System Tool

View previous topic View next topic Go down

System Tool

Post by Dom Lightweight on Thu Dec 16, 2010 10:52 pm

Popped up on my computer last night...now can't open any programs after booting or the dreaded yellow "Application cannot be executed" pops up on the lower right hand part of the screen. Changed my desktop to a warning that my computer's infected with spyware...strangely Firefox is fine though. The tricky thing with this is that it 1) won't let me open in Safe mode - when I press F8 on the boot screen, the screen to pick which mode I want to start up in flashes for a split second and then proceeds into regular startup. 2) I can open programs in the 30 seconds or so when the computer stops, but they will close once System Tool loads. I tried running OTL and Hijackthis but both were shut down in seconds. Help?

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 16, 2010 11:18 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try running OTL now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Fri Dec 17, 2010 2:20 am

OTL logfile created on: 12/16/2010 9:17:16 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.99 Gb Total Space | 14.85 Gb Free Space | 5.48% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 60.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVAN
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/12/13 23:48:47 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/08 11:26:20 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 14:24:46 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 14:24:45 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/13 16:43:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL(2).exe
PRC - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/13 16:43:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL(2).exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/12/08 11:26:20 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 14:24:46 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/28 18:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/01/08 15:08:10 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/08 11:26:44 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 20:53:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/08 16:22:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/17 11:35:44 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/09/28 18:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 08:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 11:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/08/16 08:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 13:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 23:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 20:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1<mpl=default<mplcache=2#inbox"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.1.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1138

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/13 23:55:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/13 23:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 23:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 23:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/24 15:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/24 15:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components [2010/04/24 15:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins [2010/04/24 15:35:20 | 000,000,000 | ---D | M]

[2009/09/01 23:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/16 16:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions
[2010/02/18 20:29:24 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2010/09/08 16:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\DTToolbar@toolbarnet.com
[2010/10/24 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\vshare@toolbar
[2010/12/16 16:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/13 18:59:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Fri Dec 17, 2010 11:17 pm

Hello.
Please post the rest of the log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Sat Dec 18, 2010 5:46 am

O1 HOSTS File: ([2010/10/13 18:59:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Sat Dec 18, 2010 11:39 pm

Hello.
Can you try attaching the logs instead? it isn't posting correctly for some reason.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Sun Dec 19, 2010 3:58 am

Couldn't upload it as a reply, used groovebat if that's okay

[You must be registered and logged in to see this link.]

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Sun Dec 19, 2010 3:48 pm

MP3 file? the logs should be a .txt file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Sun Dec 19, 2010 7:33 pm

Open it, it is a text file

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Sun Dec 19, 2010 8:15 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\RunOnce: [gKdOn06308] C:\Documents and Settings\All Users\Application Data\gKdOn06308\gKdOn06308.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe File not found

    :files
    C:\Documents and Settings\All Users\Application Data\gKdOn06308


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Tue Dec 21, 2010 9:42 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\gKdOn06308 deleted successfully.
C:\Documents and Settings\All Users\Application Data\gKdOn06308\gKdOn06308.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\gKdOn06308 folder moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 12212010_164108

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Wed Dec 22, 2010 12:39 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Wed Dec 22, 2010 1:05 am

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/21/2010 8:05:29 PM
mbam-log-2010-12-21 (20-05-29).txt

Scan type: Quick Scan
Objects scanned: 132050
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\temp\0.5726715005235902.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 23, 2010 12:16 am

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Thu Dec 23, 2010 1:34 am

It won't let me update - it says error 732 occured

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 23, 2010 8:16 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Try now please, see if it lets you update MBAM now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Thu Dec 23, 2010 8:38 pm

I'm already under No Proxy, tried updating Malewarebytes again and had the same problem

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 23, 2010 8:40 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Thu Dec 23, 2010 9:09 pm

ComboFix 10-12-23.02 - HP_Administrator 12/23/2010 15:47:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1132 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\Combo-Fix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\Dpr.exe
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\enemies-names.txt
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\iobin700release.exe
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\local.ini
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\pack70v700hunt.exe
c:\documents and settings\HP_Administrator\Application Data\dkfjasdfshd.bat
c:\documents and settings\HP_Administrator\Application Data\Local
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\install.rdf
c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl\confMobileServices.dll
c:\documents and settings\HP_Administrator\Local Settings\Application Data\gvigv.exe
c:\documents and settings\HP_Administrator\Local Settings\temp\Dpr.exe
c:\documents and settings\HP_Administrator\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Security Shield.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Tool
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\esafosiziwawazu.dll
c:\windows\exiyuvac.dll
c:\windows\system32\Oeminfo.ini
c:\windows\upequzuwoc.dll
c:\windows\Wagdil6.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 21:41 . 2010-12-21 21:41 -------- d-----w- C:\_OTL
2010-12-17 22:06 . 2010-12-17 22:06 0 ----a-w- c:\windows\Yfotivegohek.bin
2010-12-17 22:04 . 2010-12-17 22:04 223232 ----a-w- c:\windows\Drokoa.exe
2010-12-17 22:04 . 2010-12-17 22:04 126464 --sha-r- c:\windows\system32\fontexta.dll
2010-12-16 22:20 . 2010-12-16 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dBpoweramp
2010-12-15 21:46 . 2010-12-15 21:46 -------- d-----w- c:\program files\MP3 to AIFF
2010-12-15 05:30 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:29 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\windows\system32\drivers\NSS
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Norton Security Scan
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\NortonInstaller
2010-12-14 04:55 . 2010-12-14 04:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2010-12-14 04:54 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-14 04:54 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-14 04:54 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-14 04:50 . 2010-12-14 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-07 21:57 . 2010-12-23 20:54 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl
2010-12-03 21:08 . 2010-12-03 21:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AccurateRip
2010-12-03 21:08 . 2010-12-03 21:08 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-12-03 21:04 . 2002-07-17 14:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-12-03 21:04 . 2001-03-18 02:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-12-03 21:04 . 2010-12-03 21:04 -------- d-----w- c:\program files\4Musics FLAC to MP3 Converter
2010-12-02 17:01 . 2010-12-02 17:01 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 08:33 . 2010-10-22 01:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-08 16:26 . 2010-10-17 16:01 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 01:53 . 2010-10-17 16:01 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-07 17:19 . 2010-11-07 17:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-05 05:05 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 04:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 04:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-12-22 6347584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 4:22 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/17/2010 11:01 AM 135336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [10/21/2010 8:40 PM 16968]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 6:57 AM 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 6:54 PM 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/3/2010 4:04 PM 16512]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 8:29 PM 23456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-14 15:06]

2010-12-23 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Drokoa.exe [2010-12-17 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DriverAgentPlugin for Firefox and Opera: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} - %profile%\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
FF - Ext: DAEMON Tools Toolbar: [You must be registered and logged in to see this link.] - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-confMobileServices - c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl\confMobileServices.dll
HKCU-Run-Dyuvumamumuset - c:\windows\Wagdil6.dll
HKCU-Run-iobin700release.exe - c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\iobin700release.exe
HKLM-Run-Ozubetalajoq - c:\windows\exiyuvac.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-23 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.0.cs
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.dll 18944 bytes executable
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.out 611 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2512)
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscGui.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\SOUNDMAN.EXE
c:\program files\DISC\DiscStreamHub.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-23 16:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-23 21:07
ComboFix2.txt 2010-10-14 00:04

Pre-Run: 25,478,324,224 bytes free
Post-Run: 25,577,259,008 bytes free

- - End Of File - - 16B71A02D9D480A16BAF045C8B95EF00

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 23, 2010 9:19 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\Yfotivegohek.bin
    c:\windows\Drokoa.exe

    DirLook::
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:8074
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Thu Dec 23, 2010 9:32 pm

ComboFix 10-12-23.02 - HP_Administrator 12/23/2010 16:23:29.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1377 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\My Documents\Downloads\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\Drokoa.exe"
"c:\windows\Yfotivegohek.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Drokoa.exe
c:\windows\Yfotivegohek.bin

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 21:41 . 2010-12-21 21:41 -------- d-----w- C:\_OTL
2010-12-17 22:04 . 2010-12-17 22:04 126464 --sha-r- c:\windows\system32\fontexta.dll
2010-12-16 22:20 . 2010-12-16 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dBpoweramp
2010-12-15 21:46 . 2010-12-15 21:46 -------- d-----w- c:\program files\MP3 to AIFF
2010-12-15 05:30 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:29 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\windows\system32\drivers\NSS
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Norton Security Scan
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\NortonInstaller
2010-12-14 04:55 . 2010-12-14 04:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2010-12-14 04:54 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-14 04:54 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-14 04:54 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-14 04:50 . 2010-12-14 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-07 21:57 . 2010-12-23 20:54 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl
2010-12-03 21:08 . 2010-12-03 21:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AccurateRip
2010-12-03 21:08 . 2010-12-03 21:08 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-12-03 21:04 . 2002-07-17 14:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-12-03 21:04 . 2001-03-18 02:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-12-03 21:04 . 2010-12-03 21:04 -------- d-----w- c:\program files\4Musics FLAC to MP3 Converter
2010-12-02 17:01 . 2010-12-02 17:01 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 21:03 . 2010-10-22 01:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-08 16:26 . 2010-10-17 16:01 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 01:53 . 2010-10-17 16:01 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-07 17:19 . 2010-11-07 17:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-05 05:05 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 04:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 04:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-12-22 6347584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 4:22 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/17/2010 11:01 AM 135336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 6:57 AM 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 6:54 PM 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/3/2010 4:04 PM 16512]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 8:29 PM 23456]
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-14 15:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DriverAgentPlugin for Firefox and Opera: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} - %profile%\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
FF - Ext: DAEMON Tools Toolbar: [You must be registered and logged in to see this link.] - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-23 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-12-23 16:31:24
ComboFix-quarantined-files.txt 2010-12-23 21:31
ComboFix2.txt 2010-12-23 21:07
ComboFix3.txt 2010-10-14 00:04

Pre-Run: 25,594,253,312 bytes free
Post-Run: 25,578,217,472 bytes free

- - End Of File - - 0911EE4A00AE6427BC3F7F4BD9D9CC07

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Fri Dec 24, 2010 11:28 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Sat Dec 25, 2010 2:34 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=5aeddbf823179e4f8c3cefe273a5f4c6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-25 01:25:30
# local_time=2010-12-24 08:25:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 93 0 29637821 0 0
# compatibility_mode=8192 67108863 100 0 10125091 10125091 0 0
# scanned=267535
# found=1
# cleaned=1
# scan_time=6009
C:\_OTL\MovedFiles\12212010_164108\C_Documents and Settings\All Users\Application Data\gKdOn06308\gKdOn06308.exe Win32/Adware.SystemSecurity application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Mon Dec 27, 2010 9:41 pm

Hello.

Download [You must be registered and logged in to see this link.] by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Mon Dec 27, 2010 9:49 pm

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Tue Dec 28, 2010 10:08 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Tue Dec 28, 2010 10:14 pm

Torrent
4Musics FLAC to MP3 Converter 4.0
5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
Chuzzle Deluxe from HP Media Center (remove only)
Collab
Crystal Maze from HP Media Center (remove only)
Customer Experience Enhancement
DAEMON Tools Toolbar
dBpoweramp Music Converter
DISCover
DivX Setup
DriverAgent Plugin for Netscape by eSupport.com
Easy Internet Sign-up
Easy Mail Merge for Outlook
Enigma
ESET Online Scanner v3
Family Feud
FATE from HP Media Center (remove only)
FL Studio 8
GemMaster Mystic
GoldWave v5.55
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
High Definition Audio Driver Package - KB888111
HiJackThis
Hitman Pro 3.5
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Web Helper
IL Download Manager
Insaniquarium Deluxe from HP Media Center (remove only)
ITCH
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 17
KRISTAL Audio Engine
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
Linksys Wireless Manager
LogMeIn
Magic FLAC to MP3 Converter 3.72
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
M-Audio Series II MIDI
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.16)
MP3 to AIFF 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
Norton Security Scan
Otto
PC-Doctor 5 for Windows
Pidgin
Pidgin-Musictracker plugin (remove only)
PoiZone
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Realtek AC'97 Audio
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SimCity 2000 Special Edition
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Super Granny from HP Media Center (remove only)
Toxic Biohazard
Tradewinds from HP Media Center (remove only)
Unreal Tournament
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
WildTangent Web Driver
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Zuma Deluxe from HP Media Center (remove only)


Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Tue Dec 28, 2010 10:26 pm

Hello.

I see that you are running Torrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Torrent
    Adobe Reader 7.0
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 17

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.


Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Tue Dec 28, 2010 11:50 pm

The virus from before is completely cleared up...however I have a different (and probably unrelated program). I actually inquired about it a few months ago but never followed up. I've had a problem with ads on the internet and random internet tabs and windows popping up. Here is the scan from MBRCheck if it helps...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 splk.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E18000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D43000 iaStor.sys
0xB9D2B000 atapi.sys
0xB9CE8000 ftsata2.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CC8000 fltmgr.sys
0xBA118000 bb-run.sys
0xBA128000 PxHelp20.sys
0xB9CB1000 KSecDD.sys
0xB9C24000 Ntfs.sys
0xB9BF7000 NDIS.sys
0xB9BDD000 Mup.sys
0xBA268000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA470000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB92F7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB92E3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB92BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB929C000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA488000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9190000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
0xB917C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8D8D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8D69000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xB8D30000 \SystemRoot\System32\Drivers\ad4got3k.SYS
0xB8D1C000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DE000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xB9B9D000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA6E3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8CF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA308000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8CC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA318000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8C66000 \SystemRoot\system32\DRIVERS\update.sys
0xB9694000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB94B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7FA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3F8000 \SystemRoot\System32\drivers\vga.sys
0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA400000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB46B6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB465D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4635000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB460F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9495000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB45ED000 \SystemRoot\System32\drivers\afd.sys
0xB9485000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9465000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB44FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB448A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9455000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4464000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA5F0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB4440000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA178000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB43A6000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0xB438E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8C3E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6F0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xB2139000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB215A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA458000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA460000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB1EB4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1DAF000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1F79000 \SystemRoot\system32\drivers\sysaudio.sys
0xB195E000 \SystemRoot\System32\Drivers\HTTP.sys
0xB18DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA662000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB1AD7000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB09B3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 84):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
696 csrss.exe
884 C:\WINDOWS\system32\winlogon.exe
928 C:\WINDOWS\system32\services.exe
940 C:\WINDOWS\system32\lsass.exe
1124 C:\WINDOWS\system32\ati2evxx.exe
1140 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1404 svchost.exe
1496 svchost.exe
1756 C:\WINDOWS\system32\spoolsv.exe
1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1876 svchost.exe
1936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2044 C:\WINDOWS\system32\ati2evxx.exe
300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
344 C:\WINDOWS\explorer.exe
448 C:\WINDOWS\arservice.exe
476 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
504 C:\Program Files\Bonjour\mDNSResponder.exe
532 C:\WINDOWS\ehome\ehrecvr.exe
572 C:\WINDOWS\ehome\ehSched.exe
752 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
792 C:\Program Files\LogMeIn\x86\ramaint.exe
848 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1064 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
1340 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
1460 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2080 svchost.exe
2332 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2392 C:\WINDOWS\ehome\ehtray.exe
2512 C:\WINDOWS\arpwrmsg.exe
2640 C:\Program Files\DISC\DISCover.exe
2680 C:\Program Files\DISC\DISCUpdateMgr.exe
2696 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
2744 C:\Program Files\DISC\DiscGui.exe
2764 wmiprvse.exe
2836 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2872 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2880 mcrdsvc.exe
2932 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
2976 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3004 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3112 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3116 C:\WINDOWS\soundman.exe
3424 C:\Program Files\iTunes\iTunesHelper.exe
3540 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3696 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4020 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
1996 C:\Program Files\uTorrent\uTorrent.exe
1328 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1356 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2500 C:\WINDOWS\system32\ctfmon.exe
2476 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2300 C:\WINDOWS\system32\dllhost.exe
412 C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
3604 C:\Program Files\iPod\bin\iPodService.exe
3500 C:\WINDOWS\ehome\ehmsas.exe
3584 alg.exe
1820 C:\Program Files\DISC\DiscStreamHub.exe
3248 C:\WINDOWS\system32\svchost.exe
2444 C:\WINDOWS\system32\wscntfy.exe
3480 C:\hp\KBD\kbd.exe
2944 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
984 C:\WINDOWS\system\hpsysdrv.exe
608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2456 C:\Program Files\Java\jre6\bin\jqs.exe
1316 C:\Program Files\iTunes\iTunes.exe
2928 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3924 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3524 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
424 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3060 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1320 C:\WINDOWS\system32\msiexec.exe
1312 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
3464 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
1984 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1612 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2540 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3012 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2892 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`bf9c6000 (FAT32)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Thu Dec 30, 2010 1:17 am

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Thu Dec 30, 2010 6:50 am

3 ׼ zΎێ\   z fUB |2f"   >Uì
t ٿ 8mt4uf>RECOuf>VERYuEE<t
< t$<u- t= t9RufRucuLQ
tUxQ6lu26:luf3A=tL6UK6WD  Missing operating system

Master Boot Record Error

Press a key.
Q  ? ! 0!` U

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Fri Dec 31, 2010 12:49 pm

Did MBRcheck not make a log.dat file?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Mon Jan 03, 2011 2:18 am

I'm an idiot..didn't realize it produced another log and tried to put up a text verison of the dump.dat file...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 splk.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E18000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D43000 iaStor.sys
0xB9D2B000 atapi.sys
0xB9CE8000 ftsata2.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CC8000 fltmgr.sys
0xBA118000 bb-run.sys
0xBA128000 PxHelp20.sys
0xB9CB1000 KSecDD.sys
0xB9C24000 Ntfs.sys
0xB9BF7000 NDIS.sys
0xB9BDD000 Mup.sys
0xBA268000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA470000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB92F7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB92E3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB92BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB929C000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA488000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9190000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
0xB917C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8D8D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8D69000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xB8D30000 \SystemRoot\System32\Drivers\ad4got3k.SYS
0xB8D1C000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DE000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xB9B9D000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA6E3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8CF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA308000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8CC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA318000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8C66000 \SystemRoot\system32\DRIVERS\update.sys
0xB9694000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB94B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7FA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3F8000 \SystemRoot\System32\drivers\vga.sys
0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA400000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB46B6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB465D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4635000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB460F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9495000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB45ED000 \SystemRoot\System32\drivers\afd.sys
0xB9485000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9465000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB44FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB448A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9455000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4464000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA5F0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB4440000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA178000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB438E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8C3E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6F0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xB2139000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB215A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA458000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA460000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB1EB4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1DAF000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1F79000 \SystemRoot\system32\drivers\sysaudio.sys
0xB195E000 \SystemRoot\System32\Drivers\HTTP.sys
0xB18DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA662000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB1AD7000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB09B3000 \SystemRoot\system32\drivers\kmixer.sys
0xB0259000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 77):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
696 csrss.exe
884 C:\WINDOWS\system32\winlogon.exe
928 C:\WINDOWS\system32\services.exe
940 C:\WINDOWS\system32\lsass.exe
1124 C:\WINDOWS\system32\ati2evxx.exe
1140 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1404 svchost.exe
1496 svchost.exe
1756 C:\WINDOWS\system32\spoolsv.exe
1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1876 svchost.exe
1936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2044 C:\WINDOWS\system32\ati2evxx.exe
300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
344 C:\WINDOWS\explorer.exe
448 C:\WINDOWS\arservice.exe
476 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
504 C:\Program Files\Bonjour\mDNSResponder.exe
532 C:\WINDOWS\ehome\ehrecvr.exe
572 C:\WINDOWS\ehome\ehSched.exe
752 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
792 C:\Program Files\LogMeIn\x86\ramaint.exe
848 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1064 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
1340 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
1460 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2080 svchost.exe
2332 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2392 C:\WINDOWS\ehome\ehtray.exe
2512 C:\WINDOWS\arpwrmsg.exe
2640 C:\Program Files\DISC\DISCover.exe
2680 C:\Program Files\DISC\DISCUpdateMgr.exe
2696 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
2744 C:\Program Files\DISC\DiscGui.exe
2764 wmiprvse.exe
2836 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2872 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2880 mcrdsvc.exe
2932 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
2976 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3004 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3112 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3116 C:\WINDOWS\soundman.exe
3424 C:\Program Files\iTunes\iTunesHelper.exe
3540 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3696 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4020 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
1996 C:\Program Files\uTorrent\uTorrent.exe
1328 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1356 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2500 C:\WINDOWS\system32\ctfmon.exe
2476 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2300 C:\WINDOWS\system32\dllhost.exe
412 C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
3604 C:\Program Files\iPod\bin\iPodService.exe
3500 C:\WINDOWS\ehome\ehmsas.exe
3584 alg.exe
1820 C:\Program Files\DISC\DiscStreamHub.exe
3248 C:\WINDOWS\system32\svchost.exe
2444 C:\WINDOWS\system32\wscntfy.exe
3480 C:\hp\KBD\kbd.exe
2944 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
984 C:\WINDOWS\system\hpsysdrv.exe
608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2456 C:\Program Files\Java\jre6\bin\jqs.exe
1316 C:\Program Files\iTunes\iTunes.exe
688 C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
340 C:\Program Files\Serato\ITCH\ITCH.exe
5340 C:\Program Files\Mozilla Firefox\firefox.exe
5624 C:\Program Files\Mozilla Firefox\plugin-container.exe
4600 C:\WINDOWS\notepad.exe
4956 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`bf9c6000 (FAT32)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Tue Jan 04, 2011 1:18 am

Please attach the dump.dat file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Tue Jan 04, 2011 1:35 am

[You must be registered and logged in to see this link.]

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Tue Jan 04, 2011 1:39 am

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Tool

Post by Dom Lightweight on Tue Jan 04, 2011 1:43 am

2011/01/03 20:42:29.0991 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/03 20:42:29.0991 ================================================================================
2011/01/03 20:42:29.0991 SystemInfo:
2011/01/03 20:42:29.0991
2011/01/03 20:42:29.0991 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/03 20:42:29.0991 Product type: Workstation
2011/01/03 20:42:29.0991 ComputerName: EVAN
2011/01/03 20:42:29.0991 UserName: HP_Administrator
2011/01/03 20:42:29.0991 Windows directory: C:\WINDOWS
2011/01/03 20:42:29.0991 System windows directory: C:\WINDOWS
2011/01/03 20:42:29.0991 Processor architecture: Intel x86
2011/01/03 20:42:29.0991 Number of processors: 2
2011/01/03 20:42:29.0991 Page size: 0x1000
2011/01/03 20:42:29.0991 Boot type: Normal boot
2011/01/03 20:42:29.0991 ================================================================================
2011/01/03 20:42:31.0523 Initialize success
2011/01/03 20:42:40.0095 ================================================================================
2011/01/03 20:42:40.0095 Scan started
2011/01/03 20:42:40.0095 Mode: Manual;
2011/01/03 20:42:40.0095 ================================================================================
2011/01/03 20:42:40.0673 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/03 20:42:40.0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/03 20:42:40.0798 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/03 20:42:40.0892 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/03 20:42:40.0955 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/03 20:42:41.0315 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/03 20:42:41.0518 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/01/03 20:42:41.0581 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/01/03 20:42:41.0643 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/01/03 20:42:41.0674 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/01/03 20:42:41.0721 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/01/03 20:42:41.0784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/03 20:42:41.0831 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/01/03 20:42:42.0050 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/01/03 20:42:42.0144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/03 20:42:42.0222 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/03 20:42:42.0300 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/03 20:42:42.0488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/03 20:42:42.0535 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/03 20:42:42.0613 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/03 20:42:42.0660 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/03 20:42:42.0691 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/03 20:42:42.0754 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/01/03 20:42:42.0785 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/03 20:42:42.0879 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/03 20:42:42.0957 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/03 20:42:43.0020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/03 20:42:43.0066 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/03 20:42:43.0098 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/03 20:42:43.0395 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/03 20:42:43.0489 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/03 20:42:43.0661 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/03 20:42:43.0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/03 20:42:43.0723 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/03 20:42:43.0802 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/03 20:42:43.0848 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2011/01/03 20:42:43.0927 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/03 20:42:43.0989 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/03 20:42:44.0052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/03 20:42:44.0099 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/03 20:42:44.0177 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/03 20:42:44.0224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/03 20:42:44.0271 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/03 20:42:44.0302 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/01/03 20:42:44.0349 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/03 20:42:44.0396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/03 20:42:44.0474 hcwPP2 (41bbad646a8c842bc30ef6745a4f6ff3) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2011/01/03 20:42:44.0584 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/01/03 20:42:44.0662 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/03 20:42:44.0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/03 20:42:44.0865 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/03 20:42:44.0928 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/03 20:42:44.0990 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/03 20:42:45.0084 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/03 20:42:45.0147 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/03 20:42:45.0209 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/03 20:42:45.0272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/03 20:42:45.0334 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/03 20:42:45.0381 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/03 20:42:45.0459 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/03 20:42:45.0522 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/01/03 20:42:45.0600 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/03 20:42:45.0647 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/03 20:42:45.0678 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/03 20:42:45.0772 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/03 20:42:45.0835 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/03 20:42:45.0929 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/03 20:42:46.0069 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/01/03 20:42:46.0116 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/01/03 20:42:46.0226 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/01/03 20:42:46.0304 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
2011/01/03 20:42:46.0398 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/03 20:42:46.0476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/03 20:42:46.0554 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/03 20:42:46.0664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/03 20:42:46.0914 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/03 20:42:46.0977 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/03 20:42:47.0039 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/03 20:42:47.0086 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/03 20:42:47.0149 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/03 20:42:47.0196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/03 20:42:47.0274 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/03 20:42:47.0321 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/03 20:42:47.0383 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/03 20:42:47.0462 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/03 20:42:47.0540 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/03 20:42:47.0571 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/03 20:42:47.0618 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/03 20:42:47.0665 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/03 20:42:47.0743 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/03 20:42:47.0806 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/03 20:42:47.0868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/03 20:42:47.0978 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/03 20:42:48.0009 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/03 20:42:48.0040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/03 20:42:48.0150 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/03 20:42:48.0212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/03 20:42:48.0275 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/03 20:42:48.0337 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/03 20:42:48.0400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/03 20:42:48.0525 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/03 20:42:48.0588 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/03 20:42:48.0635 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/03 20:42:48.0682 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/03 20:42:48.0760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/03 20:42:48.0838 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/03 20:42:48.0885 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/03 20:42:48.0947 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/03 20:42:49.0213 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/01/03 20:42:49.0245 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/03 20:42:49.0292 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/03 20:42:49.0370 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/01/03 20:42:49.0432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/03 20:42:49.0510 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/03 20:42:49.0573 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/01/03 20:42:49.0620 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/03 20:42:49.0745 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/03 20:42:49.0792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/03 20:42:49.0902 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/03 20:42:49.0980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/03 20:42:50.0027 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/03 20:42:50.0058 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/03 20:42:50.0120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/03 20:42:50.0246 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/03 20:42:50.0324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/03 20:42:50.0418 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/01/03 20:42:50.0496 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/03 20:42:50.0621 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/03 20:42:50.0699 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/03 20:42:50.0809 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/03 20:42:50.0918 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/03 20:42:51.0012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/03 20:42:51.0075 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/03 20:42:51.0075 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/03 20:42:51.0090 sptd - detected Locked file (1)
2011/01/03 20:42:51.0121 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/03 20:42:51.0215 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/03 20:42:51.0247 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/03 20:42:51.0325 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/03 20:42:51.0403 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/03 20:42:51.0450 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/03 20:42:51.0622 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/03 20:42:51.0731 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/03 20:42:51.0810 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/03 20:42:51.0872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/03 20:42:51.0950 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/03 20:42:52.0107 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/03 20:42:52.0232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/03 20:42:52.0373 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/03 20:42:52.0451 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/03 20:42:52.0514 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/03 20:42:52.0560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/03 20:42:52.0654 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/03 20:42:52.0717 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/03 20:42:52.0779 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/03 20:42:52.0842 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/03 20:42:52.0905 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/03 20:42:52.0983 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/03 20:42:52.0998 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/03 20:42:53.0045 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/03 20:42:53.0108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/03 20:42:53.0217 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/03 20:42:53.0327 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
2011/01/03 20:42:53.0515 ================================================================================
2011/01/03 20:42:53.0515 Scan finished
2011/01/03 20:42:53.0515 ================================================================================
2011/01/03 20:42:53.0530 Detected object count: 1
2011/01/03 20:42:58.0269 Locked file(sptd) - User select action: Skip

Dom Lightweight
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-01-15
OS : Windows XP

View user profile

Back to top Go down

Re: System Tool

Post by Belahzur on Tue Jan 04, 2011 10:05 pm

Hello.
Please reboot your machine.

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.


fixmbr

After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run MBRCheck, then post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum