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/22 17:20:36.0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/22 17:20:36.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/22 17:20:36.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/22 17:20:36.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/22 17:20:36.0968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/22 17:20:36.0984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/22 17:20:37.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/22 17:20:37.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/22 17:20:37.0359 MAUSBFASTTRACKPRO (f3131ec724ede4093374110c445e9358) C:\WINDOWS\system32\DRIVERS\MAudioFastTrackPro.sys
2010/10/22 17:20:37.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/22 17:20:37.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/22 17:20:37.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/22 17:20:37.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/22 17:20:37.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/22 17:20:37.0859 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/22 17:20:37.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/22 17:20:38.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/22 17:20:38.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/22 17:20:38.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/22 17:20:38.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/22 17:20:38.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/22 17:20:38.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/22 17:20:38.0453 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/22 17:20:38.0562 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/22 17:20:38.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/22 17:20:38.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/22 17:20:38.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/22 17:20:38.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/22 17:20:38.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/22 17:20:39.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/22 17:20:39.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/22 17:20:39.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/22 17:20:39.0484 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/22 17:20:39.0859 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/10/22 17:20:39.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/22 17:20:39.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/22 17:20:40.0000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/22 17:20:40.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/22 17:20:40.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/22 17:20:40.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/22 17:20:40.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/22 17:20:40.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/22 17:20:40.0625 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/22 17:20:40.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/22 17:20:40.0703 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/22 17:20:40.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/22 17:20:40.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/22 17:20:40.0843 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/22 17:20:41.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/22 17:20:41.0203 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/22 17:20:41.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/22 17:20:41.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/22 17:20:41.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/22 17:20:41.0406 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/22 17:20:41.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/22 17:20:41.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/22 17:20:41.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/22 17:20:41.0734 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/10/22 17:20:41.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/22 17:20:41.0984 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2010/10/22 17:20:42.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/22 17:20:42.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/22 17:20:42.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/22 17:20:42.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/22 17:20:42.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/22 17:20:42.0531 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/22 17:20:42.0593 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/22 17:20:42.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/22 17:20:42.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/22 17:20:42.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/22 17:20:42.0937 tap0901 (ca1da0c128f84b3dd7e4dc21634ee39e) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2010/10/22 17:20:43.0031 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2010/10/22 17:20:43.0078 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
2010/10/22 17:20:43.0187 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/22 17:20:43.0250 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/22 17:20:43.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/22 17:20:43.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/22 17:20:43.0531 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2010/10/22 17:20:43.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/22 17:20:43.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/22 17:20:43.0812 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/22 17:20:43.0859 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/22 17:20:43.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/22 17:20:43.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/22 17:20:44.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/22 17:20:44.0234 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/22 17:20:44.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/22 17:20:44.0375 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/22 17:20:44.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/22 17:20:44.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/22 17:20:44.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/22 17:20:44.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/22 17:20:44.0828 WmBEnum (59c90bc8317bd3f6e5559a4deaf35090) C:\WINDOWS\system32\drivers\WmBEnum.sys
2010/10/22 17:20:44.0890 WmFilter (999a4539ad634a741afd357e290bd461) C:\WINDOWS\system32\drivers\WmFilter.sys
2010/10/22 17:20:44.0984 WmVirHid (0b8c64b13776f17537f0705fe62799c6) C:\WINDOWS\system32\drivers\WmVirHid.sys
2010/10/22 17:20:45.0031 WmXlCore (8d388aeb1a12c1192aa9b4ebceabcba6) C:\WINDOWS\system32\drivers\WmXlCore.sys
2010/10/22 17:20:45.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/22 17:20:45.0156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/22 17:20:45.0234 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/22 17:20:45.0234 ================================================================================
2010/10/22 17:20:45.0234 Scan finished
2010/10/22 17:20:45.0234 ================================================================================
2010/10/22 17:20:45.0250 Detected object count: 1
2010/10/22 17:20:57.0046 \HardDisk1\MBR - will be cured after reboot
2010/10/22 17:20:57.0046 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Sun 24 Oct 2010, 11:00 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Sun 24 Oct 2010, 5:43 pm

Should I get new antivrus?


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=57e323767fc6604fbb075cf27eac8b1d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-24 12:55:12
# local_time=2010-10-23 05:55:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777195 100 0 44939975 44939975 0 0
# compatibility_mode=8192 67108863 100 0 28516767 28516767 0 0
# scanned=93168
# found=0
# cleaned=0
# scan_time=1911

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Mon 25 Oct 2010, 11:13 am

Hello.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Mon 25 Oct 2010, 12:14 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Reader 9.4.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Camera Access Library
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Digidesign Pro Tools Creative Collection 8.0
Digidesign Pro Tools M-Powered 8.0
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ESET Online Scanner v3
Free DigiRack Plug-Ins 8.0
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iLok Client Helper x32x64
iLok Client Helper x32x64
Interlok driver setup x32
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 19
K-Lite Mega Codec Pack 3.5.3
Malwarebytes' Anti-Malware
M-Audio FastTrackPro Driver 6.0.2 (x86)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Platform Installer 2.0
Migo Digital Rescue 4 Premium
MobileMe Control Panel
Mozilla Firefox (3.6.11)
MP3 WAV Converter 3.26
Native Instruments Kontakt 4
NVIDIA Drivers
PowerISO
QuickTime
RealPlayer
Reload 1.0
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype 4.2
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.762
Vuze
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack


systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Tue 26 Oct 2010, 11:10 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 19
    Vuze

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.


How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Tue 26 Oct 2010, 7:16 pm

Everything works fine except I cannot play dvd's now for some reason, also I can no longer see the progress bar on downloads?

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by systema on Tue 26 Oct 2010, 8:28 pm

My antivirus is still not opening, the umbrella is always closed and it sais program not responding.

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Wed 27 Oct 2010, 10:40 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by systema on Wed 27 Oct 2010, 2:54 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9EF2000 nvata.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED2000 fltmgr.sys
0xBA0F8000 PxHelp20.sys
0xB9EB4000 TPkd.sys
0xB9E9D000 KSecDD.sys
0xB9E10000 Ntfs.sys
0xB9DE3000 NDIS.sys
0xB9DC9000 Mup.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\processr.sys
0xB8866000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8852000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA1E8000 \SystemRoot\System32\DRIVERS\serial.sys
0xB97E7000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA3D0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB883E000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA3E0000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB881A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB97E3000 \SystemRoot\system32\drivers\pfc.sys
0xBA208000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA218000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB87F7000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA228000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB87CC000 \SystemRoot\System32\DRIVERS\b57xp32.sys
0xB87A4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA7F5000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA238000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA540000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB878D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA248000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB8F37000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB877C000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8F27000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA3C0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\tap0901.sys
0xB2CED000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB7139000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA440000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA628000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB2BC7000 \SystemRoot\System32\DRIVERS\update.sys
0xB9D77000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB9D73000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB7129000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB2B75000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB2B51000 \SystemRoot\system32\drivers\portcls.sys
0xB7119000 \SystemRoot\system32\drivers\drmk.sys
0xB2B39000 \SystemRoot\system32\drivers\AEAudio.sys
0xB2AD9000 \SystemRoot\system32\drivers\Senfilt.sys
0xB7109000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6DF4000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA630000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA63C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB3A74000 \SystemRoot\System32\Drivers\Null.SYS
0xBA63E000 \SystemRoot\System32\Drivers\Beep.SYS
0xB7279000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB7271000 \SystemRoot\System32\drivers\vga.sys
0xBA640000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA642000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6F73000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB6F6B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB77E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB076C000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB0713000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB06EB000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB06C9000 \SystemRoot\System32\drivers\afd.sys
0xB6E44000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB6F63000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6F5B000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB0676000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB0606000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB6E34000 \SystemRoot\System32\Drivers\Fips.SYS
0xB05E0000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB6E24000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB0576000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA648000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA380000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB2AC9000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB2C85000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB2AB5000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB2AB1000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA95BE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA862A000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xBA656000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8EE1000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8E2B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA75A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA83B4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA89C5000 \SystemRoot\system32\DRIVERS\diginet.sys
0xABF8D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA835F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA8322000 \SystemRoot\system32\drivers\wdmaud.sys
0xA90D5000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA662000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8037000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7B96000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7C67000 \SystemRoot\System32\Drivers\usbaapl.sys
0xA828C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA710D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
788 C:\WINDOWS\system32\smss.exe
836 csrss.exe
860 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
916 C:\WINDOWS\system32\lsass.exe
1108 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1328 C:\WINDOWS\system32\svchost.exe
1376 svchost.exe
1440 svchost.exe
1704 C:\WINDOWS\system32\spoolsv.exe
1752 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1820 svchost.exe
2016 C:\WINDOWS\explorer.exe
460 C:\Program Files\Analog Devices\Core\smax4pnp.exe
468 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
476 C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
496 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
568 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
588 C:\Program Files\Common Files\Java\Java Update\jusched.exe
608 C:\WINDOWS\system32\ctfmon.exe
756 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
772 C:\Program Files\Bonjour\mDNSResponder.exe
1060 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
1264 C:\Program Files\Java\jre6\bin\jqs.exe
1360 C:\WINDOWS\system32\nvsvc32.exe
1500 C:\WINDOWS\system32\svchost.exe
1124 C:\Program Files\Canon\CAL\CALMAIN.exe
2708 alg.exe
1580 C:\WINDOWS\system32\wuauclt.exe
1920 C:\Program Files\Mozilla Firefox\firefox.exe
4004 C:\Program Files\Mozilla Firefox\plugin-container.exe
3360 C:\Documents and Settings\mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`14826800 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-08MSA1, Rev: 10.01E01
PhysicalDrive1 Model Number: ST3400820AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
372 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

systema

Newbie Surfer
Newbie Surfer

Posts : 37
Joined : 2009-05-19
Operating System : win xp proffesional

View user profile

Back to top Go down

Re: help

Post by Belahzur on Thu 28 Oct 2010, 11:36 am

Hmmm.

Please uninstall Avira, then download a fresh installer and re-install it, see what happens.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: help

Post by Sponsored content Today at 5:55 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum