Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

View previous topic View next topic Go down

Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Sat 18 Jun - 15:27

I was attempting to help my room mate remove this virus along with a bunch of other viruses. I worked on it most of last night only to have this particular virus get progressively worse. I found a previous post in your forum that seems to have the solution. First time on your site and as you recommended, I refrained from attempting the fix until you have a chance to review computer status. I am pretty sure there are other viruses as well. Initially I installed and ran malware bytes, avast, and glary utilities for initial clean up of viruses and other junk he had on his computer... so I could at least navigate explorer and get on line. Malware bytes and Avast removed quite a few viruses, however Avast is detecting a threat about every 30 seconds or so now and I also noticed that his firewall isn't on. Following is the status information you requested. Thank you for your help.

OTL logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/02/10 20:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/14 12:39:48 | 000,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
PRC - [2004/07/27 18:11:14 | 005,434,880 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPHClean)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2003/11/13 11:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/10 21:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2007/01/25 09:07:06 | 000,530,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2004/03/10 19:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2004/01/26 18:42:44 | 000,728,083 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2003/10/14 14:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 14:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 14:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 20:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/05/14 14:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/01/23 14:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/22 15:47:34 | 000,003,104 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\OzCrd2k.sys -- (OzCrd2k)
DRV - [2002/04/05 13:00:54 | 000,073,827 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2001/11/29 15:13:10 | 000,094,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Intel 82801 Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/06/13 04:45:04 | 000,000,919 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 67.205.118.181 [You must be registered and logged in to see this link.]
O1 - Hosts: 67.205.118.182 search.yahoo.com
O1 - Hosts: 67.205.118.182 [You must be registered and logged in to see this link.]
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/04 13:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDE470A3-C647-44DF-8A0D-8876ED3D61B2} - rundll32.exe "C:\Documents and Settings\Owner\Application Data\Sun\gfdt4.dll", UnregisterDll
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\ucdvfw.dll (Xirlink, Inc)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xl_yv12.dll (Xirlink, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (75730379486527488)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 18:19:47 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:01:39 | 004,130,419 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:58:38 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/16 19:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/06/16 19:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/16 19:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/16 19:11:07 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/16 19:11:06 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/16 19:10:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/16 19:10:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/16 19:10:54 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/16 19:10:49 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/16 19:10:49 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/16 19:10:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/16 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/16 19:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/16 19:09:45 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/16 19:09:43 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/16 18:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/09 16:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/09 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/09 12:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{576B2E82-6953-430F-9534-6477694D6808}
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:06:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:49:29 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/17 17:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 17:49:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/17 17:48:12 | 000,012,657 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/17 17:47:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/17 17:20:47 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Glary Utilities.lnk
[2011/06/17 16:57:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 19:21:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:13:20 | 000,012,160 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/16 19:11:10 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:03:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:15:16 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/16 17:15:15 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/13 04:45:04 | 000,000,919 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 06:47:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 13:26:38 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 13:10:46 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 08:57:36 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sign in to Yahoo!.url
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 03:45:23 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 18:06:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 18:01:39 | 001,369,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/16 19:21:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:21:49 | 000,039,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 19:21:31 | 000,022,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/16 19:11:10 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:01:45 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:22:36 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,005,656 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/09 16:07:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 12:49:42 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 12:40:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 05:48:33 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/09 05:48:33 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/27 10:26:16 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2010/09/04 23:51:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/04 20:52:28 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2010/09/04 20:52:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2010/09/04 20:52:27 | 000,530,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2010/09/04 20:52:27 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2010/09/04 17:34:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\VMonitor.exe
[2010/09/04 14:59:33 | 000,012,657 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/04 14:57:49 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2010/09/04 14:57:49 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2010/09/04 13:48:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/09/04 13:46:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 13:46:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 13:46:53 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/09/04 13:46:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/09/04 13:46:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/04 13:30:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 13:25:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/04 13:22:59 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/04 13:22:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/09/04 13:22:47 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/09/04 08:13:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/04 08:08:20 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 13:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 04:00:00 | 000,442,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 04:00:00 | 000,071,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/10 04:47:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DMFileMan.dll
[2003/01/22 15:47:34 | 000,003,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\OzCrd2k.sys
[2002/07/25 16:21:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\O2USB.exe
[2002/03/19 15:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/02/28 05:38:17 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\desktop\aswMBR.exe
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\desktop\Combo-Fix.exe
[2010/09/17 17:32:18 | 017,327,195 | ---- | M] (Mooii) -- C:\Documents and Settings\Owner\desktop\PhotoScapeSetup_V3.5.exe
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\setup_av_free.exe
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\desk0.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\nvrsko9.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\TXLUCZBHVQ.job

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/09/04 14:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2010/09/04 13:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/09/07 00:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/16 19:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2010/09/04 21:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/09/04 20:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\BestOn
[2010/09/07 00:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/09/04 13:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/04 21:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/09/04 23:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/09/04 14:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/06/13 19:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/09/04 14:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Funk Software
[2011/06/17 17:47:06 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2011/01/02 02:12:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/04 14:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/16 17:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/13 20:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/04 19:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/09/04 13:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/09/04 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/06/16 19:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 23:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/09/04 13:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/04 23:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 06:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/04 13:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/04 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/11/04 19:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2010/09/04 13:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime Alternative
[2010/09/04 13:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/06/16 18:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanatic
[2011/03/30 19:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanaticEI
[2010/09/04 13:33:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/24 03:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2010/09/04 13:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/04 13:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/04 13:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/09/04 13:27:07 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate


< MD5 for: AGP440.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 21:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/13 16:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/02/10 20:55:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/02/10 20:57:17 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 23:53:04

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< >

< End of report >

OTL Extras logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = Zoom 2.0 Webcam
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A90A9CE-0B49-4A02-94F5-C864BA33A916}" = Performance USB keyboard hotkey blocker
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}" = User Profile Helper Cleanup Service
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
"{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
"{E255419E-9B70-4BF3-8EA6-7D6067058F3A}" = O2UsbCrd
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast" = avast! Free Antivirus
"CNXT_MODEM" = AC97 SoftV92 Data Fax Modem
"Glary Utilities_is1" = Glary Utilities 2.34.0.1190
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoScape" = PhotoScape
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Unlocker" = Unlocker 1.8.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 7:15:47 AM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/1/2011 8:22:25 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application WPC54CFG.exe, version 2.0.2.21, faulting module
rpcrt4.dll, version 5.1.2600.6022, fault address 0x000856a3.

Error - 1/1/2011 10:49:20 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10d.ocx, version 10.0.42.34, fault address 0x00169f8e.

Error - 1/2/2011 5:55:55 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x50ff018b.

Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 2/21/2011 6:47:40 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/21/2011 11:36:54 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.

Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ System Events ]
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 6/16/2011 11:10:05 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/17/2011 12:17:54 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126

Error - 6/17/2011 1:18:13 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126

Error - 6/17/2011 1:42:51 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126

Error - 6/17/2011 3:17:26 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126

Error - 6/17/2011 7:50:48 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126

Error - 6/17/2011 8:48:19 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126


< End of report >

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 18:03:28
-----------------------------
18:03:28.932 OS Version: Windows 5.1.2600 Service Pack 3
18:03:28.932 Number of processors: 1 586 0x207
18:03:28.932 ComputerName: ANONYMOUS UserName: Owner
18:03:33.819 AVAST engine 6.0.1125 defs: 11061701
18:03:33.819 Initialize success
18:04:08.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:04:08.569 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
18:04:08.729 Device \Driver\atapi -> DriverStartIo 82ee331b
18:04:10.922 Disk 0 MBR read successfully
18:04:11.102 Disk 0 MBR scan
18:04:11.292 Disk 0 MBR:Alureon-G [Rtk]
18:04:11.503 Disk 0 TDL4@MBR code has been found
18:04:11.723 Disk 0 Windows XP default MBR code found via API
18:04:12.023 Disk 0 MBR hidden
18:04:12.274 Disk 0 MBR [TDL4] **ROOTKIT**
18:04:12.544 Disk 0 trace - called modules:
18:04:12.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
18:04:13.115 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
18:04:13.436 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
18:04:13.776 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
18:04:14.177 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
18:04:14.567 AVAST engine scan C:\WINDOWS\system32
18:06:08.972 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:06:09.392 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 19:22:11
-----------------------------
19:22:11.052 OS Version: Windows 5.1.2600 Service Pack 3
19:22:11.052 Number of processors: 1 586 0x207
19:22:11.052 ComputerName: ANONYMOUS UserName: Owner
19:22:15.158 AVAST engine 6.0.1125 defs: 11061701
19:22:15.158 Initialize success
19:22:19.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:22:19.564 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
19:22:19.844 Device \Driver\atapi -> DriverStartIo 82ee331b
19:22:22.027 Disk 0 MBR read successfully
19:22:22.268 Disk 0 MBR scan
19:22:22.608 Disk 0 MBR:Alureon-G [Rtk]
19:22:22.839 Disk 0 TDL4@MBR code has been found
19:22:23.079 Disk 0 Windows XP default MBR code found via API
19:22:23.399 Disk 0 MBR hidden
19:22:23.800 Disk 0 MBR [TDL4] **ROOTKIT**
19:22:24.080 Disk 0 trace - called modules:
19:22:24.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
19:22:24.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
19:22:25.022 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
19:22:25.402 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
19:22:25.803 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
19:22:26.213 AVAST engine scan C:\WINDOWS\system32
19:22:49.457 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:22:49.948 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````


jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Sun 19 Jun - 5:09

We need to fix the infection found with aswMBR now


  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click Fix to remove the infection as illustrated below





  • Once the scan finishes click Save log to save the log to your Desktop



  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Sun 19 Jun - 11:48

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-18 17:43:49
-----------------------------
17:43:49.299 OS Version: Windows 5.1.2600 Service Pack 3
17:43:49.299 Number of processors: 1 586 0x207
17:43:49.299 ComputerName: ANONYMOUS UserName: Owner
17:44:09.007 AVAST engine 6.0.1125 defs: 11061701
17:44:09.027 Initialize success
17:44:15.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:44:16.128 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
17:44:16.358 Disk 0 MBR read successfully
17:44:16.678 Disk 0 MBR scan
17:44:16.989 Disk 0 Windows XP default MBR code
17:44:17.209 Disk 0 scanning sectors +78124095
17:44:17.500 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:56.616 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:44:56.616 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBRafterfix.txt"


jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Sun 19 Jun - 12:00

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Tue 21 Jun - 18:26

Are you still with us?

It helps to know if we are providing the best assistance on solving computer problems.

Please reply with the latest details on how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Wed 22 Jun - 5:55

Yes, Sorry, I have been busy last couple days, get back to you with tds result shortly thanks

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Wed 22 Jun - 6:10

2011/06/21 12:02:23.0651 3976 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 12:02:24.0442 3976 ================================================================================
2011/06/21 12:02:24.0442 3976 SystemInfo:
2011/06/21 12:02:24.0442 3976
2011/06/21 12:02:24.0442 3976 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/21 12:02:24.0442 3976 Product type: Workstation
2011/06/21 12:02:24.0442 3976 ComputerName: ANONYMOUS
2011/06/21 12:02:24.0442 3976 UserName: Owner
2011/06/21 12:02:24.0442 3976 Windows directory: C:\WINDOWS
2011/06/21 12:02:24.0442 3976 System windows directory: C:\WINDOWS
2011/06/21 12:02:24.0442 3976 Processor architecture: Intel x86
2011/06/21 12:02:24.0442 3976 Number of processors: 1
2011/06/21 12:02:24.0442 3976 Page size: 0x1000
2011/06/21 12:02:24.0442 3976 Boot type: Normal boot
2011/06/21 12:02:24.0442 3976 ================================================================================
2011/06/21 12:02:26.0825 3976 Initialize success
2011/06/21 12:02:31.0963 3916 ================================================================================
2011/06/21 12:02:31.0963 3916 Scan started
2011/06/21 12:02:31.0963 3916 Mode: Manual;
2011/06/21 12:02:31.0963 3916 ================================================================================
2011/06/21 12:02:34.0226 3916 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/21 12:02:35.0397 3916 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/06/21 12:02:35.0908 3916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/21 12:02:36.0429 3916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/21 12:02:37.0190 3916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/21 12:02:37.0751 3916 AFD (e840fd588cd9da721500e2cc3c0efca2) C:\WINDOWS\System32\drivers\afd.sys
2011/06/21 12:02:38.0242 3916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/21 12:02:41.0967 3916 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/21 12:02:42.0418 3916 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/21 12:02:42.0808 3916 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/21 12:02:43.0269 3916 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/21 12:02:43.0749 3916 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/21 12:02:44.0110 3916 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/21 12:02:44.0541 3916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/21 12:02:44.0941 3916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/21 12:02:45.0662 3916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/21 12:02:46.0073 3916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/21 12:02:46.0543 3916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/21 12:02:46.0914 3916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/21 12:02:47.0265 3916 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
2011/06/21 12:02:47.0605 3916 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/21 12:02:48.0266 3916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/21 12:02:48.0647 3916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/21 12:02:49.0037 3916 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/21 12:02:49.0798 3916 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/21 12:02:50.0579 3916 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/21 12:02:53.0584 3916 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/21 12:02:54.0455 3916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/21 12:02:55.0346 3916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/21 12:02:55.0797 3916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/21 12:02:56.0267 3916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/21 12:02:57.0489 3916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/21 12:02:58.0140 3916 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
2011/06/21 12:02:58.0751 3916 EL90XBC (8b33194d1290595fee065889374ee5f9) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/21 12:02:59.0572 3916 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
2011/06/21 12:03:00.0373 3916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/21 12:03:01.0024 3916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/21 12:03:01.0725 3916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/21 12:03:02.0356 3916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/21 12:03:02.0897 3916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/21 12:03:03.0508 3916 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/21 12:03:04.0099 3916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/21 12:03:04.0619 3916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/21 12:03:05.0300 3916 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/21 12:03:06.0612 3916 HSFHWICH (68329f53ebfd34abf268c42d98c830f3) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/06/21 12:03:07.0704 3916 HSF_DP (7bbc0d5900a1fc9f69fa0950a149a1c6) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/21 12:03:08.0725 3916 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/21 12:03:10.0398 3916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/21 12:03:11.0199 3916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/21 12:03:12.0371 3916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/21 12:03:12.0992 3916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/21 12:03:13.0652 3916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/21 12:03:14.0233 3916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/21 12:03:15.0075 3916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/21 12:03:15.0705 3916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/21 12:03:16.0266 3916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/21 12:03:16.0957 3916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/21 12:03:17.0638 3916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/21 12:03:18.0379 3916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/21 12:03:19.0241 3916 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/21 12:03:20.0412 3916 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/21 12:03:21.0283 3916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/21 12:03:21.0964 3916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/21 12:03:22.0465 3916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/21 12:03:23.0356 3916 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/21 12:03:24.0668 3916 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/21 12:03:25.0590 3916 MRxSmb (fb7dfd15d760ad339837a470f0e780d3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/21 12:03:26.0501 3916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/21 12:03:27.0102 3916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/21 12:03:27.0983 3916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/21 12:03:28.0674 3916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/21 12:03:29.0345 3916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/21 12:03:29.0986 3916 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/21 12:03:30.0537 3916 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/21 12:03:31.0098 3916 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/21 12:03:31.0748 3916 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/21 12:03:32.0389 3916 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/21 12:03:33.0211 3916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/21 12:03:33.0811 3916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/21 12:03:34.0583 3916 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/21 12:03:35.0504 3916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/21 12:03:36.0325 3916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/21 12:03:37.0156 3916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/21 12:03:38.0148 3916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/21 12:03:39.0189 3916 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/21 12:03:40.0020 3916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/21 12:03:41.0402 3916 nv (d21cdbd7c5fce5d3dfbd2f3859e1eb4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/21 12:03:42.0033 3916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/21 12:03:42.0634 3916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/21 12:03:43.0405 3916 odysseyIM3 (dd03bdd1459d1966ee640f63221c175a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
2011/06/21 12:03:44.0156 3916 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/21 12:03:44.0757 3916 OzCrd2k (eaf2cce2f6bcd338ca24b6225c09e851) C:\WINDOWS\system32\drivers\OzCrd2k.sys
2011/06/21 12:03:45.0438 3916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/21 12:03:46.0299 3916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/21 12:03:47.0331 3916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/21 12:03:47.0942 3916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/21 12:03:49.0664 3916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/21 12:03:54.0451 3916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/21 12:03:55.0002 3916 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/21 12:03:55.0413 3916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/21 12:03:57.0916 3916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/21 12:03:58.0547 3916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/21 12:03:59.0138 3916 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/21 12:03:59.0939 3916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/21 12:04:00.0900 3916 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/21 12:04:04.0125 3916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/21 12:04:05.0137 3916 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/21 12:04:06.0208 3916 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/21 12:04:07.0450 3916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/21 12:04:08.0351 3916 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/06/21 12:04:09.0373 3916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/21 12:04:10.0244 3916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/21 12:04:11.0035 3916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/21 12:04:12.0006 3916 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/21 12:04:13.0979 3916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/21 12:04:15.0211 3916 SQ931 (765cfd6913da7ffc61f7f92e885f4e5a) C:\WINDOWS\system32\Drivers\Capt931a.sys
2011/06/21 12:04:15.0882 3916 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/21 12:04:16.0613 3916 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/21 12:04:17.0765 3916 STAC97 (422627d5573df7c05fa6715cc992a430) C:\WINDOWS\system32\drivers\STAC97.sys
2011/06/21 12:04:19.0016 3916 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/21 12:04:20.0158 3916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/21 12:04:22.0101 3916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/21 12:04:25.0836 3916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/21 12:04:26.0738 3916 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/21 12:04:27.0308 3916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/21 12:04:28.0490 3916 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/21 12:04:29.0592 3916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/21 12:04:30.0944 3916 TNET1130x (146bee1419a7d61660e234be2f09d04e) C:\WINDOWS\system32\DRIVERS\tnet1130x.sys
2011/06/21 12:04:33.0998 3916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/21 12:04:35.0330 3916 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/21 12:04:36.0031 3916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/21 12:04:37.0243 3916 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/21 12:04:37.0974 3916 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/21 12:04:38.0795 3916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/21 12:04:39.0836 3916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/21 12:04:42.0230 3916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/21 12:04:42.0721 3916 usbvideo (ee1c82338f2b831b2a863935c831db21) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/21 12:04:43.0632 3916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/21 12:04:44.0673 3916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/21 12:04:45.0475 3916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/21 12:04:47.0207 3916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/21 12:04:48.0329 3916 winachsf (e010c2588ed1c0ad0e8188ec0f46ced6) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/21 12:04:49.0651 3916 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/21 12:04:51.0263 3916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/21 12:04:52.0815 3916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/21 12:04:54.0838 3916 XIRLINK (14c1e635bddc8279e41034601ad6bf24) C:\WINDOWS\system32\DRIVERS\ucdnt.sys
2011/06/21 12:04:55.0940 3916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/21 12:04:59.0164 3916 MBR (0x1B8) (607d2bb0c85e2cfeae4a071a4e34c800) \Device\Harddisk1\DR2
2011/06/21 12:05:13.0034 3916 ================================================================================
2011/06/21 12:05:13.0034 3916 Scan finished
2011/06/21 12:05:13.0034 3916 ================================================================================
2011/06/21 12:05:13.0124 2472 Detected object count: 0
2011/06/21 12:05:13.0124 2472 Actual detected object count: 0

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Thu 23 Jun - 1:38

Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Thu 23 Jun - 3:50

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6874

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/22/2011 8:22:35 AM
mbam-log-2011-06-22 (08-22-35).txt

Scan type: Quick scan
Objects scanned: 165473
Time elapsed: 22 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\temp\rpno\setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Thu 23 Jun - 5:28

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Thu 23 Jun - 13:19

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b8bd39c55d0d25429a4a82d940ff9652
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-23 01:57:47
# local_time=2011-06-22 06:57:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=31813
# found=0
# cleaned=0
# scan_time=3306

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Sat 25 Jun - 12:11

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Sun 26 Jun - 17:44

seems to be up and running now albeit slow. 'm not sure how fast it was before virus and I just started using win7 on a solid state drive on my desktop so this thing seems like it takes forever to do anything. After my last feedback i ran avast full scan and it found alureon-g, i then ran boot scan and it game back with this;
06/22/2011 20:48
Scan of all local drives

File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004251.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004252.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004253.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004254.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004255.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004256.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004257.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004258.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004259.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004260.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004261.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004262.dll is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004263.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004264.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004265.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004266.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004267.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004268.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004269.dll is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004270.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004271.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004272.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004273.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004274.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004275.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004276.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004278.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004279.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0005236.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0006285.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
Number of searched folders: 3738
Number of tested files: 172933
Number of infected files: 30

I have ran avast and malware bytes and all seems clear. all previous viruses contained in chest. Should I delete them?

any suggestions on why its so slow? Thanks again for all your help

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Mon 27 Jun - 3:01

Odd...it all checked out fine...let's do some "manual diagnostics".

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Mon 27 Jun - 7:25

GMER 1.0.15.15640 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-26 13:22:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_DK23EB-40 rev.00K0A0C0
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1788CB2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF17918BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF1791774]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF1791D7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF1791C90]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF1791348]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1788D62]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF1791850]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF1791284]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF17912EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1788DFA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF1791994]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1791E48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF1791952]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF1791AD6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF179E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF179E726]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF179E860]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 4 Bytes JMP A6F17912
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F179BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 80565333 7 Bytes JMP F179E72A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F179E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F179A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A425D 7 Bytes JMP F179E864 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7B51340, 0xFD01F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x235FC0, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[652] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\snmp.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 009A1014
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 009A0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 009A0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 009A0C0C
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 009A0E10
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 009A01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 009A03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 009A0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AB0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AB0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AB0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AB01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AB03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Mon 27 Jun - 12:15

i dont know whats up but somethings not right.... it doesnt show cpu or processor being used barely at all. task bar missing, avast doesnt even open up... it is odd... but not good... ugh! I had no idea what i was getting in to.... lol Shocking Whoa

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Mon 27 Jun - 14:17

restarted computer and task bar and start button are back. remembered earlier problem of fire wall being off so i tried to open security center and it wont open. Also Avast wont run now. And everything is running at snails pace

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Wed 29 Jun - 12:05

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by jason.carnahan8 on Wed 29 Jun - 14:56

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8B76000 \WINDOWS\system32\KDCOM.DLL
0xF8A86000 \WINDOWS\system32\BOOTVID.dll
0xF88F6000 usbuhci.sys
0xF8631000 \WINDOWS\system32\DRIVERS\USBPORT.SYS
0xF8676000 usbhub.sys
0xF8B78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8B7A000 \WINDOWS\system32\DRIVERS\USBD.SYS
0xF8603000 ACPI.sys
0xF85F2000 pci.sys
0xF8686000 isapnp.sys
0xF8A8A000 compbatt.sys
0xF8A8E000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8B7C000 intelide.sys
0xF8906000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF85D4000 pcmcia.sys
0xF8696000 MountMgr.sys
0xF85B5000 ftdisk.sys
0xF8B7E000 dmload.sys
0xF858F000 dmio.sys
0xF8A92000 ACPIEC.sys
0xF8C3E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF890E000 PartMgr.sys
0xF8C3F000 OzCrd2k.sys
0xF86A6000 VolSnap.sys
0xF8577000 atapi.sys
0xF86B6000 disk.sys
0xF86C6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8557000 fltMgr.sys
0xF8545000 sr.sys
0xF852E000 KSecDD.sys
0xF84A1000 Ntfs.sys
0xF8474000 NDIS.sys
0xF845A000 Mup.sys
0xF86D6000 agp440.sys
0xF7C8D000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF7C79000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C67000 \SystemRoot\system32\DRIVERS\el90xbc5.sys
0xF7C08000 \SystemRoot\system32\DRIVERS\tnet1130x.sys
0xF8866000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF894E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8956000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BF4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF895E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8B6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF8876000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8886000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8896000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BD1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BB9000 \SystemRoot\system32\drivers\STAC97.sys
0xF7B95000 \SystemRoot\system32\drivers\portcls.sys
0xF88A6000 \SystemRoot\system32\drivers\drmk.sys
0xF7B64000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7A65000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8966000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8C96000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF79A8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF88C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF896E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7996000 \SystemRoot\system32\DRIVERS\psched.sys
0xF88E6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8976000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF897E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF86F6000 \SystemRoot\system32\DRIVERS\odysseyIM3.sys
0xF7966000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8706000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8BA4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7908000 \SystemRoot\system32\DRIVERS\update.sys
0xF841A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8986000 \SystemRoot\system32\DRIVERS\omci.sys
0xF87E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8A6E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF657C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D29000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C14000 \SystemRoot\System32\Drivers\Beep.SYS
0xF568F000 \SystemRoot\System32\drivers\vga.sys
0xF8C16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5687000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF567F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6578000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF502B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4FD2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF637A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF4E92000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5677000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF4E70000 \SystemRoot\System32\drivers\afd.sys
0xF8836000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4E45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4DD5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5B4F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4DAF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5B0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF2AD8000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF2A68000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF348E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF2F79000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B26000 \SystemRoot\System32\drivers\Dxapi.sys
0xF3080000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C99000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF343000 \SystemRoot\System32\ATMFD.DLL
0xF323D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF3225000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2FB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xF06EB000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF05A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8B9E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0583000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF04D7000 \SystemRoot\system32\DRIVERS\srv.sys
0xF0242000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6823000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8BB6000 \SystemRoot\system32\drivers\splitter.sys
0xF021F000 \SystemRoot\system32\drivers\aec.sys
0xF8816000 \SystemRoot\system32\drivers\swmidi.sys
0xF355E000 \SystemRoot\system32\drivers\DMusic.sys
0xF01F4000 \SystemRoot\system32\drivers\kmixer.sys
0xF8CB0000 \SystemRoot\system32\drivers\drmkaud.sys
0xF0043000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFF7F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEFF1F000 \??\C:\WINDOWS\system32\CBTNDIS5.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
880 C:\WINDOWS\system32\smss.exe
972 csrss.exe
1016 C:\WINDOWS\system32\winlogon.exe
1060 C:\WINDOWS\system32\services.exe
1072 C:\WINDOWS\system32\lsass.exe
1228 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1704 svchost.exe
1916 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
636 C:\WINDOWS\system32\spoolsv.exe
712 svchost.exe
952 C:\WINDOWS\system32\nvsvc32.exe
992 C:\WINDOWS\system32\snmp.exe
1256 C:\WINDOWS\system32\svchost.exe
1812 alg.exe
500 C:\WINDOWS\explorer.exe
2252 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2388 C:\WINDOWS\system32\ctfmon.exe
2464 C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe
2504 C:\PROGRA~1\Linksys\WIRELE~1\WPC54CFG.exe
2128 C:\WINDOWS\system32\wuauclt.exe
268 C:\Documents and Settings\Owner\desktop\MBRCheck.exe
2660 C:\Program Files\AVAST Software\Avast\Setup\avast.setup

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23EB-40, Rev: 00K0A0C0

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

jason.carnahan8
Novice
Novice

Posts Posts : 11
Joined Joined : 2011-06-18
OS OS : vista
Points Points : 20123
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

Post by Dr Jay on Thu 30 Jun - 5:12

Delete any old copies of this program...

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-07
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum