BOO/TDss.M?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 3:00 am

First I want to say a quick Thank you for all that you guys do on here.

Earlier I was attempting to install world of warcraft. I kept getting blocks asking me to continue thought it was the installation. I allowed one of them to go through but I got to looking at the other when it came up and declined it after that I got the blue screen of death telling me that my computer had to be shut down due to a problem and to save my computer it was doing the blue screen. I really don't know much bout computers other than getting online and such this computer has given me problems before I took it to a repair place and he charged me $80 dollars and seems that it didn't fix everything. I have no idea what is going on and would like to completely wipe my computer but I tried using the disc that came with the computer but it wouldn't allow me to do anything. It being vista of course windows didn't have anything to do and help me with. I have decided if I can just clean up the computer I will be happy. I want it to get faster and not infected don't even know where I look to get all the info. I currently have Avira AntiVir Personal the free version. It pops up from time to time telling me I have a problem and asks me to remove or ignore. I press REMOVE.





I have been scanning today and this is what seems to be the virus.


Last edited by charles_bullard on 28th April 2011, 4:47 am; edited 2 times in total (Reason for editing : Changed title to Virus NAME!)

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 4:04 am

I have ran a scan on OTL I tried to copy and paste it into here but I can't get it to allow my webpage to post it. This is a test to see if this posts.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 4:05 am

Ok I am going to save the logs to a removable card and use my other pc to upload it here.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 4:13 am

OTL logfile created on: 4/27/2011 10:51:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\charlie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 177.38 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.69 Gb Free Space | 51.27% Space Free | Partition Type: NTFS

Computer Name: CHARLIE-PC | User Name: charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 22:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\charlie\Downloads\OTL.com
PRC - [2011/04/27 13:25:38 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/18 07:17:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 20:54:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/12 03:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 22:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\charlie\Downloads\OTL.com
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (QueryBrowser Service)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011/04/27 17:46:57 | 003,274,840 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4f5b191.dll -- (Akamai)
SRV - [2011/04/27 13:25:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/29 15:44:30 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/18 07:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/30 11:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2011/03/18 07:17:41 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 19:36:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.free-tv-video-online.me/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5739AEF5-D126-44A0-AEE1-5B1D4926F16A}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 01:06:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 22:40:37 | 000,000,000 | ---D | M]

[2010/07/22 09:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charlie\AppData\Roaming\Mozilla\Extensions
[2010/07/22 09:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charlie\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/04/27 22:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\i8wce016.default\extensions
[2010/10/21 19:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\i8wce016.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/04 06:09:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\i8wce016.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/27 22:35:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\i8wce016.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/30 19:35:22 | 000,003,915 | ---- | M] () -- C:\Users\charlie\AppData\Roaming\Mozilla\Firefox\Profiles\i8wce016.default\searchplugins\sweetim.xml
[2011/04/27 22:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/30 19:40:53 | 000,000,000 | ---D | M] (QueryBrowser) -- C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}
[2010/11/02 19:00:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/23 20:23:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/27 22:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/27 18:51:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/09/21 08:03:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/21 08:03:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/21 08:03:49 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/21 08:03:49 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
[2010/08/27 03:06:10 | 000,001,943 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober672892840.xml

Hosts file not found
O2 - BHO: (TinyBHO Class) - {00e71626-0bef-11dc-8314-0800200c9a66} - File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DealCricket] File not found
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RegistryBooster] File not found
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Yruxom] C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll (Salt Int'l Coporation)
O4 - HKCU..\Run: [Ywuxafawinaq] C:\Users\charlie\AppData\Local\SPLPNlh.dll (Acronis)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} [You must be registered and logged in to see this link.] (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{98010ba3-e6f7-11df-a444-001d0932c318}\Shell - "" = AutoRun
O33 - MountPoints2\{98010ba3-e6f7-11df-a444-001d0932c318}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 22:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/27 22:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/27 22:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/04/27 22:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/04/27 22:33:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/27 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\charlie\Documents\JavaRa
[2011/04/27 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\charlie\AppData\Local\Microsoft Corporation
[2011/04/27 21:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/04/27 18:51:05 | 000,000,000 | ---D | C] -- C:\Users\charlie\AppData\Local\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}
[2011/04/27 18:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft.temp
[2011/04/15 13:01:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 13:01:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 13:01:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 13:01:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 13:01:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 13:01:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 13:01:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 13:01:11 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 13:01:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 13:01:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 13:01:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 13:01:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 13:01:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 13:01:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 13:01:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 13:01:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 13:01:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 13:01:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 13:01:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 13:01:09 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 13:01:09 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 13:01:07 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 13:01:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 13:01:06 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 13:01:06 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/03 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World
[2011/04/03 17:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World
[2011/04/03 17:24:29 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2011/04/03 10:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoScavenger_1eEI
[2011/04/02 18:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Xtreme Jade
[2011/04/02 15:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conquer Online 2.0
[2011/04/02 15:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conquer Online 2.0
[2010/05/23 15:43:48 | 000,371,712 | ---- | C] (Salt Int'l Coporation) -- C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll
[2010/05/23 15:43:48 | 000,098,816 | ---- | C] (Acronis) -- C:\Users\charlie\AppData\Local\SPLPNlh.dll

========== Files - Modified Within 30 Days ==========

[2011/04/27 22:45:18 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 22:45:18 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 22:40:37 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/27 22:25:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 22:09:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 22:08:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 22:08:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 21:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 21:38:26 | 3219,034,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 21:29:29 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/27 21:29:29 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/27 21:24:03 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/04/27 20:51:19 | 000,000,120 | ---- | M] () -- C:\Users\charlie\AppData\Local\Fsilihibazukoh.dat
[2011/04/27 20:41:21 | 243,838,390 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/27 18:51:06 | 000,000,000 | ---- | M] () -- C:\Users\charlie\AppData\Local\Dcetagesag.bin
[2011/04/27 18:43:22 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2011/04/16 03:22:07 | 000,283,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/04 17:55:57 | 000,000,970 | ---- | M] () -- C:\Users\charlie\Desktop\elementclient - Shortcut.lnk
[2011/04/03 17:29:00 | 000,001,092 | ---- | M] () -- C:\Users\charlie\Desktop\Perfect World.lnk
[2011/04/02 19:00:13 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Xtreme Jade.lnk

========== Files Created - No Company Name ==========

[2011/04/27 22:40:37 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/27 22:40:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/27 21:24:03 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/04/27 21:24:03 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/04/27 21:15:54 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/04/27 21:15:54 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/04/27 18:51:06 | 000,000,120 | ---- | C] () -- C:\Users\charlie\AppData\Local\Fsilihibazukoh.dat
[2011/04/27 18:51:06 | 000,000,000 | ---- | C] () -- C:\Users\charlie\AppData\Local\Dcetagesag.bin
[2011/04/27 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2011/04/04 17:55:57 | 000,000,970 | ---- | C] () -- C:\Users\charlie\Desktop\elementclient - Shortcut.lnk
[2011/04/03 17:29:00 | 000,001,092 | ---- | C] () -- C:\Users\charlie\Desktop\Perfect World.lnk
[2011/04/02 19:00:13 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Xtreme Jade.lnk
[2010/11/07 18:49:32 | 000,139,152 | ---- | C] () -- C:\Users\charlie\AppData\Roaming\PnkBstrK.sys
[2010/09/24 22:49:48 | 000,005,632 | ---- | C] () -- C:\Users\charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 18:54:30 | 000,000,095 | ---- | C] () -- C:\Users\charlie\AppData\Local\fusioncache.dat
[2010/09/07 18:03:57 | 000,000,680 | ---- | C] () -- C:\Users\charlie\AppData\Local\d3d9caps.dat
[2010/09/06 18:55:36 | 000,000,048 | ---- | C] () -- C:\Users\charlie\AppData\Roaming\yyinif.ini
[2010/08/25 18:54:45 | 000,000,000 | ---- | C] () -- C:\Users\charlie\AppData\Roaming\wklnhst.dat
[2010/05/23 15:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/23 15:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/20 03:13:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/18 21:29:43 | 000,263,354 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/06 23:26:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/05/06 23:26:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/06 23:26:22 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/05/06 23:26:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/05/06 23:26:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/06 23:26:18 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,283,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/27 09:41:58 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/21 08:22:14 | 000,000,286 | -HS- | M] () -- C:\Users\charlie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/10/25 22:01:55 | 634,240,147 | ---- | M] () -- C:\Users\charlie\Darkeden_GlobalOffi_Ver6.5.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/25 01:06:06 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/25 01:06:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/25 01:06:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/25 01:06:07 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/18 09:38:05 | 000,000,402 | -HS- | M] () -- C:\Users\charlie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/05/18 21:30:16 | 000,263,354 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/20 00:08:08 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2011/03/03 08:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2007/08/20 00:08:06 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/06 23:26:28 | 000,005,096 | RH-- | M] () -- C:\dell.sdr
[2011/04/27 21:38:26 | 3219,034,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 19:55:47 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/04/27 21:38:25 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2011/04/27 22:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/05/06 20:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/09/06 12:34:05 | 000,000,000 | ---D | M] -- C:\Program Files\att games
[2010/05/19 03:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011/04/27 22:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/05/06 15:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/04/02 16:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Conquer Online 2.0
[2008/05/06 20:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/05/06 20:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/05/06 20:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/11/12 13:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/11/12 13:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/04 15:48:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/05/06 20:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/16 03:20:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/27 22:22:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/25 22:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Joymax
[2010/11/07 18:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/05/06 20:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/27 21:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/12/16 04:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 03:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/05/06 20:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/08/12 03:17:13 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/03/25 01:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/23 04:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/09/25 21:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\NCsoft
[2008/05/06 20:43:35 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/04/27 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/06/08 13:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/05/06 20:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/05/06 15:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/10/18 06:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/03 10:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoScavenger_1eEI
[2010/05/27 16:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/05/27 16:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/05/27 16:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/05/27 16:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/04/16 03:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 03:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/05/27 16:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/05/29 03:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/05/27 16:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/05/06 20:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\XPSMiniViewGadget
[2011/04/02 19:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Xtreme Jade

< %appdata%\*.* >
[2010/11/07 18:49:32 | 000,139,152 | ---- | M] () -- C:\Users\charlie\AppData\Roaming\PnkBstrK.sys
[2010/08/25 18:54:45 | 000,000,000 | ---- | M] () -- C:\Users\charlie\AppData\Roaming\wklnhst.dat
[2010/09/06 18:55:36 | 000,000,048 | ---- | M] () -- C:\Users\charlie\AppData\Roaming\yyinif.ini


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-26 16:34:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5014D98F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 4:13 am

OTL Extras logfile created on: 4/27/2011 10:51:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\charlie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 177.38 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.69 Gb Free Space | 51.27% Space Free | Partition Type: NTFS

Computer Name: CHARLIE-PC | User Name: charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{219D1252-266A-444A-871C-51CE4E3F0209}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{484DE74A-2864-4A29-A44C-F175D09D1B03}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{8339C145-4E1B-4B3C-A0C3-B225C3F2016E}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{B31F7569-B3D5-4C37-88DD-D48411EBD7B7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{DE9184D5-6DC0-48C1-B705-1E69E441D296}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A3E1F-2727-4859-A582-E38FD019592E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{056F7FE2-E5B4-4D1B-957C-62264D28D0F7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{0A380D40-AC95-40A2-A3A2-16CFA10371CD}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1A7C7DC3-F8DB-47EA-86AF-DBE65AB94E04}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1E111A21-BB63-4C27-8EF9-7AED7C1784C1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{1F3F0F09-A76E-4A6C-A8E1-1BC2FE7BF148}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2122F847-4F0B-436D-AFF0-9F2D1DABBCEC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{29A1C2FE-DB56-4B61-BDFE-461B088F8511}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2E7883AF-2DB1-419F-9482-540E593CB567}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{312F4AFF-E565-4D2B-8813-27D6D598AD51}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{37F2B332-E477-4F9E-A101-5F41E24C7E6C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{49F42B00-88A8-4F24-9AD7-3EC0AB06242B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{5B95BC36-B24A-4F62-8077-5E644A1DC505}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{7BFA7BC7-0834-41B6-A75C-DEA52FB544E1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{7C61CC70-BEE0-4901-B027-E460923166DE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8BC032ED-914E-4D15-B537-D0B1250A02EA}" = protocol=17 | dir=in | app=c:\users\charlie\appdata\local\temp\blizzard installer bootstrap - 01a8b69a\installer.exe |
"{8CB7550B-9851-44EE-BF6E-400CA2876A21}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8EC76733-2377-4ED3-A34E-D68269321DCB}" = protocol=6 | dir=in | app=c:\users\charlie\appdata\local\temp\blizzard installer bootstrap - 01a8b69a\installer.exe |
"{A42CF875-AECE-40CB-9275-ED1301A64B7B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{A633551F-A040-4742-A44F-5B59BD275CFF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1559873-47D6-4BF3-AD14-9DF368D0004C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{B9B3217E-F861-4E00-8761-05DD3AB8427F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{BA18015E-41C7-4298-94DF-23D62CD0AA15}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BE0C5C41-658B-448D-A0ED-53C49610613E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C9728DCE-70AE-45AB-8011-0469EF970A52}" = protocol=17 | dir=in | app=c:\users\charlie\appdata\local\temp\blizzard installer bootstrap - 2531ee95\installer.exe |
"{C9D2154B-250A-423A-B8D0-A0DF71E48C2E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{D1ED0316-B500-437F-AA8D-B0898F2A12D9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{DB3FFD1D-110D-4AD8-8F21-06E22DB5C44D}" = protocol=6 | dir=in | app=c:\users\charlie\appdata\local\temp\blizzard installer bootstrap - 2531ee95\installer.exe |
"{DDB74A0A-D5CE-4334-81C1-59204C1EEBC1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{FC11E320-39C4-4091-995E-DBA34199A31C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0006406A-6369-4040-9143-CC1B9E47EFB2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2562D292-431B-4766-BBA3-46EC42E5B6AD}C:\users\charlie\desktop\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=c:\users\charlie\desktop\anarchyonline_18.1.1-large.exe |
"TCP Query User{25E49400-F4AB-44F1-92A3-73081162CE5F}C:\users\charlie\desktop\de_full-client_downloader.exe" = protocol=6 | dir=in | app=c:\users\charlie\desktop\de_full-client_downloader.exe |
"TCP Query User{2B09A636-2691-41B7-8851-7801F5672E18}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{2DB31076-A260-4887-A052-427E8365043C}C:\program files\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\launcher.exe |
"TCP Query User{3A9C4CA9-E42D-443D-BC92-89125BC60E55}C:\users\charlie\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\charlie\downloads\championsonlinef2p.exe |
"TCP Query User{68DD73DF-49ED-4B26-9A32-2B063AFFD6B5}C:\users\charlie\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\charlie\desktop\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{8F3CECE2-EFC0-46AB-BF9A-2C8FAEFAFD70}C:\users\charlie\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\charlie\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{A490FBA4-6C74-42B6-9F90-EDCA3AC2FE6B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{AAB2B565-FE00-488B-807D-B9DC2BED3E76}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{BB6BA99E-6AFA-40A9-94F3-39E9A87ACD19}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{C18260A6-6F74-4B99-9FA7-1966397436A1}C:\program files\joymax\darkeden\darkeden.exe" = protocol=6 | dir=in | app=c:\program files\joymax\darkeden\darkeden.exe |
"TCP Query User{EE1C78A2-182E-4FE8-A3A7-00FEAD7C2B4B}C:\users\charlie\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\charlie\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{05385579-F513-416C-AA1E-D68428511D90}C:\program files\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\launcher.exe |
"UDP Query User{29C5E6CB-05E8-48E3-9A3C-2902E677A831}C:\users\charlie\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\charlie\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{394E2BE4-3885-4789-81AF-3D7C763AFDE5}C:\users\charlie\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\charlie\desktop\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{3B0DDC25-04E3-4494-BE05-9E81C134D4F1}C:\users\charlie\desktop\de_full-client_downloader.exe" = protocol=17 | dir=in | app=c:\users\charlie\desktop\de_full-client_downloader.exe |
"UDP Query User{4449FBEC-8D8F-4B3E-BBDD-911A7FA38172}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4F32F16F-9444-4CDA-B542-62854AEC5695}C:\users\charlie\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\charlie\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{5362E534-F0C9-4747-AC99-7BB334C299F7}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{645385BE-F672-4993-A06F-B686F3754A26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{666E9087-54E5-4794-8437-A8050EE93D90}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{78863178-32FB-47AD-8D2E-B884B32C2242}C:\program files\joymax\darkeden\darkeden.exe" = protocol=17 | dir=in | app=c:\program files\joymax\darkeden\darkeden.exe |
"UDP Query User{7D23DD68-C329-4EC3-AF4A-A155152A44EE}C:\users\charlie\desktop\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=c:\users\charlie\desktop\anarchyonline_18.1.1-large.exe |
"UDP Query User{956F9FDC-83A6-4DB0-99BA-6808B9D3BF6F}C:\users\charlie\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\charlie\downloads\championsonlinef2p.exe |
"UDP Query User{C1EDBC56-5E21-4967-9A59-B1E0CC23373D}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2540BCAF-A9CC-4A22-9905-9964129227A0}}_is1" = Xtreme Jade
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{46F488AC-11FE-4105-8AF5-A6D0B6E2C33A}" = League of Legends
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE938F7-C196-43D7-8EEB-411CDE0A96B1}" = System Requirements Lab
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DivX Setup.divx.com" = DivX Setup
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 4:59:57 AM | Computer Name = charlie-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4079 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 113c Start Time: 01cbe850d20247fa Termination Time: 22

Error - 3/23/2011 8:26:06 AM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/31/2011 8:27:10 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/1/2011 7:37:06 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/2/2011 7:53:00 AM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/3/2011 3:24:15 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/4/2011 9:51:47 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/8/2011 6:40:11 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/10/2011 10:30:47 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/14/2011 6:03:12 PM | Computer Name = charlie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/27/2011 10:36:04 PM | Computer Name = charlie-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 4/27/2011 10:37:50 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 10:40:13 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 10:57:20 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2011 11:34:01 PM | Computer Name = charlie-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 4:53 am

I was preforming a virus scan... Got the blue screen of death with LOTS OF WRITING on it.

Also since this after noon I have also been getting a warning screen saying that a process tree has become unresponsive but it don't give a clue as to whcih one. Just askes to check for solutions and then nothing happens.

I know you guys are extremely busy. So I am patient and will be checking back and forth to see if there is anything posted to my topic here. Thank you in advance for helping me out~

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 5:26 am

Have been trying for the last 30 minutes to get Malwarebytes to download and install. Setup keeps giving me a warning saying the following


ShellExecuteEX failed code 1068
The dependency service or group failed to start.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 28th April 2011, 9:33 am

Hi there Charles and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!


====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:


:files
C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}
C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll
C:\Users\charlie\AppData\Local\SPLPNlh.dll
C:\Users\charlie\AppData\Local\Fsilihibazukoh.dat
C:\Users\charlie\AppData\Local\Dcetagesag.bin

:otl
[2011/04/27 18:51:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}
O2 - BHO: (TinyBHO Class) - {00e71626-0bef-11dc-8314-0800200c9a66} - File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [DealCricket] File not found
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [RegistryBooster] File not found
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] File not found
O4 - HKCU..\Run: [Yruxom] C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll (Salt Int'l Coporation)
O4 - HKCU..\Run: [Ywuxafawinaq] C:\Users\charlie\AppData\Local\SPLPNlh.dll (Acronis)
O4 - Startup: C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found

:commands
[resethosts]
[reboot]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your Desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 9:45 am

========== FILES ==========
C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}\chrome\content folder moved successfully.
C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}\chrome folder moved successfully.
C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A} folder moved successfully.
C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll moved successfully.
C:\Users\charlie\AppData\Local\SPLPNlh.dll moved successfully.
C:\Users\charlie\AppData\Local\Fsilihibazukoh.dat moved successfully.
C:\Users\charlie\AppData\Local\Dcetagesag.bin moved successfully.
========== OTL ==========
Folder C:\USERS\CHARLIE\APPDATA\LOCAL\{5739AEF5-D126-44A0-AEE1-5B1D4926F16A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00e71626-0bef-11dc-8314-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e71626-0bef-11dc-8314-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DealCricket deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yruxom deleted successfully.
File C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ywuxafawinaq deleted successfully.
File C:\Users\charlie\AppData\Local\SPLPNlh.dll not found.
C:\Users\charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_044006

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 9:47 am

I attempted to run the TDSSKiller and it popped up a error message.

TDSS Rootkit remover tool has stopped working.



P.S. I also had 2 errors when I rebooted my pc.

Error Loading C:\Users\charlie\AppData\Local\uvosuramujoyexa.dll
~The specified module could not be found.

Error loading C:\Users\charlie\AppData\Local\SPLPNlh.dll
~The specified module could not be found.


Last edited by charles_bullard on 28th April 2011, 9:51 am; edited 1 time in total (Reason for editing : left out two error messages after reboot.)

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 9:57 am

I also keep getting told that process tree has become unresponsive and needs to close but it don't tell me which one. Here is what is on the screen after that.


Download updates for Windows
There was a problem with Windows that caused it to stop working correctly.

Your computer might be missing updates that can help improve its stability and security.

Go online to check for and install Important and Recommended updates.

Click to go online to the Windows Update website

In the left pane, click Check for updates. If any updates are found, click View available updates.

Select all Important updates, and then click Install. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Note
If you have turned on automatic updating, you might not see any Important updates listed. If this is the case, the updates have already been downloaded to your computer.

Additional information


To learn more about updating your computer, go to the Microsoft website and read the following article:

Windows Update Frequently Asked Questions

And when I try to get to the online help with this it keeps saying that the page is busy or what have you. It just keeps saying that no matter how many times I try to reload or whatever.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 28th April 2011, 10:01 am

mmmmkay, lots of interesting stuff happening.

Time to bring out ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that proceed to download ComboFix, but rename it during the download, to make sure the malware does not interfere.

The easiest is to download using Internet Explorer. If you insist on using Mozilla Firefox, you have to make a change to its configuration:
Tools >> Options >> General >> Downloads >> select Always ask me where to save files.

Use one of the links in the guide to download ComboFix and when your browser asks you where to save it, change the name of the file to svchost.exe and save it to your desktop.



Doubleclick svchost.exe to run the tool. Please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 10:13 am

Attempted to run the ComboFix.exe renamed as svchost.exe and it produced a BSOD.... Sad tearing

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 28th April 2011, 10:28 am

We are not discouraged yet. Try these two and keep teh fingers crossed.

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.

====================

  • Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your Desktop.

  • Double click MBRCheck.exe to run it (right click > Run as Administrator for Vista and WIN7)
  • It will show a black screen with a report of what has been found.
  • Exit from the program, also if an infection is found.
  • The report can be found on your desktop, named MBRCheckxxxx.txt
  • Please post the contents of that report in your next reply.



Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 10:30 am

Malware found just popped up

A virus or unwanted program 'EXP/Pdfka.LW' was found in 'C:\Windows\System32\config\...\1d430d[1].pdf'


Not sure what to do remove is what it has highlighted.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 10:33 am

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-28 05:31:51
-----------------------------
05:31:51.441 OS Version: Windows 6.0.6002 Service Pack 2
05:31:51.441 Number of processors: 4 586 0xF0B
05:31:51.441 ComputerName: CHARLIE-PC UserName: charlie
05:31:53.204 Initialize success
05:31:55.638 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:31:55.638 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
05:31:55.638 Disk 0 MBR read error
05:31:55.638 Disk 0 MBR scan
05:31:55.638 MBR BIOS signature not found 0
05:31:55.638 Disk 0 scanning sectors +625139712
05:31:55.653 Disk 0 scanning C:\Windows\system32\drivers
05:31:58.961 Service scanning
05:32:00.115 Disk 0 trace - called modules:
05:32:00.115 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f07730]<<
05:32:00.115 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8617d2b8]
05:32:00.115 3 CLASSPNP.SYS[8a5a08b3] -> nt!IofCallDriver -> [0x871f53e8]
05:32:00.115 \Driver\iaStor[0x86cf01f8] -> IRP_MJ_CREATE -> 0x86f07730
05:32:00.115 Scan finished successfully

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 28th April 2011, 10:35 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell XPS420
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 138):
0x81E1A000 \SystemRoot\system32\ntkrnlpa.exe
0x821D4000 \SystemRoot\system32\hal.dll
0x872AE000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\drivers\volmgr.sys
0x80727000 \SystemRoot\System32\drivers\volmgrx.sys
0x80771000 \SystemRoot\System32\drivers\mountmgr.sys
0x8240A000 \SystemRoot\system32\drivers\iastor.sys
0x824D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x82504000 \SystemRoot\system32\drivers\fileinfo.sys
0x82514000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8251E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82607000 \SystemRoot\system32\drivers\ndis.sys
0x82712000 \SystemRoot\system32\drivers\msrpc.sys
0x8273D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A201000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A513000 \SystemRoot\system32\drivers\volsnap.sys
0x8A54C000 \SystemRoot\System32\Drivers\spldr.sys
0x8A554000 \SystemRoot\System32\Drivers\mup.sys
0x8A563000 \SystemRoot\System32\drivers\ecache.sys
0x8A58A000 \SystemRoot\system32\drivers\disk.sys
0x8A59B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5BC000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5DD000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A5E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F133000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F1D3000 \SystemRoot\System32\drivers\watchdog.sys
0x82778000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8F1DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x827B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F209000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F296000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8F2E0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F406000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F509000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5BD000 \SystemRoot\system32\drivers\modem.sys
0x8F5CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F5DA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F5E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F30A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F339000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F37A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F385000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F39C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F3A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F3CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F3D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A3CE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F3ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A5F5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A3E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A3ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8258F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x825C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x80781000 \SystemRoot\system32\drivers\stwrt.sys
0x805BA000 \SystemRoot\system32\drivers\portcls.sys
0x825D5000 \SystemRoot\system32\drivers\drmk.sys
0x8F200000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F1F9000 \SystemRoot\System32\Drivers\Null.SYS
0x827F1000 \SystemRoot\System32\Drivers\Beep.SYS
0x827F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x807D4000 \SystemRoot\System32\drivers\vga.sys
0x8F80C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F82D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F835000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F83D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F848000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F856000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F85F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F875000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F889000 \SystemRoot\system32\drivers\afd.sys
0x8F8D1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F903000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F919000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F927000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F93A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F940000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F97C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F986000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F99D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F9C3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F9CC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F9DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F9DE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F9E7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A306000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8F800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x807E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91E80000 \SystemRoot\System32\win32k.sys
0x8F9F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x805E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x920A0000 \SystemRoot\System32\TSDDD.dll
0x920C0000 \SystemRoot\System32\cdd.dll
0x98A01000 \SystemRoot\system32\drivers\luafv.sys
0x98A1C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98A31000 \SystemRoot\system32\drivers\spsys.sys
0x98AE1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98AF1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98B04000 \SystemRoot\system32\DRIVERS\WinUSB.SYS
0x98B0C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x98B21000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x98B33000 \SystemRoot\system32\drivers\HTTP.sys
0x98BA0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98BBD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98BD6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CE02000 \SystemRoot\system32\drivers\mrxdav.sys
0x9CE23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CE42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CE7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CE93000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CEBB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CF0A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CF0E000 \SystemRoot\system32\drivers\peauth.sys
0x9CFEC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E00A000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9E032000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E03E000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E046000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9E05C000 \??\C:\Users\charlie\AppData\Local\Temp\aswMBR.sys
0x77300000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
512 csrss.exe
568 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\Ati2evxx.exe
1100 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\SLsvc.exe
1420 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1812 WUDFHost.exe
1832 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1924 C:\Windows\System32\Ati2evxx.exe
1956 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\dwm.exe
356 C:\Windows\System32\taskeng.exe
444 C:\Windows\explorer.exe
828 C:\Windows\System32\taskeng.exe
2240 C:\Windows\System32\svchost.exe
2280 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2316 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2452 C:\Windows\System32\svchost.exe
2488 C:\Windows\System32\stacsv.exe
2552 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2596 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2676 C:\Windows\System32\SearchIndexer.exe
2728 C:\Windows\System32\drivers\XAudio.exe
2788 WUDFHost.exe
3404 C:\Program Files\Windows Defender\MSASCui.exe
3424 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3460 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3544 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3596 C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
3612 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
3664 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3740 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3868 C:\Program Files\Windows Media Player\wmpnscfg.exe
3888 C:\Program Files\Pando Networks\Media Booster\PMB.exe
3992 C:\Program Files\Digital Line Detect\DLG.exe
4000 C:\Program Files\Windows Media Player\wmpnetwk.exe
3260 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
792 taskeng.exe
5004 C:\Windows\System32\svchost.exe
1876 C:\Program Files\Java\jre6\bin\jp2launcher.exe
4508 C:\Program Files\Java\jre6\bin\java.exe
3928 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
6120 C:\Windows\System32\SearchProtocolHost.exe
3552 C:\Windows\System32\SearchFilterHost.exe
472 C:\Windows\System32\SearchProtocolHost.exe
4360 dllhost.exe
5236 dllhost.exe
560 C:\Users\charlie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-75VYA0, Rev: 12.01B02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 28th April 2011, 12:23 pm

This BOO/TDss.M infection is a nasty piece of work. The last two tools we ran should detect it and they did not.
So either you don´t have this infection, or you have a new variant that eludes these two tools.

To make sure, we run two more tools.

====================

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

====================

Please download RootkitUnhooker by EP-X0FF from [You must be registered and logged in to see this link.] and save it to your desktop.
  • You need to unpack this .rar file, for example using [You must be registered and logged in to see this link.] (not a free program) or [You must be registered and logged in to see this link.] (free program).
  • After extracting the archive, doubleclick RkU3.8.388.590.exe to run the setup program.
  • Install the tool in a folder with random name, as instructed by the setup program.
  • Browse to this folder and double click the randomly named .exe that is in the folder (NOT the unins000.exe) to run RootkitUnhooker.
  • Wait a moment for the user interface to pop up and click the Report tab.
  • Click the Scan button, verify that all options are checked and click OK.
  • During the scan a Select Disks for Scan window will pop up. Select your system disk (usually C:\) and no other disks and hit OK.
  • The files and folders scan will take some time, so please be patient.
  • When finished, choose File > Save Report from the menu and save the report.
  • Please copy & paste the entire report in your next reply. You may need multiple posts for this.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 1:06 am

Ok well I attempted to run the GMER at first it gave me a Error saying that dependency service or group failed to start. So I restarted my pc and tried again. I didn't reliaze that I had forgot to uncheck the Files button but it ran for a while then ended in the BSOD. I then ran it with just the system button checked and it then decided to give me a message saying that GMER hasn't found any system modification.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 3:08 am

Here is the second thing you asked me to do. I didn't get the GMER to generate a report, my computer shut down mid scan so there was nothing reported.





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8823AD90 [244] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8813A460 [312] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85145020 [356] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x87E72CE8 [372] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x87A934F0 [432] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x87AE0D90 [508] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87C1D4A8 [564] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x878DBD90 [572] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87C47D90 [608] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x87CF8808 [636] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x87CF8550 [644] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x87D087C0 [668] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x8810FD90 [708] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x881F0020 [756] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x87D77970 [832] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87D14718 [932] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87E13020 [992] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87E2A020 [1056] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87E504A8 [1120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87E6B3E8 [1144] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87314768 [1164] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87FFEC48 [1320] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87F8CD90 [1376] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x87E64020 [1436] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88055118 [1536] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xE28CB850 [1620] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc., Adobe® Flash® Player Installer/Uninstaller 10.2 r159)
0x87CAF020 [1660] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87CF5D90 [1700] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x880DE538 [1804] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x880FB298 [1916] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x87DAA520 [2112] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x870685F8 [2240] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882AF020 [2280] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x87E97AB0 [2312] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)
0x87EB01B0 [2436] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
0x8706DD90 [2440] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882C7B60 [2520] C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH, AntiVir shadow copy service)
0x882D2D90 [2540] C:\Windows\System32\stacsv.exe (SigmaTel, Inc., STacSV Module)
0x8831FD90 [2588] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88301478 [2628] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8810F0E0 [2680] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x899E7CC0 [2720] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x883475C8 [2728] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
0xE8539CF0 [2740] C:\Windows\System32\MustBeRandomlyNamed\7bi34h6pcO.exe (UG North, RKULE, SR2 Normandy)
0x88351468 [2804] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x883C4020 [3452] C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe (-, XPS MiniView Gadget)
0x885ACD90 [3624] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0x885D61C0 [3640] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation, Event Monitor User Notification Tool)
0x87C9ED90 [3716] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x88638730 [3736] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x87D05020 [3768] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc., Sigmatel Audio system tray application)
0x87E1D540 [3788] C:\Program Files\DivX\DivX Update\DivXUpdate.exe (-, DivX Update)
0x8832BD90 [3836] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x88683A78 [3844] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x88686D90 [3884] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
0x886B3130 [3892] C:\Program Files\Pando Networks\Media Booster\PMB.exe (-, Pando Media Booster)
0x886B2978 [3928] C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software , Digital Line Detection)
0x84E202D8 [3968] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8518AC08 [5356] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x85209D90 [6140] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x8476ED90 [4] System
0x87E62020 [1240] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================


Last edited by charles_bullard on 29th April 2011, 3:11 am; edited 1 time in total (Reason for editing : Adding text.)

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 3:09 am

>Drivers
==============================================
0x8F208000 C:\Windows\system32\DRIVERS\atikmdag.sys 7503872 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x81E4D000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E4D000 PnpManager 3907584 bytes
0x81E4D000 RAW 3907584 bytes
0x81E4D000 WMIxWDM 3907584 bytes
0x91C90000 Win32k 2113536 bytes
0x91C90000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A40E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8260E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8EC01000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8A20C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9DAF7000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A311000 C:\Windows\System32\Drivers\dump_iaStor.sys 819200 bytes
0x82406000 C:\Windows\system32\drivers\iastor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8ED04000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x98E1C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F930000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EA0A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80600000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8251A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80403000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x98F1E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8077F000 C:\Windows\system32\drivers\stwrt.sys 339968 bytes (SigmaTel, Inc., NDRC)
0x9DAA4000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8EA97000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80725000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8EE35000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80689000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8048C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EB3A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x827BA000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EEEC000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8277F000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x82744000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9DA2B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A51E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8258B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E1A000 ACPI_HAL 208896 bytes
0x81E1A000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x824CE000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EE7D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EB0B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x825D1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82719000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EAE1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9DBD5000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x9DA7C000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A56E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8EF49000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x807D2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8EBA8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A5A6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x98FD6000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x805AD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9DA0C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x98F8B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A2F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8EFC4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98FA8000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xA4C17000 C:\Users\charlie\AppData\Local\Temp\kxdiafob.sys 102400 bytes
0x8EDE3000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9DA64000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EF32000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EB86000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA4C01000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EEAF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EE0B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x98E07000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x98FC1000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A3D9000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8EFA0000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x98EF7000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8EBDA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EE21000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x98EDC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EED3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x98F0C000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A595000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x825C0000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80473000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82500000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EF85000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x98ECC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8076F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EDC5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8EBEE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A5F1000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8EFB5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A55F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80707000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EBCB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F9E7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80716000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EDD5000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x91ED0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EEC5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x805E1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8EF6F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EDB8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82600000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8067C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8A5D0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A200000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F9D0000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8A400000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A3EE000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x805D6000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EB9D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EB7B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A5DD000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F9DC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8EFEC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EA00000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8EF28000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x82510000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9DA00000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A5C7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F9F6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EF7C000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8EF97000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA4C30000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x805EF000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x91EB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A5E8000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806CF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80484000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8EFE4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x807F7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x805CE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A557000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x98EEF000 C:\Windows\system32\DRIVERS\WinUSB.SYS 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x98FF7000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8A3F9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x827F8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8F200000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8EEE6000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x9DAF3000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x874CB000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EDFB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EF95000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 3:09 am

>Stealth
==============================================
0x06E40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 102400 bytes
0x00820000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 110592 bytes
0x01910000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 110592 bytes
0x07820000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 126976 bytes
0x07940000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 143360 bytes
0x08370000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 1519616 bytes
0x07FE0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 1683456 bytes
0x07260000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 192512 bytes
0x07D20000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 217088 bytes
0x04F90000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 249856 bytes
0x00890000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 28672 bytes
0x00B70000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 28672 bytes
0x00A30000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x00A50000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x019E0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01A40000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01F40000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01DF0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01E00000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01F30000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01F80000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x01F70000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x050F0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x05420000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x05310000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x055F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x055E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x05920000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x05960000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x05EF0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06880000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06A60000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06E30000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06CA0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06E60000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x06F90000 Hidden Image-->atixclib.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x072A0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x07290000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 28672 bytes
0x07F70000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 339968 bytes
0x084F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 339968 bytes
0x00D30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 36864 bytes
0x01950000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x01A30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x01A50000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x050E0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x05940000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x05F20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x05F60000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x05FC0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x06750000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x06A90000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 36864 bytes
0x07530000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 372736 bytes
0x07790000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 413696 bytes
0x08BA0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 438272 bytes
0x07E80000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 446464 bytes
0x00870000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 45056 bytes
0x00850000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 45056 bytes
0x009F0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x00A20000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x00B80000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x019F0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x01E10000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x05950000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x05970000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x05DB0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x05F40000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x05FB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 45056 bytes
0x06DB0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 454656 bytes
0x071D0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 479232 bytes
0x07EF0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 487424 bytes
0x074B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 495616 bytes
0x00D20000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 53248 bytes
0x019D0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x019C0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x01A10000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x01F50000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x05930000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x05EE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x05F70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x060F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06860000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06710000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06740000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06A40000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06F80000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x06F70000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 53248 bytes
0x08A30000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 602112 bytes
0x00A40000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 61440 bytes
0x04FD0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 61440 bytes
0x05DC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 61440 bytes
0x05F80000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 61440 bytes
0x066A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 61440 bytes
0x08180000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 667648 bytes
0x07A70000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 692224 bytes
0x00A60000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87C9ED90 ] PID: 3716, 69632 bytes
0x00B50000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 69632 bytes
0x060D0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 69632 bytes
0x06240000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 69632 bytes
0x06280000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 69632 bytes
0x01960000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x05430000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x05600000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x05D90000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x06100000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x066E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 77824 bytes
0x08AD0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 798720 bytes
0x059B0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 86016 bytes
0x07800000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 86016 bytes
0x08850000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x87EB01B0 ] PID: 2436, 905216 bytes
==============================================
>Files
==============================================
==============================================

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 3:09 am

>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EF57AA-->81EF57B1 [ntkrnlpa.exe]
[1164]svchost.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74772671-->00000000 [unknown_code_page]
[1164]svchost.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x747727D4-->00000000 [unknown_code_page]
[1164]svchost.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74772995-->00000000 [unknown_code_page]
[1164]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E25BF8-->00000000 [unknown_code_page]
[1164]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E24B84-->00000000 [unknown_code_page]
[1164]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E254C4-->00000000 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x75870B88-->00000000 [unknown_code_page]
[244]explorer.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74772671-->00000000 [unknown_code_page]
[244]explorer.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x747727D4-->00000000 [unknown_code_page]
[244]explorer.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74772995-->00000000 [unknown_code_page]
[244]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E25BF8-->00000000 [unknown_code_page]
[244]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E24B84-->00000000 [unknown_code_page]
[244]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E254C4-->00000000 [unknown_code_page]
[356]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [IEShims.dll]
[356]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->00000000 [IEShims.dll]
[356]iexplore.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74772671-->00000000 [unknown_code_page]
[356]iexplore.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x747727D4-->00000000 [unknown_code_page]
[356]iexplore.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74772995-->00000000 [unknown_code_page]
[356]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E25BF8-->00000000 [unknown_code_page]
[356]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E24B84-->00000000 [unknown_code_page]
[356]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E254C4-->00000000 [unknown_code_page]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->00000000 [IEShims.dll]
[356]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x75858E3B-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x758726F1-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x75879A62-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x758717AA-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x758572A2-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x75861305-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7589847D-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x75882EF5-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x75898152-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x758810B0-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7585CD8B-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7588326E-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7585863C-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x75868CB1-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x75871847-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x75870745-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [IEShims.dll]
[356]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x758AD972-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x758AD639-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x758AD65D-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x758AD4D9-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x758AD5D3-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x75882F75-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x75896FB2-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x75880987-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x758587AD-->00000000 [ieframe.dll]
[356]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x758598DB-->00000000 [ieframe.dll]
[3892]PMB.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x75FDA84F-->00000000 [unknown_code_page]
[5356]iexplore.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74772671-->00000000 [unknown_code_page]
[5356]iexplore.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x747727D4-->00000000 [unknown_code_page]
[5356]iexplore.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74772995-->00000000 [unknown_code_page]
[5356]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E25BF8-->00000000 [unknown_code_page]
[5356]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E24B84-->00000000 [unknown_code_page]
[5356]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E254C4-->00000000 [unknown_code_page]
[5356]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x75861305-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7589847D-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x75882EF5-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x75898152-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x758810B0-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x758AD639-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x758AD65D-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x758AD4D9-->00000000 [ieframe.dll]
[5356]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x758AD5D3-->00000000 [ieframe.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 29th April 2011, 6:56 am

imo that last log is clean. I really cant find this TDSS infection you state you have, what scanner found it and when?
In the mean time, I would suggest to check your disk for errors and run a good online scanner to see if new information pops up.

Note that this afternoon I will leave for the weekend and www-less for about 48 h.

How to run a Disk Check on your C: drive:

  • Click Start and open My Computer
  • Right-click on C: and select Properties
  • Click on the Tools tab
  • Under Error-checking click the Check Now... button
  • Mark the box next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
  • When the message box pops up, click the Schedule disk check button and restart your computer
  • Check Disk will notify you that it is going to run unless you cancel it by pressing any key, don't press any keys, just let it run
  • Once it finishes your PC will reboot again, once it does, log in to Windows normally

====================

We´re going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the [You must be registered and logged in to see this link.]
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • UNSELECT the Remove all threats option.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 10:19 am

Avira stated that I had this said virus I don't know it kept telling me to remove this but that don't explain the fact that things keep giving me the blue screen. That is the problem that keeps puzzling me. I will proceed with your new instructions.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 10:24 am

I have attempted to do the Error-Checking and when I click on it to do the fix. It won't do anything and freezes up won't let me close it or anything

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 29th April 2011, 10:41 am

Do you have a Windows Vista setup disk?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 12:20 pm

I got the Error Checking to run finally and it took forever. I do have the disc I tried running it but it kept telling me that it couldnt find the compatable drives. I don't understand that cause I have both driver disc and vista disc and have tried using them both. But on to the next step from your previous post.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 29th April 2011, 2:57 pm

C:\Program Files\VideoScavenger_1eEI\Installr\1.bin\1eEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Users\charlie\AppData\Local\Temp\5748.tmp Win32/Olmarik.AMN trojan
C:\Users\charlie\AppData\Local\Temp\ecrwnsxmao.exe Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Users\charlie\AppData\Local\Temp\jar_cache676578667115791146.tmp Java/Exploit.CVE-2010-0842.I trojan
C:\Users\charlie\AppData\Local\Temp\worxcenmas.exe Win32/Cimag.DU trojan
C:\Windows\Temp\ecr3D88.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\Windows\Temp\ecr3DD7.tmp Win32/TrojanDownloader.FakeAlert.BBT trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\SPLPNlh.dll Win32/Cimag.DU trojan
C:\_OTL\MovedFiles\04282011_044006\C_USERS\CHARLIE\APPDATA\LOCAL\uvosuramujoyexa.dll a variant of Win32/Kryptik.NCK trojan

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 1st May 2011, 6:06 pm

Hi Charles, just came back from my www-less weekend. Some (presumably good) news: new versions exist of aswMBR and GMER. Let´s hope either of them shows details of your infection. First some preparatory work, before we run scans.

====================

  • Please download TFC (Temp File Cleaner) by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all programs and save your work.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that need to be deleted this can take seconds or up to minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

In the following step we are going to disable any CD-emulation drivers you might be running (e.g. Daemon tools, Roxio). These drivers can be a source of problems (blue screens, false positives) for our anti-malware tools. We will not re-enable them until after we clean up your machine.

Download DeFogger by jpshortstuff from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick DeFogger.exe to run the tool (rightclick > Run as Administrator for Windows Vista)
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

If you receive an error message while running DeFogger, please post the defogger_disable log that will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
====================

OK, try disabling the security software you are running (antivirus, firewall). Please check out [You must be registered and logged in to see this link.] to find out how to temporarily disable any security software.

====================

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

====================

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:38 am

GMER 1.0.15.15572 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-02 01:37:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.12.0
Running: yb65thpu.exe; Driver: C:\Users\charlie\AppData\Local\Temp\kxdiafob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:39 am

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 6:45 am

And sorry should have said all this first...


Welcome back from your www-less weekend. I hope it was a great one.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 7:00 am

I had a great weekend and coming back to work hearing that the most vicious of malware in this world has been eliminated has made my day.

Anyway, it wasn´t easy, but our tools have verified that you are infected with TDSS. It took some effort, because we are dealing with a new variant that has eluded previous versions of our scanners.

We are going to rerun aswMBR, this time to remove the infection.

  • Double click aswMBR.exe to run the tool
  • Once the scan finishes click Fix to remove the infection
  • Copy and paste the contents of the log generated back here.


====================

Also, please rerun the GMER scan and post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 7:14 am

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 01:38:30
-----------------------------
01:38:30.038 OS Version: Windows 6.0.6002 Service Pack 2
01:38:30.038 Number of processors: 4 586 0xF0B
01:38:30.038 ComputerName: CHARLIE-PC UserName: charlie
01:38:31.068 Initialize success
01:38:36.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:38:36.044 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
01:38:36.044 Disk 0 MBR read successfully
01:38:36.044 Disk 0 MBR scan
01:38:36.044 Disk 0 TDL4@MBR code has been found
01:38:36.060 Disk 0 MBR hidden
01:38:36.060 Disk 0 MBR [TDL4] **ROOTKIT**
01:38:36.060 Disk 0 trace - called modules:
01:38:36.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
01:38:36.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
01:38:36.060 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
01:38:36.060 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
01:38:36.075 Scan finished successfully
01:38:50.708 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Documents\MBR.dat"
01:38:50.724 The log file has been saved successfully to "C:\Users\charlie\Documents\aswMBR.txt"
01:39:11.089 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
01:39:11.104 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:03:02
-----------------------------
02:03:02.332 OS Version: Windows 6.0.6002 Service Pack 2
02:03:02.332 Number of processors: 4 586 0xF0B
02:03:02.332 ComputerName: CHARLIE-PC UserName: charlie
02:03:04.142 Initialize success
02:03:14.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:03:14.094 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:03:14.094 Disk 0 MBR read successfully
02:03:14.094 Disk 0 MBR scan
02:03:14.094 Disk 0 TDL4@MBR code has been found
02:03:14.110 Disk 0 MBR hidden
02:03:14.110 Disk 0 MBR [TDL4] **ROOTKIT**
02:03:14.110 Disk 0 trace - called modules:
02:03:14.110 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f3d730]<<
02:03:14.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86894ac8]
02:03:14.110 3 CLASSPNP.SYS[8a59e8b3] -> nt!IofCallDriver -> [0x872d1e80]
02:03:14.126 \Driver\iaStor[0x86067558] -> IRP_MJ_CREATE -> 0x86f3d730
02:03:14.126 Scan finished successfully
02:03:15.155 Disk 0 fixing MBR
02:03:25.170 Disk 0 MBR restored successfully
02:03:25.170 Infection fixed successfully - please reboot ASAP
02:03:31.925 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:03:31.941 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 02:09:19
-----------------------------
02:09:19.576 OS Version: Windows 6.0.6002 Service Pack 2
02:09:19.576 Number of processors: 4 586 0xF0B
02:09:19.576 ComputerName: CHARLIE-PC UserName: charlie
02:09:20.777 Initialize success
02:09:21.838 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:09:21.838 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
02:09:21.838 Disk 0 MBR read successfully
02:09:21.838 Disk 0 MBR scan
02:09:21.838 Disk 0 TDL4@MBR code has been found
02:09:21.838 Disk 0 MBR hidden
02:09:21.854 Disk 0 MBR [TDL4] **ROOTKIT**
02:09:21.854 Disk 0 trace - called modules:
02:09:21.854 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f05730]<<
02:09:21.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86185ac8]
02:09:21.854 3 CLASSPNP.SYS[8a5aa8b3] -> nt!IofCallDriver -> [0x8727c8a0]
02:09:21.854 \Driver\iaStor[0x86ee7240] -> IRP_MJ_CREATE -> 0x86f05730
02:09:21.869 Scan finished successfully
02:09:27.095 Disk 0 fixing MBR
02:09:37.110 Disk 0 MBR restored successfully
02:09:37.110 Infection fixed successfully - please reboot ASAP
02:09:44.770 Disk 0 MBR has been saved successfully to "C:\Users\charlie\Desktop\MBR.dat"
02:09:44.786 The log file has been saved successfully to "C:\Users\charlie\Desktop\aswMBR.txt"



charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 7:24 am

ugh, aswMBR has failed to remove it. Have you rebooted immediately after fixing?

The safe way to clean your MBR is with the Vista boot disk. But if that disk does not recognize your harddisks as you have said earlier, we have a problem.

If you could verify that. Startup with Vista setup disk > Repair your computer > System Recovery Options > Command Prompt and run the bootrec /FixMbr command.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 7:57 am

The disk doesn't give me repair computer options. It just says install or check compatability online. Which I can't even do online.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 8:14 am

Argll

OK - I have browsed Kaspersky Forum and it appears there is a new version of TDSSKiller that is not yet officially available. I have uploaded it [You must be registered and logged in to see this link.].

Download that file from MegaUpload, unzip and run.

After that run aswMBR to verify if we got rid of this nasty buggar

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 8:22 am

I am going to go ahead and post the log here.
This is from the TDSSKiller2.5.0.0



2011/05/02 03:21:04.0907 5876 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:05.0672 5876 SystemInfo:
2011/05/02 03:21:05.0672 5876
2011/05/02 03:21:05.0672 5876 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/02 03:21:05.0672 5876 Product type: Workstation
2011/05/02 03:21:05.0672 5876 ComputerName: CHARLIE-PC
2011/05/02 03:21:05.0672 5876 UserName: charlie
2011/05/02 03:21:05.0672 5876 Windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 System windows directory: C:\Windows
2011/05/02 03:21:05.0672 5876 Processor architecture: Intel x86
2011/05/02 03:21:05.0672 5876 Number of processors: 4
2011/05/02 03:21:05.0672 5876 Page size: 0x1000
2011/05/02 03:21:05.0672 5876 Boot type: Normal boot
2011/05/02 03:21:05.0672 5876 ================================================================================
2011/05/02 03:21:06.0031 5876 Initialize success
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:14.0002 4260 Scan started
2011/05/02 03:21:14.0002 4260 Mode: Manual;
2011/05/02 03:21:14.0002 4260 ================================================================================
2011/05/02 03:21:15.0406 4260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/02 03:21:15.0500 4260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/02 03:21:15.0609 4260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/02 03:21:15.0687 4260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/02 03:21:15.0749 4260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/02 03:21:15.0890 4260 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/02 03:21:15.0999 4260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/02 03:21:16.0108 4260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/02 03:21:16.0202 4260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/02 03:21:16.0373 4260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/02 03:21:16.0467 4260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/02 03:21:16.0576 4260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/02 03:21:16.0639 4260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/02 03:21:16.0779 4260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/02 03:21:16.0873 4260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/02 03:21:17.0153 4260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 03:21:17.0231 4260 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/02 03:21:17.0419 4260 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:17.0528 4260 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/02 03:21:17.0637 4260 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/02 03:21:17.0699 4260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/02 03:21:17.0793 4260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/02 03:21:17.0902 4260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 03:21:17.0980 4260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/02 03:21:18.0074 4260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/02 03:21:18.0370 4260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/02 03:21:18.0729 4260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/02 03:21:18.0823 4260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/02 03:21:18.0885 4260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/02 03:21:18.0963 4260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/02 03:21:19.0072 4260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 03:21:19.0213 4260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 03:21:19.0447 4260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/02 03:21:19.0509 4260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/02 03:21:19.0634 4260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/02 03:21:19.0712 4260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/02 03:21:19.0821 4260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/02 03:21:19.0915 4260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/02 03:21:20.0008 4260 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 03:21:20.0180 4260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/02 03:21:20.0305 4260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 03:21:20.0461 4260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 03:21:20.0570 4260 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/02 03:21:20.0679 4260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/02 03:21:20.0851 4260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/02 03:21:20.0960 4260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/02 03:21:21.0069 4260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/02 03:21:21.0178 4260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/02 03:21:21.0272 4260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 03:21:21.0428 4260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 03:21:22.0286 4260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 03:21:22.0395 4260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 03:21:22.0489 4260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 03:21:22.0582 4260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 03:21:22.0660 4260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 03:21:23.0003 4260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/02 03:21:23.0097 4260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 03:21:23.0175 4260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/02 03:21:23.0284 4260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/02 03:21:23.0425 4260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 03:21:23.0503 4260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/02 03:21:23.0596 4260 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/02 03:21:23.0690 4260 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/05/02 03:21:23.0783 4260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 03:21:23.0846 4260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/02 03:21:23.0955 4260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 03:21:24.0064 4260 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/05/02 03:21:24.0142 4260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/02 03:21:24.0236 4260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/02 03:21:24.0329 4260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/02 03:21:24.0454 4260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 03:21:24.0517 4260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 03:21:24.0657 4260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/02 03:21:24.0735 4260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/02 03:21:24.0829 4260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 03:21:24.0907 4260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/02 03:21:24.0985 4260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 03:21:25.0063 4260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/02 03:21:25.0156 4260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/02 03:21:25.0219 4260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 03:21:25.0546 4260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 03:21:25.0718 4260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 03:21:25.0811 4260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 03:21:25.0874 4260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/02 03:21:25.0905 4260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/02 03:21:25.0952 4260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/02 03:21:25.0983 4260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/02 03:21:26.0014 4260 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/02 03:21:26.0045 4260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/02 03:21:26.0077 4260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/02 03:21:26.0108 4260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/02 03:21:26.0139 4260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 03:21:26.0155 4260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 03:21:26.0170 4260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 03:21:26.0233 4260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 03:21:26.0264 4260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/02 03:21:26.0311 4260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 03:21:26.0342 4260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/02 03:21:26.0389 4260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 03:21:26.0404 4260 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 03:21:26.0435 4260 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 03:21:26.0451 4260 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 03:21:26.0498 4260 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/02 03:21:26.0513 4260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/02 03:21:26.0560 4260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 03:21:26.0576 4260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/02 03:21:26.0607 4260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 03:21:26.0623 4260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 03:21:26.0654 4260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 03:21:26.0701 4260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 03:21:26.0716 4260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 03:21:26.0747 4260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 03:21:26.0763 4260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/02 03:21:26.0794 4260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 03:21:26.0841 4260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/02 03:21:26.0857 4260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 03:21:26.0888 4260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 03:21:26.0935 4260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 03:21:26.0950 4260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 03:21:26.0981 4260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 03:21:27.0013 4260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 03:21:27.0059 4260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/02 03:21:27.0075 4260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 03:21:27.0122 4260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 03:21:27.0184 4260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 03:21:27.0231 4260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/02 03:21:27.0247 4260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/02 03:21:27.0278 4260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 03:21:27.0325 4260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 03:21:27.0340 4260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/02 03:21:27.0403 4260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 03:21:27.0434 4260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/02 03:21:27.0465 4260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 03:21:27.0496 4260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/02 03:21:27.0527 4260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/02 03:21:27.0559 4260 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/02 03:21:27.0574 4260 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/02 03:21:27.0621 4260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/02 03:21:27.0715 4260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 03:21:27.0730 4260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/02 03:21:27.0777 4260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 03:21:27.0808 4260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/02 03:21:27.0855 4260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/02 03:21:27.0886 4260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/02 03:21:27.0933 4260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 03:21:28.0027 4260 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/02 03:21:28.0058 4260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 03:21:28.0073 4260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 03:21:28.0120 4260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 03:21:28.0136 4260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 03:21:28.0167 4260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 03:21:28.0214 4260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 03:21:28.0245 4260 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 03:21:28.0261 4260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 03:21:28.0292 4260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 03:21:28.0323 4260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 03:21:28.0354 4260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/02 03:21:28.0401 4260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 03:21:28.0448 4260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/02 03:21:28.0463 4260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/02 03:21:28.0495 4260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/02 03:21:28.0526 4260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/02 03:21:28.0541 4260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/02 03:21:28.0557 4260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/02 03:21:28.0588 4260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/02 03:21:28.0635 4260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/02 03:21:28.0666 4260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/02 03:21:28.0697 4260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/02 03:21:28.0760 4260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 03:21:28.0791 4260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/02 03:21:28.0853 4260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 03:21:28.0885 4260 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 03:21:28.0931 4260 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 03:21:28.0994 4260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/02 03:21:29.0056 4260 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/05/02 03:21:29.0134 4260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 03:21:29.0197 4260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/02 03:21:29.0321 4260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/02 03:21:29.0368 4260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/02 03:21:29.0446 4260 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 03:21:29.0493 4260 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 03:21:29.0509 4260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 03:21:29.0540 4260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 03:21:29.0571 4260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 03:21:29.0633 4260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 03:21:29.0680 4260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 03:21:29.0774 4260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 03:21:29.0852 4260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/02 03:21:29.0930 4260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 03:21:29.0977 4260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/02 03:21:30.0023 4260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 03:21:30.0055 4260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/02 03:21:30.0086 4260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/02 03:21:30.0117 4260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/02 03:21:30.0133 4260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/02 03:21:30.0164 4260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 03:21:30.0195 4260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 03:21:30.0211 4260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/02 03:21:30.0257 4260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 03:21:30.0289 4260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 03:21:30.0320 4260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/02 03:21:30.0351 4260 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/02 03:21:30.0382 4260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/02 03:21:30.0382 4260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 03:21:30.0429 4260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 03:21:30.0445 4260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/02 03:21:30.0476 4260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/02 03:21:30.0507 4260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/02 03:21:30.0569 4260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/02 03:21:30.0585 4260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/02 03:21:30.0632 4260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 03:21:30.0694 4260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/02 03:21:30.0741 4260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/02 03:21:30.0772 4260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/02 03:21:30.0803 4260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0819 4260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 03:21:30.0850 4260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/02 03:21:30.0881 4260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 03:21:30.0959 4260 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/02 03:21:31.0037 4260 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/02 03:21:31.0069 4260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/02 03:21:31.0115 4260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 03:21:31.0147 4260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 03:21:31.0162 4260 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/02 03:21:31.0225 4260 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0225 4260 Scan finished
2011/05/02 03:21:31.0225 4260 ================================================================================
2011/05/02 03:21:31.0240 4820 Detected object count: 1
2011/05/02 03:21:35.0967 4820 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/02 03:21:35.0967 4820 \HardDisk0 - ok
2011/05/02 03:21:35.0967 4820 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 8:36 am

I have tried rebooting my computer after running the TDDSkiller and now every time it comes up to a blue screen and wont boot. I think I really screwed up. After running the scan I clicked cure I think and thats where I messed up. Anything I can do now or will I just have to suck it up and take it to the shop.. I am racking my brains here. Please tell me I didn't really mess this thing up.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 9:26 am

You didn´t mess things up - we´re dealing with a very new and tough infection and not being able to access your HD with a Vista setup disk means we have limited possibilities of killing this infection. If anyone failed here, it is me telling you to run new utilities.

Anyway: if you cannot boot up from this computer - do you have access to another computer? If so, we´re going to burn a boot CD that is hopefully going to allow us to enter your computer and see if we can fix it.

  • Download OTLPEStd.exe by OldTimer from [You must be registered and logged in to see this link.] (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out [You must be registered and logged in to see this link.]
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply


Leave your computer in REATOGO-X-PE. Don´t switch it off.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 9:28 am

I have access to my wifes computer



She has windows XP though so don't know if it will help.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 9:32 am

Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 9:35 am

[You must be registered and logged in to see this link.] wrote:I have access to my wifes computer

She has windows XP though so don't know if it will help.
That is perfect. Any computer able to burn a CD will do.

[You must be registered and logged in to see this link.] wrote:Should I use a usb device?
I only HAVE CD-R 700mb disks. I don't know which to use
I think it is possible to create an USB rescue stick to run OTLPE, but a boot CD is much easier.

An blank CD-R 700 disk is fine.
See if you can burn that CD and restart the problem computer from that disk.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:16 am

It keeps telling me that no windows installation is found in that OTLPE. I even tried to get it to browse inside the disc and says that target didn't produce anything windows 2000 or newer.


I can't get to the screen that shows on the website you listed to boot with cd. I don't understand I pressed F12 and I can't find where it talks bout the key or anything when I boot it gives me 4 options I am so lost. Going to keep trying to find the BIOS screen at boot up

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 10:23 am

You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?

What kind of brand/model is the problem computer?


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:30 am

[You must be registered and logged in to see this link.] wrote:You downloaded the OTLPEstd.exe and ran it to burn the CD, right?
Can you try to restart your wife´s computer with the boot disk, just to check if the boot disk was created correctly?
Yes I did. I will try to restart my wifes computer with the disk in and make sure it was created correctly.



[You must be registered and logged in to see this link.] wrote:
What kind of brand/model is the problem computer?


My computer is a Dell XPS 420 with Windows Vista. The disks says Windows XP professional.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:37 am

I have restarted wifes computer with the disk inside. However it does nothing but straight to my regular stuff.

Have I really messed things up that bad.. LOL

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by Gabethebabe on 2nd May 2011, 10:42 am

Wait a minute - have you tried to start up your Dell XPS 420 from a Windows XP setup disk?

Because then I understand that it fails - Windows XP setup disks generally cannot find SATA disk drives.

If your wife´s computer boots Windows normally, it is because it is not told to startup from CD.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M?

Post by charles_bullard on 2nd May 2011, 10:51 am

No I have been using the right disk. My wife's computer didn't come with a disk. Dell has that problem from what I heard bout XP. I also used the disk you had me make, on my wifes computer and told it to start up with the disc it worked. The only problem is that I can't get the file to work on my COMPUTER. The Vista one. The disk was made right just can't get the file to work with the computer thats all. I don't know what is going on.

charles_bullard
Novice
Novice

Posts Posts : 46
Joined Joined : 2011-04-28
Gender Gender : Male
OS OS : VISTA 32 BIT HOME
Protection Protection : Avira AntiVir Personal-Free
Points Points : 21208
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum