Jon.h1

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jon.h1

  • Rank
    Member
  1. Wow - installed ImgBurn did a discovery and then verify and all worked fine so closed program and on off chance tried to write to DVD and it worked! Have now backed up all his files - not sure what happened there but thanks! It is a bit odd that USB drivers seem to have been updated on the same day and exact time that I first tried to install the service pack - I can't remember doing anything to update them? Actually I've just plugged in his USB mouse and thats started working again! Also I've just tried 2 older 1Gb USB memory sticks and they seem to be working OK - it just seems to be the newer larger (Kingston 8Gb) memory stick that isn't working (which does work on my XP laptop). Anyway, now I've backed up his files he can manage for now. Thanks to you his computer is at least now at a state where he can use it for work - so thanks loads for all your expert help - I have warned him to be very carefull when on the internet until he can update his operating system. I think his computer was probably initially infected because he kept disabling his anti-virus programs - he's a statistical analyst and uses MS Excel to test his mathmatical formula and he found that AVG in particular kept crashing his programs so he just disabled everything! I will have to do a bit of trial and error with various anti-virus programs to see which ones - if any - he can work with. Have you come accross this problem before? Can I just ask - if I borrow a copy of Vista from someone do you know if I can reinstall Vista and then change the OEM product key to the one he already has on this computer? Thanks again - really have appreciated all your help.
  2. Not sure exactly when because I wasn't using USB ports - but he remembers his USB mouse had stopped working after the infection had been cleaned - but not sure if that was before or after trying to install updates?
  3. Thanks for this - much appreciated. Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.893.354 [GMT 0:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\TDSupportApp\cdrom_mon.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Betting Assistant\AUClient.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Spare Messaging\MessagingApp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\leigh\Desktop\Virus programs and logs\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [UpdateP2GShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" update "software\cyberlink\power2go\5.0" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [SpareMessaging] "c:\program files\spare messaging\MessagingApp.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\leigh\appdata\roaming\mozilla\firefox\profiles\bf2zla78.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-3 61960] =============== Created Last 30 ================ 2011-02-07 01:53:26 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7eab6983-9c65-44cf-9969-45003fd917a3}\mpengine.dll 2011-02-02 14:55:24 -------- d-----w- c:\windows\system32\sda 2011-02-02 14:31:06 -------- d-----w- C:\DRIVERS 2011-02-02 14:13:26 189784 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2011-02-02 14:13:25 9112096 ----a-w- c:\windows\system32\RtsUStoricon.dll 2011-02-02 14:13:25 313888 ----a-w- c:\windows\system32\RtsUStor.dll 2011-02-02 14:06:37 -------- d-----w- c:\progra~2\Uniblue 2011-02-01 16:27:29 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-01-24 05:41:00 -------- d-----w- c:\users\leigh\appdata\local\Microsoft Games 2011-01-22 22:28:53 -------- d-----w- C:\23c0772385b4e0b18a29d528 2011-01-21 17:14:59 -------- d-----w- C:\c2736068c4bc9db26c6852 2011-01-21 15:10:20 -------- d-----w- c:\users\leigh\appdata\local\Secunia PSI 2011-01-21 15:10:09 -------- d-----w- c:\program files\Secunia 2011-01-21 09:42:28 -------- d-----w- C:\d75e11d75c52d06aac066a98849548b5 2011-01-20 18:33:24 -------- d-----w- c:\windows\CheckSur 2011-01-20 10:21:06 47560 ----a-w- c:\windows\system32\SPReview.exe 2011-01-20 10:21:06 152576 ----a-w- c:\windows\system32\SPWizUI.dll 2011-01-20 09:28:55 -------- d-----w- C:\76abc49a284af2d29077608848a239 2011-01-14 21:22:26 181304 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2011-01-14 21:22:11 226304 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-01-14 21:21:51 44032 ----a-w- c:\windows\system32\cbsra.exe 2011-01-14 21:21:32 194560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-01-14 21:21:07 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys 2011-01-14 21:20:57 39424 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-01-14 21:19:58 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-01-14 21:19:36 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys 2011-01-14 21:19:33 15872 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-01-14 21:19:31 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-01-14 21:19:26 14848 ----a-w- c:\windows\system32\iscsilog.dll 2011-01-14 21:19:24 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-01-13 19:07:55 -------- d-----w- c:\program files\ESET 2011-01-13 19:02:12 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-13 19:02:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-01-13 12:04:26 -------- d-----w- c:\users\leigh\Tracing 2011-01-13 12:03:31 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2011-01-13 11:37:31 -------- d-----w- c:\program files\Microsoft 2011-01-13 11:37:15 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-01-13 11:35:45 484632 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\DXSETUP.exe 2011-01-13 11:35:44 74520 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\DSETUP.dll 2011-01-13 11:35:44 1670936 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\dsetup32.dll 2011-01-13 11:31:37 -------- d-----w- c:\program files\common files\Windows Live 2011-01-13 10:09:37 -------- d-----w- c:\users\leigh\appdata\local\temp 2011-01-13 09:50:42 -------- d-sh--w- C:\$RECYCLE.BIN 2011-01-13 09:20:00 25088 ----a-w- c:\windows\system\vdsvrlnk.dll 2011-01-13 09:19:58 31232 ----a-w- c:\windows\system\vdremote.dll 2011-01-10 21:00:10 388096 ----a-r- c:\users\leigh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-10 21:00:01 -------- d-----w- c:\program files\Trend Micro 2011-01-10 16:29:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-10 16:29:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-10 16:27:22 -------- d-----w- c:\users\leigh\appdata\local\Sunbelt Software 2011-01-10 16:25:57 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-10 16:24:49 -------- d-----w- c:\program files\Lavasoft 2011-01-10 15:43:53 -------- d-----w- C:\_OTM ==================== Find3M ==================== ============= FINISH: 10:59:48.28 ===============
  4. Hi, yes it doesn't show in my computer or make a noise when I plug in - although light does flash on memory stick - strangely if I leave it in when I boot up it does show the 'safely remove hardware' icon? I looked in device manager and it doesn't indicate any problems with hardware.
  5. Hi Unfortunately Vista came pre-installed with no installation media - as his laptop is out of warranty his only option is to format and buy a new version - judging by the cost I think he would prefer to save up for a new laptop! Have you any suggestion as to how I can get the USB ports working - or the CD/DVD drive? I think if he's going to keep using it I best back up any important files! I know not having the service packs leaves him open to more infections but he needs to use it for work so will just have to hope for the best and keep his virus checkers updated! Thanks.
  6. Hi, more problems I'm afraid - although I'm not sure if this is linked to my previous infection problems at all? The laptop is an e-system 1201 and from what I've been told it has a recovery partition on the hard drive. I can get into the advanced boot options on start-up but when I select 'Repair your computer' the hard drive flashes for a bit and then it just restarts. There is a TechGuys icon which gives the option to create a recovery DVD so I thought maybe I could boot off that and see if I get the option to do a destructive recovery - unfortunately although I can read a DVD/CD I can't write to one - or even format one - either a CD or DVD RW. When I try the process starts and then just hangs. Also having problems trying to access a USB memory stick - and a USB mouse hasn't worked for some time. Just wondering if you had any ideas? Thanks.
  7. Hi, thanks for all your help - tried the links from Cecilia with no success - looks like I need to do a 'destructive recovery' - have copied the answer from the windows update forum below - seems a little extreme but I guess if that is the only sure way! "Support for Vista Gold (no Service Packs) ended on Tuesday, 13 April 2010. Your partner's computer is now nine months behind on critical security updates and should NOT be connected to the internet or any local networks (i.e., other computers) in its current state! Back-up any personal data (none of which should be considered 100% trustworthy at this point) then format the HDD & do a clean install of Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT fix this! NOTE: If your computer didn't come with a set of disks, there will be a hidden Recovery partition (not to be confused with System Restore) you would use to do the clean install (AKA a "destructive recovery"). After the clean install, you will have the equivalent of a "new computer" so take care of EVERYTHING on the following page BEFORE otherwise connecting the machine to the internet or a local network (i.e., other computers) AND BEFORE connecting a flash drive, SDCard, or any other external drive to the computer: 4 steps to help protect your new computer before you go online [url="http://www.microsoft.com/security/pypc.aspx"]http://www.microsoft.com/security/pypc.aspx[/url] Tip: After getting the computer fully-patched, download/install KB971029 manually before connecting any external drive to the computer: [url="http://support.microsoft.com/kb/971029"]http://support.microsoft.com/kb/971029[/url] VERY IMPORTANT!! => Any Norton or McAfee free-trial that came preinstalled on the computer when you bought it will be reinstalled (but invalid) when Windows is reinstalled. You MUST uninstall the free-trial AND download/run the appropriate removal tool BEFORE installing any updates, Windows Service Packs or IE upgrades AND BEFORE installing your new anti-virus application (e.g., Microsoft Security Essentials - free). Norton Removal Tool [url="ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe"]ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe[/url] McAfee Consumer Products Removal Tool [url="http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe"]http://download.mcafee.com/products/licens...atches/MCPR.exe[/url] If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
  8. Hi - completed all the troubleshooting steps in the article with no success. I also tried msconfig to turn off all programs and all non-windows services and used task manager to stop any processes that weren't obviously important before running. Since running the stand alone package for the service pack on final restart (after it reverts changes) I now get the error code: 0x800F0826 ('Indicates a previous update has failed to install and thus preventing further installations of updates'). Looking for information on this error it looks like a lot of people have this when trying to install SP1. There was a post on microsoft suggesting changing the startup type from manual to automatic for 'windows event collector' and 'windows module installer' services - which I also tried. Looking at the updates history it looks like Vista updates have been failing for months (although other updates such as for MS office were mainly installed successfully). Earlier in the history some of the first windows vista updates failed with the error code 80246005 - although I'm not sure if that has anything to do with it? (Unfortunately, as his computer still worked as normal, he didn't think these failed updates were important!) It only lists SP1 as the next update to install in 'automatic updates' so should I try and reinstall some of those earlier failed updates manually - although I'm not quite sure where to start? Thanks for all your help - I know this is getting a bit beyond the scope of this forum now.
  9. Hi - I just let it run automatic updates as I assumed it would load them in the correct order. I've copied below all the last updates from the 'view update history' window. Not sure why it lists a number of 'service pack 1' updates as successful! (I've looked in 'computer' 'properties' to make sure it isn't listed. In 'new updates are available' it still lists the next update to be installed as service pack 1. Security Update for Microsoft Office Publisher 2003 (KB2284695) Installation date: ‎12/‎01/‎2011 18:51 Installation status: Successful Security Update for Microsoft Office 2007 System (KB2288931) Installation date: ‎12/‎01/‎2011 18:52 Installation status: Successful Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2466074) Installation date: ‎12/‎01/‎2011 18:52 Installation status: Successful Security Update for Microsoft Office 2003 (KB2289163) Installation date: ‎12/‎01/‎2011 18:52 Installation status: Successful Security Update for Microsoft Works 9 (KB2431831) Installation date: ‎12/‎01/‎2011 18:54 Installation status: Successful Definition Update for Windows Defender - KB915597 (Definition 1.95.3662.0) Installation date: ‎12/‎01/‎2011 18:54 Installation status: Successful Update for Microsoft Office Outlook 2003 (KB2449798) Installation date: ‎12/‎01/‎2011 18:55 Installation status: Successful Windows Malicious Software Removal Tool - January 2011 (KB890830) Installation date: ‎12/‎01/‎2011 18:57 Installation status: Successful Update for Microsoft Silverlight (KB2477244) Installation date: ‎13/‎01/‎2011 11:31 Installation status: Successful Windows Live Essentials Installation date: ‎13/‎01/‎2011 12:04 Installation status: Successful Update for Windows Vista (KB955430) Installation date: ‎13/‎01/‎2011 12:48 Installation status: Successful Definition Update for Windows Defender - KB915597 (Definition 1.95.3914.0) Installation date: ‎14/‎01/‎2011 20:58 Installation status: Successful Windows Vista Service Pack 1 (KB936330) Installation date: ‎14/‎01/‎2011 22:06 Installation status: Failed Error details: Code 81000101 Windows Vista Service Pack 1 (KB936330) Installation date: ‎14/‎01/‎2011 22:32 Installation status: Failed Error details: Code 80010108 Windows Vista Service Pack 1 (KB936330) Installation date: ‎15/‎01/‎2011 00:34 Installation status: Successful Windows Vista Service Pack 1 (KB936330) Installation date: ‎15/‎01/‎2011 16:34 Installation status: Successful Definition Update for Windows Defender - KB915597 (Definition 1.95.4180.0) Installation date: ‎18/‎01/‎2011 12:07 Installation status: Successful
  10. Microsoft update installed a couple of security patches OK and then all weekend trying to install servicepack 1 - downloads OK but won't install - after a couple of hours it says 'can't install service pack reverting changes' and then takes a few more hours to undo all the changes. Tried a couple of times with no success. Any ideas?
  11. Hi - yes you are right no service packs - I will make sure he leaves automatic updates on in future! Am installing them now - judging by the speed of installing anything on this computer I may be some time (1% per 10min at current rate!!)
  12. Hi - sorry that took a while - computer has been running very slow - took all day to update Java and Adobe! Also let it do Windows update when it started it - previously everytime it ran it failed. O forgot to say needed to power off when rebooting as it hangs when clossing down - did happen occasionally but now have to do it every time. ESET results: C:\Applications\Tools\AOL\stdnet_updater.exe probably a variant of Win32/StartPage.LWOOMNQ trojan C:\Applications\Tools\AOL\comps\acs\acssetup.exe probably a variant of Win32/StartPage.LWOOMNQ trojan C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application ComboFix 11-01-12.03 - leigh 13/01/2011 9:20.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.893.183 [GMT 0:00] Running from: c:\users\leigh\Desktop\ComboFix.exe Command switches used :: c:\users\leigh\Desktop\CFScript.txt FILE :: "c:\users\leigh\AppData\Local\Isapogagimogoyin.bin" "c:\users\leigh\AppData\Local\Temp\TTQ.exe" "c:\users\leigh\AppData\Local\Temp\UD.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\cIjPo06511 c:\programdata\cIjPo06511\cIjPo06511 c:\users\leigh\AppData\Local\Isapogagimogoyin.bin . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TTQ -------\Service_UD ((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 ))))))))))))))))))))))))))))))) . 2011-01-13 09:36 . 2011-01-13 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-13 09:36 . 2011-01-13 09:51 -------- d-----w- c:\users\leigh\AppData\Local\temp 2011-01-13 09:36 . 2011-01-13 09:36 -------- d-----w- c:\users\alan\AppData\Local\temp 2011-01-13 09:20 . 2011-01-13 09:20 25088 ----a-w- c:\windows\system\vdsvrlnk.dll 2011-01-13 09:19 . 2011-01-13 09:19 31232 ----a-w- c:\windows\system\vdremote.dll 2011-01-12 18:54 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C53A56B-B09D-44B0-9308-E5E8D8E4A8BF}\mpengine.dll 2011-01-10 21:00 . 2011-01-10 21:00 388096 ----a-r- c:\users\leigh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-10 21:00 . 2011-01-10 21:00 -------- d-----w- c:\program files\Trend Micro 2011-01-10 16:29 . 2011-01-10 16:29 -------- dc----w- c:\windows\system32\DRVSTORE 2011-01-10 16:29 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-10 16:29 . 2011-01-10 16:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-10 16:27 . 2011-01-10 16:27 -------- d-----w- c:\users\leigh\AppData\Local\Sunbelt Software 2011-01-10 16:25 . 2011-01-10 16:26 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-10 16:24 . 2011-01-10 16:29 -------- d-----w- c:\programdata\Lavasoft 2011-01-10 16:24 . 2011-01-10 16:24 -------- d-----w- c:\program files\Lavasoft 2011-01-10 16:11 . 2011-01-10 16:12 -------- d-----w- c:\program files\ERUNT 2011-01-10 15:43 . 2011-01-10 15:43 -------- d-----w- C:\_OTM 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\users\leigh\AppData\Roaming\Malwarebytes 2011-01-07 16:00 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\programdata\Malwarebytes 2011-01-07 16:00 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-03 20:18 . 2011-01-03 22:37 -------- d-----w- c:\programdata\Alwil Software 2011-01-03 20:18 . 2011-01-03 20:18 -------- d-----w- c:\program files\Alwil Software 2011-01-03 18:49 . 2011-01-03 18:49 -------- d-----w- c:\program files\Sophos 2011-01-03 16:22 . 2011-01-03 16:22 -------- d-----w- c:\users\leigh\AppData\Roaming\Avira 2011-01-03 15:30 . 2011-01-03 15:30 -------- d-----w- c:\users\alan\AppData\Roaming\Avira 2011-01-03 15:20 . 2010-12-13 08:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-01-03 15:20 . 2010-12-13 08:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- c:\programdata\Avira 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- c:\program files\Avira 2011-01-03 15:05 . 2011-01-03 15:05 -------- d-----w- c:\windows\BDOSCAN8 2011-01-03 14:53 . 2011-01-03 14:55 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-03 14:19 . 2011-01-03 14:20 11278816 ----a-w- c:\users\leigh\AppData\Roaming\Microsoft\Windows\Templates\IS360Setup.exe 2011-01-03 14:18 . 2011-01-03 14:18 -------- d-----w- c:\users\leigh\AppData\Roaming\IObit 2011-01-03 14:18 . 2011-01-03 14:18 -------- d-----w- c:\program files\IObit 2011-01-03 14:10 . 2011-01-03 14:10 -------- d-----w- c:\windows\Sun 2011-01-03 14:07 . 2011-01-03 14:07 -------- d-----w- c:\users\alan\AppData\Roaming\CyberLink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-09 00:38 . 2010-12-09 00:38 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-10-19 10:41 . 2009-10-05 00:40 222080 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896] "googletalk"="c:\users\leigh\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Reminder_MUI"="c:\applications\oem\Reminder\Reminder_MUI.exe" [2008-01-10 1081344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] c:\users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [N/A] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 14:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder_MUI] 2008-01-10 11:46 1081344 ----a-w- c:\applications\OEM\Reminder\Reminder_MUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-08-09 19:26 4702208 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-08-11 17:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 13:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2005-08-13 10:16 348160 ----a-w- c:\windows\vsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-11-20 15:29 356352 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpareMessaging] 2007-11-28 16:43 42824 ----a-w- c:\program files\Spare Messaging\MessagingApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-11-01 00:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut] 2007-07-26 22:07 202024 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 136176] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\DFDD.tmp [x] R3 REOMDB;REOMDB;c:\users\leigh\AppData\Local\Temp\REOMDB.exe [x] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136] R4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\TDSupportApp\cdrom_mon.exe [2007-10-06 81920] R4 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;c:\program files\Betting Assistant\AUClient.exe [2008-01-09 622592] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592] . Contents of the 'Scheduled Tasks' folder 2011-01-13 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-01-03 16:19] 2011-01-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 20:19] 2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 20:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\leigh\AppData\Roaming\Mozilla\Firefox\Profiles\bf2zla78.default\ FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Gruss Software Ltd: Betting Assistant update permissions manager. 30256.] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\DFDD.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Kontiki\KService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2011-01-13 10:09:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-13 10:08 ComboFix2.txt 2011-01-12 17:28 C:\DeQuarantine.txt Pre-Run: 58,226,774,016 bytes free Post-Run: 57,967,218,688 bytes free - - End Of File - - F39C35F2E1D80F9CDB4060780522D338 Also produced this file: c:\qoobox\quarantine\c\windows\system\vdremote.dll.vir -> c:\windows\system\vdremote.dll ( 31232 bytes ) c:\qoobox\quarantine\c\windows\system\vdsvrlnk.dll.vir -> c:\windows\system\vdsvrlnk.dll ( 25088 bytes ) DDS (Ver_10-12-12.02) - NTFSx86 Run by leigh at 20:30:24.97 on 13/01/2011 Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.893.210 [GMT 0:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Kontiki\KService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Users\leigh\Desktop\dds.com C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [googletalk] c:\users\leigh\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [Reminder_MUI] c:\applications\oem\reminder\Reminder_MUI.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\leigh\appdata\roaming\mozilla\firefox\profiles\bf2zla78.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-10 64288] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-3 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-3 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-3 61960] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400] R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-2-27 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-2-27 46592] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264] S3 REOMDB;REOMDB;c:\users\leigh\appdata\local\temp\reomdb.exe --> c:\users\leigh\appdata\local\temp\REOMDB.exe [?] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-27 283136] S4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\tdsupportapp\cdrom_mon.exe [2008-6-18 81920] S4 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;c:\program files\betting assistant\auclient.exe -permissionmanagerrun --> c:\program files\betting assistant\AUClient.exe -PermissionManagerRun [?] =============== Created Last 30 ================ 2011-01-13 19:07:55 -------- d-----w- c:\program files\ESET 2011-01-13 19:02:12 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-13 19:02:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-01-13 12:04:26 -------- d-----w- c:\users\leigh\Tracing 2011-01-13 12:03:31 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2011-01-13 11:37:31 -------- d-----w- c:\program files\Microsoft 2011-01-13 11:37:15 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-01-13 11:35:45 484632 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\DXSETUP.exe 2011-01-13 11:35:44 74520 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\DSETUP.dll 2011-01-13 11:35:44 1670936 ----a-w- c:\program files\common files\windows live\.cache\3f7d0a71cbb316\dsetup32.dll 2011-01-13 11:31:37 -------- d-----w- c:\program files\common files\Windows Live 2011-01-13 10:09:37 -------- d-----w- c:\users\leigh\appdata\local\temp 2011-01-13 09:50:42 -------- d-sh--w- C:\$RECYCLE.BIN 2011-01-13 09:20:00 25088 ----a-w- c:\windows\system\vdsvrlnk.dll 2011-01-13 09:19:58 31232 ----a-w- c:\windows\system\vdremote.dll 2011-01-12 18:54:09 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4c53a56b-b09d-44b0-9308-e5e8d8e4a8bf}\mpengine.dll 2011-01-11 20:42:45 89088 ----a-w- c:\windows\MBR.exe 2011-01-11 20:42:44 98816 ----a-w- c:\windows\sed.exe 2011-01-11 20:42:44 256512 ----a-w- c:\windows\PEV.exe 2011-01-11 20:42:44 161792 ----a-w- c:\windows\SWREG.exe 2011-01-10 21:00:10 388096 ----a-r- c:\users\leigh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-10 21:00:01 -------- d-----w- c:\program files\Trend Micro 2011-01-10 16:29:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-10 16:29:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-10 16:27:22 -------- d-----w- c:\users\leigh\appdata\local\Sunbelt Software 2011-01-10 16:25:57 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-10 16:24:49 -------- d-----w- c:\program files\Lavasoft 2011-01-10 15:43:53 -------- d-----w- C:\_OTM 2011-01-07 16:00:37 -------- d-----w- c:\users\leigh\appdata\roaming\Malwarebytes 2011-01-07 16:00:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-07 16:00:15 -------- d-----w- c:\progra~2\Malwarebytes 2011-01-07 16:00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-07 16:00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-03 20:18:35 -------- d-----w- c:\progra~2\Alwil Software 2011-01-03 18:49:30 -------- d-----w- c:\program files\Sophos 2011-01-03 16:22:42 -------- d-----w- c:\users\leigh\appdata\roaming\Avira 2011-01-03 15:20:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-03 15:20:23 -------- d-----w- c:\program files\Avira 2011-01-03 15:20:23 -------- d-----w- c:\progra~2\Avira 2011-01-03 14:19:27 11278816 ----a-w- c:\users\leigh\appdata\roaming\microsoft\windows\templates\IS360Setup.exe 2011-01-03 14:18:43 -------- d-----w- c:\users\leigh\appdata\roaming\IObit 2011-01-03 14:18:42 -------- d-----w- c:\program files\IObit ==================== Find3M ==================== 2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe ============= FINISH: 20:32:19.47 ===============
  13. Great - took a couple of attempts as kept crashing computer but here is ComboFix Log along with new DDS logs: ComboFix 11-01-11.03 - leigh 12/01/2011 16:50:20.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.893.346 [GMT 0:00] Running from: c:\users\leigh\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\leigh\AppData\Local\{A98CB7FE-C5D6-416F-90BF-85B762E35516} c:\users\leigh\AppData\Local\{A98CB7FE-C5D6-416F-90BF-85B762E35516}\chrome\content\overlay.xul c:\users\leigh\AppData\Local\{A98CB7FE-C5D6-416F-90BF-85B762E35516}\install.rdf c:\windows\system\vdremote.dll c:\windows\system\vdsvrlnk.dll . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 ))))))))))))))))))))))))))))))) . 2011-01-12 17:01 . 2011-01-12 17:17 -------- d-----w- c:\users\leigh\AppData\Local\temp 2011-01-12 17:01 . 2011-01-12 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-12 17:01 . 2011-01-12 17:01 -------- d-----w- c:\users\alan\AppData\Local\temp 2011-01-10 21:00 . 2011-01-10 21:00 388096 ----a-r- c:\users\leigh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-10 21:00 . 2011-01-10 21:00 -------- d-----w- c:\program files\Trend Micro 2011-01-10 16:29 . 2011-01-10 16:29 -------- dc----w- c:\windows\system32\DRVSTORE 2011-01-10 16:29 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-10 16:29 . 2011-01-10 16:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-10 16:27 . 2011-01-10 16:27 -------- d-----w- c:\users\leigh\AppData\Local\Sunbelt Software 2011-01-10 16:25 . 2011-01-10 16:26 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-10 16:24 . 2011-01-10 16:29 -------- d-----w- c:\programdata\Lavasoft 2011-01-10 16:24 . 2011-01-10 16:24 -------- d-----w- c:\program files\Lavasoft 2011-01-10 16:11 . 2011-01-10 16:12 -------- d-----w- c:\program files\ERUNT 2011-01-10 15:43 . 2011-01-10 15:43 -------- d-----w- C:\_OTM 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\users\leigh\AppData\Roaming\Malwarebytes 2011-01-07 16:00 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\programdata\Malwarebytes 2011-01-07 16:00 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-07 16:00 . 2011-01-07 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-03 20:18 . 2011-01-03 22:37 -------- d-----w- c:\programdata\Alwil Software 2011-01-03 20:18 . 2011-01-03 20:18 -------- d-----w- c:\program files\Alwil Software 2011-01-03 18:49 . 2011-01-03 18:49 -------- d-----w- c:\program files\Sophos 2011-01-03 16:22 . 2011-01-03 16:22 -------- d-----w- c:\users\leigh\AppData\Roaming\Avira 2011-01-03 15:30 . 2011-01-03 15:30 -------- d-----w- c:\users\alan\AppData\Roaming\Avira 2011-01-03 15:20 . 2010-12-13 08:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-01-03 15:20 . 2010-12-13 08:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- c:\programdata\Avira 2011-01-03 15:20 . 2011-01-03 15:20 -------- d-----w- c:\program files\Avira 2011-01-03 15:05 . 2011-01-03 15:05 -------- d-----w- c:\windows\BDOSCAN8 2011-01-03 14:53 . 2011-01-03 14:55 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-03 14:19 . 2011-01-03 14:20 11278816 ----a-w- c:\users\leigh\AppData\Roaming\Microsoft\Windows\Templates\IS360Setup.exe 2011-01-03 14:18 . 2011-01-03 14:18 -------- d-----w- c:\users\leigh\AppData\Roaming\IObit 2011-01-03 14:18 . 2011-01-03 14:18 -------- d-----w- c:\program files\IObit 2011-01-03 14:10 . 2011-01-03 14:10 -------- d-----w- c:\windows\Sun 2011-01-03 14:07 . 2011-01-03 14:07 -------- d-----w- c:\users\alan\AppData\Roaming\CyberLink 2011-01-03 07:22 . 2011-01-03 07:22 0 ----a-w- c:\users\leigh\AppData\Local\Isapogagimogoyin.bin 2011-01-03 07:20 . 2011-01-03 07:20 -------- d-----w- c:\programdata\cIjPo06511 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-09 00:38 . 2010-12-09 00:38 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896] "googletalk"="c:\users\leigh\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Reminder_MUI"="c:\applications\oem\Reminder\Reminder_MUI.exe" [2008-01-10 1081344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] c:\users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [N/A] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^leigh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\users\leigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 14:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder_MUI] 2008-01-10 11:46 1081344 ----a-w- c:\applications\OEM\Reminder\Reminder_MUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-08-09 19:26 4702208 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-08-11 17:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 13:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2005-08-13 10:16 348160 ----a-w- c:\windows\vsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-11-20 15:29 356352 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpareMessaging] 2007-11-28 16:43 42824 ----a-w- c:\program files\Spare Messaging\MessagingApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-11-01 00:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut] 2007-07-26 22:07 202024 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 136176] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\DFDD.tmp [x] R3 REOMDB;REOMDB;c:\users\leigh\AppData\Local\Temp\REOMDB.exe [x] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136] R3 TTQ;TTQ;c:\users\leigh\AppData\Local\Temp\TTQ.exe [x] R3 UD;UD;c:\users\leigh\AppData\Local\Temp\UD.exe [x] R4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\TDSupportApp\cdrom_mon.exe [2007-10-06 81920] R4 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;c:\program files\Betting Assistant\AUClient.exe [2008-01-09 622592] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592] . Contents of the 'Scheduled Tasks' folder 2011-01-12 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-01-03 16:19] 2011-01-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 20:19] 2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 20:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = http=127.0.0.1:8074 uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\leigh\AppData\Roaming\Mozilla\Firefox\Profiles\bf2zla78.default\ FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SiSTray - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Gruss Software Ltd: Betting Assistant update permissions manager. 30256.] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\DFDD.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Kontiki\KService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Completion time: 2011-01-12 17:28:14 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-12 17:27 Pre-Run: 57,864,732,672 bytes free Post-Run: 58,126,036,992 bytes free - - End Of File - - 0F8B56AAF1684DD1604F294849658515 DDS (Ver_10-12-12.02) - NTFSx86 Run by leigh at 17:59:26.85 on 12/01/2011 Internet Explorer: 7.0.6000.16982 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.893.318 [GMT 0:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Kontiki\KService.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\leigh\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = http=127.0.0.1:8074 uInternet Settings,ProxyOverride = <local> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [googletalk] c:\users\leigh\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [Reminder_MUI] c:\applications\oem\reminder\Reminder_MUI.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\leigh\appdata\roaming\mozilla\firefox\profiles\bf2zla78.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-10 64288] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-3 61960] R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-2-27 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-2-27 46592] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-27 283136] =============== Created Last 30 ================ 2011-01-12 17:28:17 -------- d-----w- c:\users\leigh\appdata\local\temp 2011-01-12 17:17:06 -------- d-sh--w- C:\$RECYCLE.BIN 2011-01-11 20:42:45 89088 ----a-w- c:\windows\MBR.exe 2011-01-11 20:42:44 98816 ----a-w- c:\windows\sed.exe 2011-01-11 20:42:44 256512 ----a-w- c:\windows\PEV.exe 2011-01-11 20:42:44 161792 ----a-w- c:\windows\SWREG.exe 2011-01-10 21:00:10 388096 ----a-r- c:\users\leigh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-10 21:00:01 -------- d-----w- c:\program files\Trend Micro 2011-01-10 16:29:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-10 16:29:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-10 16:27:22 -------- d-----w- c:\users\leigh\appdata\local\Sunbelt Software 2011-01-10 16:25:57 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-10 16:24:49 -------- d-----w- c:\program files\Lavasoft 2011-01-10 15:43:53 -------- d-----w- C:\_OTM 2011-01-07 16:00:37 -------- d-----w- c:\users\leigh\appdata\roaming\Malwarebytes 2011-01-07 16:00:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-07 16:00:15 -------- d-----w- c:\progra~2\Malwarebytes 2011-01-07 16:00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-07 16:00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-03 20:18:35 -------- d-----w- c:\progra~2\Alwil Software 2011-01-03 18:49:30 -------- d-----w- c:\program files\Sophos 2011-01-03 16:22:42 -------- d-----w- c:\users\leigh\appdata\roaming\Avira 2011-01-03 15:20:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-03 15:20:23 -------- d-----w- c:\program files\Avira 2011-01-03 15:20:23 -------- d-----w- c:\progra~2\Avira 2011-01-03 14:19:27 11278816 ----a-w- c:\users\leigh\appdata\roaming\microsoft\windows\templates\IS360Setup.exe 2011-01-03 14:18:43 -------- d-----w- c:\users\leigh\appdata\roaming\IObit 2011-01-03 14:18:42 -------- d-----w- c:\program files\IObit 2011-01-03 07:22:27 0 ----a-w- c:\users\leigh\appdata\local\Isapogagimogoyin.bin 2011-01-03 07:20:23 -------- d-----w- c:\progra~2\cIjPo06511 ==================== Find3M ==================== ============= FINISH: 18:05:10.93 ===============
  14. 2011/01/12 11:05:52.0756 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/12 11:05:52.0756 ================================================================================ 2011/01/12 11:05:52.0756 SystemInfo: 2011/01/12 11:05:52.0756 2011/01/12 11:05:52.0756 OS Version: 6.0.6000 ServicePack: 0.0 2011/01/12 11:05:52.0756 Product type: Workstation 2011/01/12 11:05:52.0756 ComputerName: LEIGH-PC 2011/01/12 11:05:52.0756 UserName: leigh 2011/01/12 11:05:52.0756 Windows directory: C:\Windows 2011/01/12 11:05:52.0756 System windows directory: C:\Windows 2011/01/12 11:05:52.0756 Processor architecture: Intel x86 2011/01/12 11:05:52.0756 Number of processors: 2 2011/01/12 11:05:52.0756 Page size: 0x1000 2011/01/12 11:05:52.0756 Boot type: Normal boot 2011/01/12 11:05:52.0756 ================================================================================ 2011/01/12 11:05:53.0756 Initialize success 2011/01/12 11:06:00.0599 ================================================================================ 2011/01/12 11:06:00.0599 Scan started 2011/01/12 11:06:00.0599 Mode: Manual; 2011/01/12 11:06:00.0599 ================================================================================ 2011/01/12 11:06:02.0568 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/01/12 11:06:02.0662 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/01/12 11:06:02.0787 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/01/12 11:06:02.0912 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/01/12 11:06:02.0990 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/01/12 11:06:03.0131 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/01/12 11:06:03.0256 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/01/12 11:06:03.0412 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/01/12 11:06:03.0506 aliide (cc373bbc3fd0605b87cd14bd14ddeb77) C:\Windows\system32\drivers\aliide.sys 2011/01/12 11:06:03.0568 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/01/12 11:06:03.0646 amdide (4838c4620d501ae2c009d337ccaddc63) C:\Windows\system32\drivers\amdide.sys 2011/01/12 11:06:03.0724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/01/12 11:06:03.0803 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/01/12 11:06:03.0943 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/01/12 11:06:04.0037 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/01/12 11:06:04.0115 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/01/12 11:06:04.0193 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2011/01/12 11:06:04.0303 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/01/12 11:06:04.0381 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/01/12 11:06:04.0474 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/01/12 11:06:04.0631 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/01/12 11:06:04.0709 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/01/12 11:06:04.0787 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/01/12 11:06:04.0881 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/01/12 11:06:04.0943 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/01/12 11:06:04.0990 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/01/12 11:06:05.0053 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/01/12 11:06:05.0115 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/01/12 11:06:05.0334 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/01/12 11:06:05.0459 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/01/12 11:06:05.0568 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/01/12 11:06:05.0693 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/01/12 11:06:05.0803 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/01/12 11:06:05.0912 cmdide (e7fd00f9016e3ca48c0d2a65602032ca) C:\Windows\system32\drivers\cmdide.sys 2011/01/12 11:06:05.0990 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/01/12 11:06:06.0084 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/01/12 11:06:06.0131 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/01/12 11:06:06.0271 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/01/12 11:06:06.0396 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys 2011/01/12 11:06:06.0537 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/01/12 11:06:06.0631 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/01/12 11:06:06.0740 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys 2011/01/12 11:06:06.0849 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/01/12 11:06:06.0943 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/01/12 11:06:07.0021 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/01/12 11:06:07.0115 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/01/12 11:06:07.0240 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/01/12 11:06:07.0490 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/01/12 11:06:07.0615 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/01/12 11:06:07.0724 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/01/12 11:06:07.0818 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/01/12 11:06:07.0896 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/01/12 11:06:07.0959 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/01/12 11:06:08.0068 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/01/12 11:06:08.0131 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/01/12 11:06:08.0287 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/01/12 11:06:08.0334 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/01/12 11:06:08.0396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/01/12 11:06:08.0459 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/01/12 11:06:08.0553 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/01/12 11:06:08.0615 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/01/12 11:06:08.0724 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/01/12 11:06:08.0818 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/01/12 11:06:08.0912 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/01/12 11:06:08.0974 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/01/12 11:06:09.0099 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/01/12 11:06:09.0224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/01/12 11:06:09.0303 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/01/12 11:06:09.0506 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys 2011/01/12 11:06:09.0662 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys 2011/01/12 11:06:09.0756 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/01/12 11:06:09.0834 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/01/12 11:06:09.0943 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/01/12 11:06:10.0021 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/01/12 11:06:10.0099 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/01/12 11:06:10.0162 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/01/12 11:06:10.0240 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/01/12 11:06:10.0303 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/01/12 11:06:10.0381 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/01/12 11:06:10.0459 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/01/12 11:06:10.0537 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/01/12 11:06:10.0631 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/01/12 11:06:10.0818 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys 2011/01/12 11:06:10.0928 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/01/12 11:06:11.0006 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/01/12 11:06:11.0068 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/01/12 11:06:11.0146 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/01/12 11:06:11.0209 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/01/12 11:06:11.0287 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/01/12 11:06:11.0412 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/01/12 11:06:11.0490 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/01/12 11:06:11.0537 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/01/12 11:06:11.0631 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/01/12 11:06:11.0693 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/01/12 11:06:11.0771 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/01/12 11:06:11.0849 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/01/12 11:06:11.0959 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/01/12 11:06:12.0021 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/01/12 11:06:12.0115 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/01/12 11:06:12.0209 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/01/12 11:06:12.0334 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/01/12 11:06:12.0396 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys 2011/01/12 11:06:12.0490 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/01/12 11:06:12.0631 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/01/12 11:06:12.0709 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 2011/01/12 11:06:12.0818 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/01/12 11:06:12.0881 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/01/12 11:06:12.0928 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/01/12 11:06:12.0990 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/01/12 11:06:13.0068 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/01/12 11:06:13.0131 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/01/12 11:06:13.0224 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/01/12 11:06:13.0303 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/01/12 11:06:13.0381 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/01/12 11:06:13.0443 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/01/12 11:06:13.0490 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/01/12 11:06:13.0568 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/01/12 11:06:13.0662 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/01/12 11:06:13.0740 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/01/12 11:06:13.0834 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/01/12 11:06:14.0021 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/01/12 11:06:14.0209 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/01/12 11:06:14.0303 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/01/12 11:06:14.0396 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/01/12 11:06:14.0553 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/01/12 11:06:14.0709 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/01/12 11:06:14.0803 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/01/12 11:06:14.0881 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/01/12 11:06:14.0943 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/01/12 11:06:15.0006 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/01/12 11:06:15.0162 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/01/12 11:06:15.0303 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/01/12 11:06:15.0381 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/01/12 11:06:15.0474 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/01/12 11:06:15.0568 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 2011/01/12 11:06:15.0631 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys 2011/01/12 11:06:15.0709 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/01/12 11:06:15.0818 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/01/12 11:06:16.0053 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/01/12 11:06:16.0131 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/01/12 11:06:16.0224 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/01/12 11:06:16.0334 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/01/12 11:06:16.0459 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/01/12 11:06:16.0553 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/01/12 11:06:16.0631 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/01/12 11:06:16.0724 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/01/12 11:06:16.0803 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/01/12 11:06:16.0881 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/01/12 11:06:16.0974 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/01/12 11:06:17.0131 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/01/12 11:06:17.0178 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/01/12 11:06:17.0271 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/01/12 11:06:17.0459 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/01/12 11:06:17.0506 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/01/12 11:06:17.0615 RTL8187B (2a1b48904504830f3f7bae5fd59cd370) C:\Windows\system32\DRIVERS\RTL8187B.sys 2011/01/12 11:06:17.0693 RTSTOR (104aff6574fa811de7f2da4a18eeb63c) C:\Windows\system32\drivers\RTSTOR.SYS 2011/01/12 11:06:17.0771 s217bus (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys 2011/01/12 11:06:17.0881 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys 2011/01/12 11:06:17.0959 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys 2011/01/12 11:06:18.0037 s217mgmt (de9562ad0c91e1857d11f65a91ee1a47) C:\Windows\system32\DRIVERS\s217mgmt.sys 2011/01/12 11:06:18.0146 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys 2011/01/12 11:06:18.0240 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys 2011/01/12 11:06:18.0334 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys 2011/01/12 11:06:18.0396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/01/12 11:06:18.0537 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/01/12 11:06:18.0631 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/01/12 11:06:18.0709 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/01/12 11:06:18.0803 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/01/12 11:06:18.0928 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2011/01/12 11:06:19.0006 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/01/12 11:06:19.0084 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2011/01/12 11:06:19.0162 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/01/12 11:06:19.0287 SiS6350 (456b6f04b620d473347a90b2772d3da0) C:\Windows\system32\DRIVERS\SISGRKMD.sys 2011/01/12 11:06:19.0381 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys 2011/01/12 11:06:19.0459 SiSGbeLH (f3c4c6c4daf2212ac905475ed0f0fb1b) C:\Windows\system32\DRIVERS\SiSGB6.sys 2011/01/12 11:06:19.0537 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/01/12 11:06:19.0615 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/01/12 11:06:19.0724 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/01/12 11:06:19.0834 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys 2011/01/12 11:06:20.0412 SNP2STD (ecc9293ffa708e0bb552fe9a84d6a300) C:\Windows\system32\DRIVERS\snp2sxp.sys 2011/01/12 11:06:23.0131 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/01/12 11:06:23.0271 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/01/12 11:06:23.0365 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/01/12 11:06:23.0474 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/01/12 11:06:23.0599 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/01/12 11:06:23.0740 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 2011/01/12 11:06:23.0834 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/01/12 11:06:23.0912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/01/12 11:06:23.0990 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/01/12 11:06:24.0131 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/01/12 11:06:24.0256 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/01/12 11:06:24.0318 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/01/12 11:06:24.0396 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/01/12 11:06:24.0443 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/01/12 11:06:24.0537 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/01/12 11:06:24.0631 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 2011/01/12 11:06:24.0787 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/01/12 11:06:24.0896 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/01/12 11:06:24.0959 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/01/12 11:06:25.0037 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 2011/01/12 11:06:25.0115 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/01/12 11:06:25.0256 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/01/12 11:06:25.0349 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/01/12 11:06:25.0443 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/01/12 11:06:25.0521 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/01/12 11:06:25.0599 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/01/12 11:06:25.0724 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 2011/01/12 11:06:25.0834 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/01/12 11:06:25.0896 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/01/12 11:06:25.0959 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys 2011/01/12 11:06:26.0037 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys 2011/01/12 11:06:26.0099 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys 2011/01/12 11:06:26.0178 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/01/12 11:06:26.0256 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/01/12 11:06:26.0318 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/01/12 11:06:26.0443 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/01/12 11:06:26.0506 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/01/12 11:06:26.0584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/01/12 11:06:26.0678 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/01/12 11:06:26.0740 viaide (48c9b50cddd51a205f7aa1639b3d4822) C:\Windows\system32\drivers\viaide.sys 2011/01/12 11:06:26.0818 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 2011/01/12 11:06:26.0896 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/01/12 11:06:26.0990 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys 2011/01/12 11:06:27.0084 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/01/12 11:06:27.0209 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/01/12 11:06:27.0271 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/12 11:06:27.0334 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/12 11:06:27.0428 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/01/12 11:06:27.0521 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 2011/01/12 11:06:27.0849 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys 2011/01/12 11:06:28.0006 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/01/12 11:06:28.0068 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/01/12 11:06:28.0193 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/01/12 11:06:28.0318 ZTEusbmdm6k (3e854b8cf8eb41bfc763e9c90d2b9b24) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2011/01/12 11:06:28.0412 ZTEusbnmea (3e854b8cf8eb41bfc763e9c90d2b9b24) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2011/01/12 11:06:28.0474 ZTEusbser6k (3e854b8cf8eb41bfc763e9c90d2b9b24) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2011/01/12 11:06:28.0615 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/12 11:06:28.0615 ================================================================================ 2011/01/12 11:06:28.0631 Scan finished 2011/01/12 11:06:28.0631 ================================================================================ 2011/01/12 11:06:28.0662 Detected object count: 1 2011/01/12 11:07:55.0006 \HardDisk0 - will be cured after reboot 2011/01/12 11:07:55.0021 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/12 11:08:07.0959 Deinitialize success
  15. Hi - had some problems - will talk you through what I did: Disabled Teatimer and closed all programs. Downloaded and ran ComboFix from desktop as per instructions on bleepingcomputer. Got a message saying I had to un-install AVG before it could run (which I didn't think I still had installed - all I could find was an AVG folder in Program Files which I deleted). Anyway, ran ComboFix again and the green loading status bar moved along until just before the end and then I got the dreaded flash of the blue screen and the computer restarted. Tried a couple more times with the same result and on the 4th attempt eventually got it to run. Then got message: "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" After reboot ComboFix then ran on startup (before desktop loaded) - ran through process until it started scanning for infected files reached about "completed stage_3" when scanning and then crashed and restarted computer. It created a C:ComboFix.txt file but it isn't a file just a shortcut link to "my computer". Tried the whole process again with same result. Anyway, I'm a bit out of my depth so didn't want to try anything else until I get some advice. Any suggestions? Thanks.