Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 32 Posts

·
Registered
Joined
·
24 Posts
Discussion Starter · #1 ·
Hi there, I'm trying to eradicate the problems on my father's laptop, a Dell Precision M6300 with Intel Core 2 Duo and Windows Vista Business SP2.

First thing I removed was AntiVirusGT, but I'm still running into these issues:

-Every time it connects to the internet this error appears:
"You are about to be logged off
Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."
This even happens in Safe Mode with Networking.

-What typically follows is a second error:
"Services and Controller app has stopped working"
Application Name: services.exe
Fault Module Name: unknown
At this point any process I try to run or were running will not respond.

One minute later the laptop restarts...the problems only seem to happen if I connect to a network.

-Also, this message appears sometimes:
"Host Process for Windows has stopped working"
Application Name: svchost.exe
Fault Module Name: ntdll.dll

-Lastly (as far as I know), no matter how many times Spybot "fixes" the problem I can't get rid of PWS.KDPinchIE; a trojan in a registry value.

I've searched and tried various solutions and nothing has been resolved. Windows Defender can't detect anything harmful and Ad-Aware finds no threats. I really need help...

Below is my DDS report, and the other reports are attached. Thank you so much.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Alvin at 18:06:53.77 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.983 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alvin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80230
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\w4ebr.dll: {b1ba40a2-75f2-51bd-f413-04b13a2c8953} - c:\windows\system32\w4ebr.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\alvin\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [trawgd327uhf838jdfdsfdfds] c:\windows\temp\cmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
dRun: [hse897ifdsjf98u3heuidhfdd] c:\windows\temp\igjso9v.exe
dRun: [trawgd327uhf838jdfdsfdfds] c:\windows\temp\cmd.exe
dRun: [Xxizuveruqapi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\ordltsd.dll",Startup
dRun: [wqvarrqd] c:\windows\system32\config\systemprofile\appdata\local\nowttxyta\lcketeishdw.exe
StartupFolder: c:\users\alvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
STS: c:\windows\system32\w4ebr.dll: {b1ba40a2-75f2-51bd-f413-04b13a2c8953} - c:\windows\system32\w4ebr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\alvin\appdata\roaming\mozilla\firefox\profiles\4ckbh63l.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-29 64288]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-5-14 4440064]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-6-5 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2010-8-27 46976]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-24 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-30 02:36:24 319 ----a-w- c:\windows\wininit.ini
2010-08-30 00:32:20 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-08-30 00:32:20 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-08-30 00:32:20 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-08-30 00:32:19 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-08-29 23:11:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-29 22:35:11 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-29 22:35:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 22:33:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-29 22:33:11 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-08-29 22:33:03 0 d-----w- c:\programdata\Lavasoft
2010-08-29 22:33:03 0 d-----w- c:\program files\Lavasoft
2010-08-28 22:05:11 0 d-----w- c:\windows\pss
2010-08-28 01:09:06 785408 ----a-w- c:\windows\system32\drivers\ttxbv.sys
2010-08-28 01:09:05 46976 ----a-w- c:\windows\system32\drivers\srenum.sys
2010-08-28 01:09:05 4128 ----a-w- c:\windows\system32\msrun.exe
2010-08-28 01:09:04 60004 ---h--w- c:\windows\winamp.exe
2010-08-28 01:09:03 60004 ---h--w- c:\windows\avp.exe
2010-08-28 01:09:02 60004 ---h--w- c:\windows\avp32.exe
2010-08-28 01:09:01 0 d-----w- c:\programdata\Update
2010-08-28 01:08:58 30000 ----a-w- c:\windows\system32\w4ebr.dll
2010-08-27 23:38:13 215372464 ----a-w- c:\windows\MEMORY.DMP
2010-08-24 09:10:56 0 d-----w- c:\programdata\magicJack
2010-08-15 16:51:48 0 d-----w- c:\users\alvin\appdata\roaming\uTorrent
2010-08-11 09:42:42 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-02 03:15:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-02 03:15:24 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-02 03:14:47 0 d-----w- c:\program files\iPod
2010-08-02 03:14:46 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-08-30 22:05:14 319522 ----a-w- c:\programdata\nvModes.dat
2010-08-02 03:12:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-02 03:12:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-02 03:12:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35:04 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-01 11:13:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-25 01:38:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-08 21:38:53 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-08 21:38:53 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-08 21:38:53 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-25 00:57:10 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-31 19:17:53 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-31 19:17:53 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-31 19:17:53 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:08:54.84 ===============
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click Advanced mode if not already selected.
  • Choose Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click Resident.
  • Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
  • If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
  • In the File menu click Exit to exit Spybot Search & Destroy.
------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to Allow or Deny any changes, please Allow them all.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #3 ·
Thank you so much for your reply. Unfortunately I won't have access to my father's laptop until Tuesday, 9/7. But as soon as I do I will immediately post the logs you need.

As to why he doesn't have an anti-virus program installed...he probably thinks he won't get infected as long as he surfs "safely" on the web. I think after this he'll wisen up. I didn't even know he had a laptop until he came to me about these issues.

Thanks again for posting and offering your assistance. I'll have a reply no later than Tuesday, 9/7.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #4 ·
chemist,

Thank you for your time and patience with my situation. Below is the log from ComboFix:

ComboFix 10-09-07.01 - Alvin 09/07/2010 22:42:42.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.886 [GMT -4:00]
Running from: c:\users\Alvin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\avp.exe
c:\windows\system32\%appdata%
c:\windows\System32\config\systemprofile\AppData\Local\nowttxyta
c:\windows\System32\config\systemprofile\AppData\Local\nowttxyta\lcketeishdw.exe
c:\windows\system32\config\systemprofile\AppData\Local\ordltsd.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\msrun.exe
c:\windows\system32\w4ebr.dll
c:\windows\winamp.exe
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . .

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndisrd
-------\Service_srenum


((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 02:50 . 2010-09-08 02:53 -------- d-----w- c:\users\Alvin\AppData\Local\temp
2010-08-30 21:00 . 2010-08-30 21:00 -------- d-----w- c:\users\Alvin\AppData\Local\Mozilla
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-08-29 23:11 . 2010-08-30 03:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-29 22:35 . 2010-08-30 00:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-29 22:35 . 2010-08-30 00:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 22:33 . 2009-12-02 13:19 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-29 22:33 . 2010-08-29 22:33 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-08-29 22:33 . 2010-08-29 22:33 -------- d-----w- c:\programdata\Lavasoft
2010-08-29 22:33 . 2010-08-29 22:33 -------- d-----w- c:\program files\Lavasoft
2010-08-28 01:09 . 2010-08-28 01:09 60004 ---h--w- c:\windows\avp32.exe
2010-08-28 01:09 . 2010-08-30 04:21 -------- d-----w- c:\programdata\Update
2010-08-24 09:10 . 2010-08-24 09:10 -------- d-----w- c:\programdata\magicJack
2010-08-21 10:20 . 2010-08-21 10:20 -------- d-----w- c:\program files\QuickTime
2010-08-15 16:51 . 2010-08-27 22:49 -------- d-----w- c:\users\Alvin\AppData\Roaming\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 02:52 . 2009-10-23 01:32 319522 ----a-w- c:\programdata\nvModes.dat
2010-08-30 20:34 . 2009-10-24 02:07 -------- d-----w- c:\programdata\Kodak
2010-08-29 18:13 . 2010-05-31 14:46 -------- d-----w- c:\program files\Google
2010-08-29 17:35 . 2009-10-25 04:09 -------- d-----w- c:\program files\Yahoo!
2010-08-29 17:28 . 2010-03-07 11:40 -------- d-----w- c:\programdata\Yahoo!
2010-08-28 20:35 . 2009-10-23 00:09 1356 ----a-w- c:\users\Alvin\AppData\Local\d3d9caps.dat
2010-08-28 01:08 . 2010-01-06 23:25 -------- d-----w- c:\users\Alvin\AppData\Roaming\mjusbsp
2010-08-28 01:04 . 2009-10-25 03:14 -------- d-----w- c:\programdata\avg9
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:45 . 2010-08-24 09:10 11045880 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\Upgrade\setup1.exe
2010-08-15 13:45 . 2010-08-15 13:45 11045880 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\setup.exe
2010-08-15 13:45 . 2010-08-15 13:45 838488 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJackLoader.exe
2010-08-15 13:45 . 2010-08-15 13:45 83352 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\octvqem_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 206232 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic4.dll
2010-08-15 13:45 . 2010-08-15 13:45 734616 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic2.dll
2010-08-15 13:45 . 2010-08-15 13:45 202136 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic1.dll
2010-08-15 13:45 . 2010-08-15 13:45 480680 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 214432 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\TjVista.dll
2010-08-15 13:45 . 2010-08-15 13:45 325024 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\TjIpSys.dll
2010-08-15 13:45 . 2010-08-15 13:45 632240 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\lr00000\magicJack.dll
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-28 01:08 838472 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ar00000\install.exe
2010-08-15 13:39 . 2010-08-24 09:10 838472 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\Upgrade\install1.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\install.exe
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\magicJack.dll
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
2010-08-11 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 03:15 . 2010-08-02 03:14 -------- d-----w- c:\program files\iTunes
2010-08-02 03:14 . 2010-08-02 03:14 -------- d-----w- c:\program files\iPod
2010-08-02 03:14 . 2010-08-02 03:11 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 03:12 . 2010-08-02 03:12 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 00:19 . 2010-07-16 00:19 -------- d-----w- c:\program files\Java
2010-07-16 00:19 . 2010-05-27 20:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 00:19 . 2010-07-16 00:19 -------- d-----w- c:\program files\PlotSoft
2010-07-14 22:06 . 2010-04-19 07:54 -------- d-----w- c:\program files\Kodak
2010-06-29 08:01 . 2009-10-23 00:10 49560 ----a-w- c:\users\Alvin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-10 20:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 20:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 20:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 20:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 07:53 . 2010-06-23 07:53 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA278.tmp.exe
2010-06-21 13:37 . 2010-08-10 20:05 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 20:05 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-10 20:05 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-10 20:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-10 20:05 905088 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-10 20:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-10 20:05 1248768 ----a-w- c:\windows\system32\msxml3.dll
2007-07-26 19:32 . 2010-08-29 22:35 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2010-08-29 22:35 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2010-08-29 22:35 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2010-08-29 22:35 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2010-08-29 22:35 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"cdloader"="c:\users\Alvin\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-10-02 4685824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

c:\users\Alvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7d,1d,9d,59,63,55,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-30 1181328]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4440064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]


--- Other Services/Drivers In Memory ---

*Deregistered* - ttxbv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{7FB812CB-6239-4E36-8D1C-3E9B4EEBF4CA}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\4ckbh63l.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 22:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86234ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x885a7d24
\Driver\ACPI -> acpi.sys @ 0x8068fd68
\Driver\atapi -> ataport.SYS @ 0x82881a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ttxbv]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-07 22:59:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 02:59

Pre-Run: 5,537,083,392 bytes free
Post-Run: 5,289,652,224 bytes free

- - End Of File - - 2074586F222CFDCE449BAD9C25719343
 

·
Premium Member
Joined
·
29,790 Posts
Hello spazn.

Please go to: VirusTotal
  • Click the Browse button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    c:\windows\avp32.exe

  • Click Open then click the Send File button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already submitted: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
  • Please download Rootkit Unhooker and save it to your desktop.
  • Right-click RKUnhookerLE.exe and choose 'Run as administator'.
  • Click the Report tab, then click Scan
  • Check Drivers and Stealth Code
  • Uncheck the rest, then click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close then Yes
  • Copy the entire contents of the report and paste it in your next reply.
Note: If you get a message 'Rootkit Unhooker has detected parasite inside itself!
It is recommended to remove parasite, okay?', click Okay

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #6 ·
Hi chemist,


Here's the URL from VirusTotal:
http://www.virustotal.com/file-scan...66270882d84bb3b199eb4455742fc1dbd1-1283971956


And below is the report from RootKit Unhooker. Thank you.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C008000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9768960 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.21 )
0x8221F000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8CA00000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2674688 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x91800000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88407000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A08000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D20C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8820D000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DB000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9DE7D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x80714000 C:\Windows\System32\Drivers\ttxbv.sys 815104 bytes
0x8D30F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9BA08000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C95B000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8295C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CE04000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x828EB000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x80411000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9BB18000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8CD09000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9DE29000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82805000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D402000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80687000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x88385000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CF26000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x88338000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CFB7000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D481000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82B3E000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D58C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88517000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8CEE0000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8289A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x805BB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CC8D000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x8CDAE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8CF65000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B13000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CE9F000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9BAC8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9DFAC000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88567000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806DE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9DE02000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8CF92000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x883D1000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8859F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9BBD0000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x82BB1000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D56D000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8287C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9BB85000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x882F7000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D530000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8CCDA000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8D54B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9BBA2000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8CD83000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8D5C5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D4C7000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CDE8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9DF81000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D44A000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82BE0000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9BBBB000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82B9C000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x82B88000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x829E9000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8CD5A000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9BAFC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D46E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8858E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CF15000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80481000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x828CC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9BAB8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82864000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CCBC000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CE8D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88312000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x828DC000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x8D521000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88558000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80705000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82B79000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88376000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x807E8000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CCCC000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x91A40000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D460000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x82BD2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82856000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x80679000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D4DE000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D3C3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CCFC000 C:\Windows\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0x8CED3000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x9DF65000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D508000 C:\Windows\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0x8D200000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88321000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D4EB000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CD78000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CD6D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CFF4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x883C6000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D514000 C:\Windows\system32\DRIVERS\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smard Card Driver Library)
0x8CDDD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x885E9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8832D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x807DE000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D4FE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CEC9000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9BAF2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D4BD000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9DF5B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9BB0F000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x885C0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D3D0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9DFF5000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x883F4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x91A20000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x885F4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CDA5000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806CD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82874000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9DF79000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
0x80492000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D4F6000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x806D6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D3E7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D3F7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CCF4000 C:\Windows\system32\DRIVERS\rimmptsk.sys 32768 bytes (REDC, RICOH MMC Driver)
0x88550000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9DF71000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D3E0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D3F0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8284F000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x862E6000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D3D9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8CD9B000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8CDA1000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9DE79000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x807DB000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9DE77000 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0x8C959000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.21 )
0x8CE9D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D51F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x86178160 unknown_irp_handler 3744 bytes
==============================================
>Stealth
==============================================
0x82874000 WARNING: suspicious driver modification [atapi.sys::0x861BE999]
0x01E50000 Hidden Image-->msvcm90.dll [ EPROCESS 0x8705DA28 ] PID: 1676, 270336 bytes
0x04A80000 Hidden Image-->msvcm90.dll [ EPROCESS 0x87279C78 ] PID: 3460, 270336 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\ttxbv.sys]
0x065E0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x8705DA28 ] PID: 1676, 5148672 bytes
0x01EC0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8705DA28 ] PID: 1676, 77824 bytes
0x02460000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87279C78 ] PID: 3460, 77824 bytes
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
http://www.techsupportforum.com/f50/laptop-restarts-automatically-in-1-minute-when-connected-to-internet-510429.html#post2883981

Collect::
c:\windows\avp32.exe
c:\windows\System32\Drivers\ttxbv.sys 

Folder::
c:\users\Alvin\AppData\Roaming\uTorrent

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Driver::
ttxbv
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #8 ·
Here's the updated log after dropping in CFScript.txt. Thanks chemist.

ComboFix 10-09-07.01 - Alvin 09/08/2010 17:34:39.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.714 [GMT -4:00]
Running from: c:\users\Alvin\Desktop\ComboFix.exe
Command switches used :: c:\users\Alvin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

file zipped: c:\windows\avp32.exe
file zipped: c:\windows\System32\Drivers\ttxbv.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alvin\AppData\Roaming\uTorrent
c:\users\Alvin\AppData\Roaming\uTorrent\dht.dat
c:\users\Alvin\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Alvin\AppData\Roaming\uTorrent\Maná - 9 ALBUMS (1986-2008) [rammers].torrent
c:\users\Alvin\AppData\Roaming\uTorrent\resume.dat
c:\users\Alvin\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Alvin\AppData\Roaming\uTorrent\rss.dat
c:\users\Alvin\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Alvin\AppData\Roaming\uTorrent\settings.dat
c:\users\Alvin\AppData\Roaming\uTorrent\settings.dat.old
c:\windows\avp32.exe
c:\windows\system32\%appdata%
c:\windows\System32\Drivers\ttxbv.sys
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . .

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TTXBV
-------\Service_ttxbv


((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 21:41 . 2010-09-08 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-09-08 21:41 . 2010-09-08 21:43 -------- d-----w- c:\users\Alvin\AppData\Local\temp
2010-09-08 21:41 . 2010-09-08 21:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-08 21:41 . 2010-09-08 21:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-08 21:41 . 2010-09-08 21:41 -------- d-----w- c:\users\Miranda\AppData\Local\temp
2010-09-08 21:41 . 2010-09-08 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 21:00 . 2010-08-30 21:00 -------- d-----w- c:\users\Alvin\AppData\Local\Mozilla
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-08-30 00:32 . 2010-08-30 00:32 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-08-29 23:11 . 2010-08-30 03:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-29 22:35 . 2010-08-30 00:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-29 22:35 . 2010-08-30 00:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 22:33 . 2009-12-02 13:19 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-29 22:33 . 2010-08-29 22:33 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-08-29 22:33 . 2010-08-29 22:33 -------- d-----w- c:\programdata\Lavasoft
2010-08-29 22:33 . 2010-08-29 22:33 -------- d-----w- c:\program files\Lavasoft
2010-08-28 01:09 . 2010-08-30 04:21 -------- d-----w- c:\programdata\Update
2010-08-24 09:10 . 2010-08-24 09:10 -------- d-----w- c:\programdata\magicJack
2010-08-21 10:20 . 2010-08-21 10:20 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 21:43 . 2009-10-23 01:32 319522 ----a-w- c:\programdata\nvModes.dat
2010-08-30 20:34 . 2009-10-24 02:07 -------- d-----w- c:\programdata\Kodak
2010-08-29 18:13 . 2010-05-31 14:46 -------- d-----w- c:\program files\Google
2010-08-29 17:35 . 2009-10-25 04:09 -------- d-----w- c:\program files\Yahoo!
2010-08-29 17:28 . 2010-03-07 11:40 -------- d-----w- c:\programdata\Yahoo!
2010-08-28 20:35 . 2009-10-23 00:09 1356 ----a-w- c:\users\Alvin\AppData\Local\d3d9caps.dat
2010-08-28 01:08 . 2010-01-06 23:25 -------- d-----w- c:\users\Alvin\AppData\Roaming\mjusbsp
2010-08-28 01:04 . 2009-10-25 03:14 -------- d-----w- c:\programdata\avg9
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:45 . 2010-08-24 09:10 11045880 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\Upgrade\setup1.exe
2010-08-15 13:45 . 2010-08-15 13:45 11045880 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\setup.exe
2010-08-15 13:45 . 2010-08-15 13:45 838488 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJackLoader.exe
2010-08-15 13:45 . 2010-08-15 13:45 83352 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\octvqem_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 206232 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic4.dll
2010-08-15 13:45 . 2010-08-15 13:45 734616 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic2.dll
2010-08-15 13:45 . 2010-08-15 13:45 202136 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\AECOctasic1.dll
2010-08-15 13:45 . 2010-08-15 13:45 480680 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 214432 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\TjVista.dll
2010-08-15 13:45 . 2010-08-15 13:45 325024 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\TjIpSys.dll
2010-08-15 13:45 . 2010-08-15 13:45 632240 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\lr00000\magicJack.dll
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-28 01:08 838472 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ar00000\install.exe
2010-08-15 13:39 . 2010-08-24 09:10 838472 ---ha-w- c:\users\Alvin\AppData\Roaming\mjusbsp\Upgrade\install1.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\install.exe
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\magicJack.dll
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Alvin\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
2010-08-11 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 03:15 . 2010-08-02 03:14 -------- d-----w- c:\program files\iTunes
2010-08-02 03:14 . 2010-08-02 03:14 -------- d-----w- c:\program files\iPod
2010-08-02 03:14 . 2010-08-02 03:11 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 03:12 . 2010-08-02 03:12 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 00:19 . 2010-07-16 00:19 -------- d-----w- c:\program files\Java
2010-07-16 00:19 . 2010-05-27 20:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 00:19 . 2010-07-16 00:19 -------- d-----w- c:\program files\PlotSoft
2010-07-14 22:06 . 2010-04-19 07:54 -------- d-----w- c:\program files\Kodak
2010-06-29 08:01 . 2009-10-23 00:10 49560 ----a-w- c:\users\Alvin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-10 20:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 20:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 20:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 20:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 07:53 . 2010-06-23 07:53 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA278.tmp.exe
2010-06-21 13:37 . 2010-08-10 20:05 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 20:05 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-10 20:05 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-10 20:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-10 20:05 905088 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-10 20:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-10 20:05 1248768 ----a-w- c:\windows\system32\msxml3.dll
2007-07-26 19:32 . 2010-08-29 22:35 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2010-08-29 22:35 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2010-08-29 22:35 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2010-08-29 22:35 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2010-08-29 22:35 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"cdloader"="c:\users\Alvin\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-10-02 4685824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

c:\users\Alvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7d,1d,9d,59,63,55,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-30 1181328]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4440064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{7FB812CB-6239-4E36-8D1C-3E9B4EEBF4CA}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\4ckbh63l.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 17:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86169ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x885aad24
\Driver\ACPI -> acpi.sys @ 0x80692d68
\Driver\atapi -> ataport.SYS @ 0x8287fa2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-09-08 17:48:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 21:48

Pre-Run: 5,275,389,952 bytes free
Post-Run: 5,267,537,920 bytes free

- - End Of File - - 5DE67A7119A28E7A1936E521F6A997A2
Upload was successful
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn. Thanks for submitting the file. Please tell us how your system is behaving. Any problems that you can tell? Try some Google searches. Let me know after you install Avira.

------------------------------------------------------

Let's get an AV installed on this machine. AntiVir's Avira is a good, free AV that is light on system resources.

Please follow the directions here for downloading, installing, updating, and running a full system scan:

http://www.free-av.com/en/pages/20/Installing Avira AntiVir.html

At the end of the scan, click 'Repair All', then 'Report' and post the log in your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #10 ·
Hey chemist,


The laptop is behaving much better now. I've been connected to the internet and surfing the web without the "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now" message appearing and executing the restart.


However, when I attempt to go to various websites I get a page that states:

Attention! Your web page request has been cancelled.

This web site refused your connection as it was reported as a malicious request. This can be caused by Viruses, Trojans or Malware found on your computer.

In order to resend your request to the website, press Resend request (please note, this action may cause a permanent block of your computer by the requested website)

In order to activate your security software, please press Fix Now (recommended)


There's a "Resend request" button and a "Fix Now" button. The address bar shows "http://spamweblist.com/block.php?url=" followed by the url of the site I'm trying to connect to. For example, it will block when I enter "techsupportforum.com" but sometimes it will allow "www.techsupportforum.com" or "http://www.techsupportforum.com" or neither.

How can I get rid of this?


Here's the report from Avira AntiVir. Thanks a lot.

Avira AntiVir Personal
Report file date: Wednesday, September 08, 2010 22:08

Scanning for 2794161 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ALVIN-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:06:32
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:06:37
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 02:06:49
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 02:06:49
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 02:06:49
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 02:06:49
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 02:06:49
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 02:06:49
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 02:06:50
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 02:06:53
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 02:06:54
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 02:06:55
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 02:06:56
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 02:06:57
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 02:06:58
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 02:06:59
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 02:07:00
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 02:07:01
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 02:07:02
VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 02:07:02
VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 02:07:03
VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 02:07:04
VBASE027.VDF : 7.10.11.75 124928 Bytes 9/3/2010 02:07:05
VBASE028.VDF : 7.10.11.92 137728 Bytes 9/6/2010 02:07:06
VBASE029.VDF : 7.10.11.107 166400 Bytes 9/8/2010 02:07:07
VBASE030.VDF : 7.10.11.108 2048 Bytes 9/8/2010 02:07:07
VBASE031.VDF : 7.10.11.112 20480 Bytes 9/8/2010 02:07:07
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/9/2010 02:07:23
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/9/2010 02:07:22
AESCN.DLL : 8.1.6.1 127347 Bytes 9/9/2010 02:07:20
AESBX.DLL : 8.1.3.1 254324 Bytes 9/9/2010 02:07:23
AERDL.DLL : 8.1.8.2 614772 Bytes 9/9/2010 02:07:20
AEPACK.DLL : 8.2.3.5 471412 Bytes 9/9/2010 02:07:18
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/9/2010 02:07:17
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/9/2010 02:07:16
AEHELP.DLL : 8.1.13.3 242038 Bytes 9/9/2010 02:07:12
AEGEN.DLL : 8.1.3.20 397684 Bytes 9/9/2010 02:07:12
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/9/2010 02:07:11
AECORE.DLL : 8.1.16.2 192887 Bytes 9/9/2010 02:07:10
AEBB.DLL : 8.1.1.0 53618 Bytes 9/9/2010 02:07:09
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, September 08, 2010 22:08

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '85' Module(s) have been scanned
Scan process 'avscan.exe' - '34' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'avgnt.exe' - '63' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avshadow.exe' - '38' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'iPodService.exe' - '36' Module(s) have been scanned
Scan process 'unsecapp.exe' - '35' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '64' Module(s) have been scanned
Scan process 'sidebar.exe' - '57' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '68' Module(s) have been scanned
Scan process 'EKIJ5000MUI.exe' - '35' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'rundll32.exe' - '31' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'Explorer.EXE' - '155' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
Scan process 'Dwm.exe' - '30' Module(s) have been scanned
Scan process 'taskeng.exe' - '70' Module(s) have been scanned
Scan process 'xaudio.exe' - '22' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'nvPDsvc.exe' - '28' Module(s) have been scanned
Scan process 'AsfIpMon.exe' - '39' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'spoolsv.exe' - '83' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '78' Module(s) have been scanned
Scan process 'WLANExt.exe' - '49' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '43' Module(s) have been scanned
Scan process 'SLsvc.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '188' Module(s) have been scanned
Scan process 'svchost.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'winlogon.exe' - '38' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '69' Module(s) have been scanned
Scan process 'services.exe' - '41' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1637' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws29.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws31.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\[4]-Submit_2010-09-08_17.33.01.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Downloader.Gen Trojan
--> avp32.exe
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
--> ttxbv.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\avp.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\avp32.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\winamp.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\system32\w4ebr.dll.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\system32\config\systemprofile\AppData\Local\ordltsd.dll.vir
[DETECTION] Is the TR/Dldr.Mufanom.admc Trojan
C:\Qoobox\Quarantine\C\Windows\system32\config\systemprofile\AppData\Local\nowttxyta\lcketeishdw.exe.vir
[DETECTION] Is the TR/FraudPack.bhdh Trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\srenum.sys.vir
[DETECTION] Is the TR/Dldr.Small.kos Trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ttxbv.sys.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\_ttxbv_.sys.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
--> ttxbv.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'D:\'
Begin scan in 'E:\'

Beginning disinfection:
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\_ttxbv_.sys.zip
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '48c4ee4e.qua'.
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ttxbv.sys.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '51afc1e9.qua'.
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\srenum.sys.vir
[DETECTION] Is the TR/Dldr.Small.kos Trojan
[NOTE] The file was moved to the quarantine directory under the name '021d9b07.qua'.
C:\Qoobox\Quarantine\C\Windows\system32\config\systemprofile\AppData\Local\nowttxyta\lcketeishdw.exe.vir
[DETECTION] Is the TR/FraudPack.bhdh Trojan
[NOTE] The file was moved to the quarantine directory under the name '6434d4f2.qua'.
C:\Qoobox\Quarantine\C\Windows\system32\config\systemprofile\AppData\Local\ordltsd.dll.vir
[DETECTION] Is the TR/Dldr.Mufanom.admc Trojan
[NOTE] The file was moved to the quarantine directory under the name '21aff9fb.qua'.
C:\Qoobox\Quarantine\C\Windows\system32\w4ebr.dll.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5eb5cbdc.qua'.
C:\Qoobox\Quarantine\C\Windows\winamp.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1216e7e9.qua'.
C:\Qoobox\Quarantine\C\Windows\avp32.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6e00a784.qua'.
C:\Qoobox\Quarantine\C\Windows\avp.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '435a88c9.qua'.
C:\Qoobox\Quarantine\[4]-Submit_2010-09-08_17.33.01.zip
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5a2fb311.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '36609f5e.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '47d9a6cb.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinQhostaei.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '49c3960c.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0cf5ef77.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '05feebdc.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '5dbff2b2.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '714b8b7e.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAntiMalwares.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '4fb5eba4.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws31.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '2c89c0f3.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0a4180ee.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws29.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '38d5fb4b.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '3290d035.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0dc3b470.qua'.
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '73efb857.qua'.


End of the scan: Wednesday, September 08, 2010 22:46
Used time: 36:28 Minute(s)

The scan has been done completely.

21275 Scanned directories
305359 Files were scanned
11 Viruses and/or unwanted programs were found
14 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
24 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
305334 Files not concerned
2298 Archives were scanned
0 Warnings
24 Notes
631039 Objects were scanned with rootkit scan
0 Hidden objects were found
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn.

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Download TDSSKiller.exe and Save it to your Desktop.

Double-click TDSSKiller.exe then click 'Start scan'.

If no infection is found click 'Close' twice and let me know.

If an infection is found, click 'Continue' to Cure the infection.

Once the system scan is completed, click 'Reboot now'.

It will produce a log here > C:\TDSSKiller.version_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #12 ·
Hi chemist,


Here's the log from MBAM:
-------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4582

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/9/2010 10:56:11 AM
mbam-log-2010-09-09 (10-56-11).txt

Scan type: Quick scan
Objects scanned: 152797
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------

After I had TDSSKiller cure an infection and reboot, I get a stop error screen after the log in screen when Windows starts normally. I took a picture of the screen because it immediately reboots once displayed, and this is what it reads:
-------------------------------------------
A problem has been detected and windows has been shut down to prevent damage
to your computer.

If this is the first time you’ve seen this stop error screen,
restart your computer. If this screen appears again,
follow these steps:

Check to be sure you have adequate disk space. If a driver is
identified in the Stop message, disable the driver or check
with the manufacturer for driver updates. Try changing video
adapters.

Check with your hardware vendor for any BIOS updates. Disable
BIOS memory options such as caching or shadowing. If you need
to use Safe Mode to remove or disable components, restart your
computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical information:

*** STOP: 0x0000008E (0xC0000005, 0x82468CC7, 0x8A9BE91C, 0x00000000)



Collecting data for crash dump …
Initializing disk for crash dump …
-------------------------------------------

Here are the contents of the TDSSKiller log I was able to copy when I booted to Safe Mode:
-------------------------------------------
2010/09/09 10:59:31.0478 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/09 10:59:31.0478 ================================================================================
2010/09/09 10:59:31.0478 SystemInfo:
2010/09/09 10:59:31.0478
2010/09/09 10:59:31.0478 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/09 10:59:31.0478 Product type: Workstation
2010/09/09 10:59:31.0479 ComputerName: ALVIN-PC
2010/09/09 10:59:31.0479 UserName: Alvin
2010/09/09 10:59:31.0479 Windows directory: C:\Windows
2010/09/09 10:59:31.0479 System windows directory: C:\Windows
2010/09/09 10:59:31.0479 Processor architecture: Intel x86
2010/09/09 10:59:31.0479 Number of processors: 2
2010/09/09 10:59:31.0479 Page size: 0x1000
2010/09/09 10:59:31.0479 Boot type: Normal boot
2010/09/09 10:59:31.0479 ================================================================================
2010/09/09 10:59:31.0792 Initialize success
2010/09/09 10:59:34.0178 ================================================================================
2010/09/09 10:59:34.0178 Scan started
2010/09/09 10:59:34.0178 Mode: Manual;
2010/09/09 10:59:34.0178 ================================================================================
2010/09/09 10:59:36.0508 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/09 10:59:36.0566 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/09 10:59:36.0600 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/09 10:59:36.0644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/09 10:59:36.0667 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/09 10:59:36.0844 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/09 10:59:36.0897 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/09/09 10:59:36.0931 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/09 10:59:36.0972 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/09/09 10:59:37.0031 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/09/09 10:59:37.0055 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/09/09 10:59:37.0087 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/09 10:59:37.0154 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/09/09 10:59:37.0280 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/09 10:59:37.0367 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/09 10:59:37.0434 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/09 10:59:37.0500 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/09 10:59:37.0586 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/09/09 10:59:37.0642 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/09/09 10:59:37.0691 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/09 10:59:37.0731 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2010/09/09 10:59:37.0811 BCM42RLY (57a52ee74fd55c590f209925088cb68b) C:\Windows\system32\drivers\BCM42RLY.sys
2010/09/09 10:59:37.0949 BCM43XX (edf86011d8a8366c476a9356cb9523b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/09 10:59:38.0067 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/09 10:59:38.0184 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/09 10:59:38.0236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/09 10:59:38.0255 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/09 10:59:38.0289 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/09 10:59:38.0304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/09 10:59:38.0344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/09 10:59:38.0371 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/09 10:59:38.0402 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/09 10:59:38.0535 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/09 10:59:38.0611 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/09 10:59:38.0660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/09/09 10:59:38.0705 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/09 10:59:38.0773 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/09 10:59:38.0804 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/09/09 10:59:38.0917 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/09 10:59:38.0949 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/09 10:59:38.0980 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/09 10:59:39.0016 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2010/09/09 10:59:39.0079 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/09 10:59:39.0151 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/09 10:59:39.0256 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/09 10:59:39.0319 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/09 10:59:39.0370 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/09 10:59:39.0456 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/09 10:59:39.0507 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/09 10:59:39.0628 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/09 10:59:39.0665 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/09 10:59:39.0706 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/09 10:59:39.0737 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/09 10:59:39.0770 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/09 10:59:39.0794 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/09 10:59:39.0850 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/09 10:59:39.0972 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/09 10:59:40.0004 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/09 10:59:40.0047 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/09 10:59:40.0101 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/09/09 10:59:40.0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/09 10:59:40.0253 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/09 10:59:40.0275 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/09 10:59:40.0311 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/09 10:59:40.0339 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/09 10:59:40.0382 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/09 10:59:40.0445 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/09 10:59:40.0550 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/09 10:59:40.0590 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/09 10:59:40.0639 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/09 10:59:40.0684 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/09 10:59:40.0717 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/09 10:59:40.0820 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/09 10:59:40.0861 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/09/09 10:59:40.0901 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/09 10:59:40.0961 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/09 10:59:41.0026 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/09 10:59:41.0064 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/09 10:59:41.0115 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/09 10:59:41.0201 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/09/09 10:59:41.0242 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/09 10:59:41.0268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/09 10:59:41.0296 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/09 10:59:41.0330 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/09 10:59:41.0373 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/09 10:59:41.0455 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2010/09/09 10:59:41.0766 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/09 10:59:41.0821 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
2010/09/09 10:59:41.0862 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/09 10:59:41.0915 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/09 10:59:41.0985 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/09 10:59:42.0039 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/09 10:59:42.0064 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/09 10:59:42.0114 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/09 10:59:42.0148 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/09 10:59:42.0185 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/09 10:59:42.0229 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/09 10:59:42.0293 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/09 10:59:42.0392 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/09 10:59:42.0423 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/09 10:59:42.0476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/09 10:59:42.0510 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/09 10:59:42.0542 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/09 10:59:42.0583 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/09 10:59:42.0622 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/09 10:59:42.0664 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/09 10:59:42.0721 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/09 10:59:42.0748 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/09/09 10:59:42.0772 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/09 10:59:42.0819 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/09 10:59:42.0855 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/09 10:59:42.0909 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/09 10:59:42.0928 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/09 10:59:42.0981 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/09 10:59:43.0043 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/09 10:59:43.0115 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/09 10:59:43.0147 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/09 10:59:43.0188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/09 10:59:43.0269 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/09 10:59:43.0387 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/09 10:59:43.0470 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/09 10:59:43.0540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/09 10:59:43.0582 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/09 10:59:43.0615 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/09 10:59:43.0661 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/09 10:59:43.0736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/09 10:59:43.0833 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/09 10:59:43.0888 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/09 10:59:43.0969 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/09 10:59:44.0034 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/09 10:59:44.0104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/09 10:59:44.0178 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/09/09 10:59:44.0260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/09 10:59:44.0719 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/09 10:59:45.0036 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/09 10:59:45.0073 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/09 10:59:45.0122 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/09/09 10:59:45.0210 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/09 10:59:45.0245 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/09 10:59:45.0298 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/09 10:59:45.0333 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/09 10:59:45.0388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/09 10:59:45.0487 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/09/09 10:59:45.0522 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/09 10:59:45.0584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/09 10:59:45.0684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/09 10:59:45.0785 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/09 10:59:45.0837 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/09 10:59:45.0896 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/09 10:59:45.0934 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/09 10:59:45.0982 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/09 10:59:46.0102 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/09 10:59:46.0145 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/09 10:59:46.0193 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/09 10:59:46.0226 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/09 10:59:46.0275 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/09 10:59:46.0309 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/09 10:59:46.0366 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/09/09 10:59:46.0435 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/09 10:59:46.0512 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/09 10:59:46.0576 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/09 10:59:46.0622 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/09 10:59:46.0680 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/09/09 10:59:46.0949 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/09 10:59:47.0016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/09 10:59:47.0137 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/09 10:59:47.0173 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/09 10:59:47.0221 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/09 10:59:47.0245 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/09 10:59:47.0296 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/09 10:59:47.0366 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/09 10:59:47.0395 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/09 10:59:47.0458 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/09 10:59:47.0505 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/09 10:59:47.0581 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/09/09 10:59:47.0626 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/09 10:59:47.0669 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/09 10:59:47.0742 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/09 10:59:47.0780 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/09 10:59:47.0845 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/09 10:59:47.0920 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/09 10:59:47.0945 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/09 10:59:47.0979 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/09/09 10:59:48.0020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/09 10:59:48.0064 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/09 10:59:48.0092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/09 10:59:48.0109 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/09 10:59:48.0245 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/09 10:59:48.0367 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/09 10:59:48.0419 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/09 10:59:48.0466 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/09 10:59:48.0491 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/09 10:59:48.0541 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/09 10:59:48.0581 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/09 10:59:48.0629 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/09 10:59:48.0673 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/09 10:59:48.0779 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/09 10:59:48.0808 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/09 10:59:48.0854 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/09 10:59:48.0894 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/09 10:59:48.0926 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/09 10:59:48.0964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/09 10:59:48.0990 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/09 10:59:49.0028 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/09 10:59:49.0144 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/09 10:59:49.0201 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/09/09 10:59:49.0240 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/09 10:59:49.0286 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
2010/09/09 10:59:49.0328 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/09 10:59:49.0390 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/09 10:59:49.0452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/09 10:59:49.0541 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/09 10:59:49.0572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/09 10:59:49.0620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/09 10:59:49.0650 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/09 10:59:49.0685 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/09 10:59:49.0732 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/09 10:59:49.0771 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/09 10:59:49.0799 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/09/09 10:59:49.0826 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/09 10:59:49.0914 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/09/09 10:59:49.0945 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/09 10:59:50.0010 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/09 10:59:50.0088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/09 10:59:50.0130 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/09 10:59:50.0174 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/09 10:59:50.0215 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/09 10:59:50.0234 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/09 10:59:50.0341 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/09 10:59:50.0426 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/09 10:59:50.0510 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/09 10:59:50.0601 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/09/09 10:59:50.0717 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/09 10:59:50.0802 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/09 10:59:50.0839 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/09 10:59:50.0907 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/09 10:59:50.0948 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/09 10:59:50.0990 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/09 10:59:51.0019 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/09 10:59:51.0022 ================================================================================
2010/09/09 10:59:51.0022 Scan finished
2010/09/09 10:59:51.0022 ================================================================================
2010/09/09 10:59:51.0030 Detected object count: 1
2010/09/09 11:00:09.0487 \HardDisk0\MBR - will be cured after reboot
2010/09/09 11:00:09.0487 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/09 11:00:14.0554 Deinitialize success
-------------------------------------------

Thank you.
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn.

We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
  4. Also, report what module is being referenced. In the above example, it would be MountMgr.sys
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #14 ·
chemist,


The STOP error code displayed is 0x00008E. I tried a few times and the results have been:
1st. *** STOP: 0x0000008E (0xC0000005, 0x82445CC7, 0x998A091C, 0x00000000)
2nd. *** STOP: 0x0000008E (0xC0000005, 0x82471CC7, 0x8A2F691C, 0x00000000)
3rd. *** STOP: 0x0000008E (0xC0000005, 0x82465CC7, 0x9B51B91C, 0x00000000)


No written out error message appears like in the example above.

At the end it doesn't reference a module like the example above. Instead, it displays the following after the STOP error code:
Collecting data for crash dump …
Initializing disk for crash dump …
Physical memory dump complete.
Contact your system admin or technical support group for further assistance.


Hope that helps...thank you.
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn. Have you tried Last Known Good Configuration?
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Last Known Good Configuration and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------

If successful, open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
mbr.exe -t 
start mbr.log
del %0
Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:


Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents in your next reply.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #16 ·
Hey chemist,


I booted the laptop and entered the Advanced Boot Options by repeatedly hitting F8. These are my options below Safe Mode with Command Prompt:

  • Enable Boot Logging
  • Enable low-resolution video (640x480)
  • Last Known Good Configuration (advanced)
  • Directory Services Restore Mode
  • Debugging Mode
  • Disable automatic restart on system failure
  • Disable Driver Signature Enforcement

I selected 'Last Known Good Configuration (advanced)'. The time it takes to load the Windows logo is longer than normal, and before it can get to the Log In screen I get the BSOD. Same as before. I can still get to the desktop when booting to Safe Mode though.

I'm leaving work here and will be back online tomorrow morning. As always, thanks for your help.
 

·
Premium Member
Joined
·
29,790 Posts
Hello again, spazn. If there is any data on this computer you cannot live without it would be prudent to back it up to external drive.

Do you have a Vista Installation DVD?

Do you have the option 'Windows Recovery Environment' after hitting F8?

Are you using Safe Mode with Networking or posting from another computer?

------------------------------------------------------

Please download MBRCheck.exe and save it to your desktop.
  • Double-click on MBRCheck.exe to start the tool.
  • If no MBR infection is detected, press Enter to exit...
  • If a MBR infection is detected, press n then Enter
  • Then press ENTER to exit...
  • A Notepad file named MBRCheck_date_time.txt will appear on your desktop.
  • Copy and paste the contents of MBRCheck_date_time.txt in your next reply.
------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #18 ·
Hi chemist,


Unfortunately I do not have a Vista Installation DVD or a 'Windows Recovery Environment' option in Advanced Boot Options (the only choices I have are listed in my previous post).

At first I was downloading and posting from another computer and using my USB flash drive to transfer files back and forth. Once I was able to be online without the laptop restarting automatically I started using the laptop to download and post (booting to Windows normally, not to Safe Mode with Networking...), and now I am back to using another computer because of the BSOD.

I booted to Safe Mode and backed up the data to an external drive. I also ran MBRCheck from Safe Mode, and below is the log. Thank you.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision M6300
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 118):
0x8221D000 \SystemRoot\system32\ntkrnlpa.exe
0x825D6000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80682000 \SystemRoot\system32\PSHED.dll
0x80693000 \SystemRoot\system32\BOOTVID.dll
0x8069B000 \SystemRoot\system32\CLFS.SYS
0x806DC000 \SystemRoot\system32\CI.dll
0x87C0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x87C80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87C8E000 \SystemRoot\system32\drivers\acpi.sys
0x87CD4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87CDD000 \SystemRoot\system32\drivers\msisadrv.sys
0x87CE5000 \SystemRoot\system32\drivers\pci.sys
0x87D0C000 \SystemRoot\System32\drivers\partmgr.sys
0x87D1B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87D1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87D28000 \SystemRoot\system32\drivers\volmgr.sys
0x87D37000 \SystemRoot\System32\drivers\volmgrx.sys
0x87D81000 \SystemRoot\system32\drivers\intelide.sys
0x87D88000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87D96000 \SystemRoot\System32\drivers\mountmgr.sys
0x87DA6000 \SystemRoot\system32\drivers\atapi.sys
0x87DAE000 \SystemRoot\system32\drivers\ataport.SYS
0x87DCC000 \SystemRoot\system32\drivers\fltmgr.sys
0x807BC000 \SystemRoot\system32\drivers\fileinfo.sys
0x87C00000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x87E0E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E7F000 \SystemRoot\system32\drivers\ndis.sys
0x87F8A000 \SystemRoot\system32\drivers\msrpc.sys
0x87FB5000 \SystemRoot\system32\drivers\NETIO.SYS
0x88005000 \SystemRoot\System32\drivers\tcpip.sys
0x880EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88315000 \SystemRoot\system32\drivers\volsnap.sys
0x88356000 \SystemRoot\System32\Drivers\mup.sys
0x88365000 \SystemRoot\System32\drivers\ecache.sys
0x8838C000 \SystemRoot\system32\drivers\disk.sys
0x8839D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x883E7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8810A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88115000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88153000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88162000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B409000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8B696000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8B6C5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B6D5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B6E3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B6EB000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B6F8000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8B749000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B75C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B767000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B772000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B78A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B790000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B799000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BA41000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BA4C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BA63000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA6E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BA91000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BAA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BAB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BAC9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8BB52000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BB62000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BB64000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BB8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BB98000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BBA5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBDA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BBEB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BBF4000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7C8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7CF000 \SystemRoot\System32\drivers\vga.sys
0x8B7DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x881EF000 \SystemRoot\System32\drivers\watchdog.sys
0x8B400000 \SystemRoot\system32\drivers\rdpencdd.sys
0x87FF0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x87E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x807CC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807D5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x807EB000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BE0A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BE3C000 \SystemRoot\system32\drivers\afd.sys
0x8BE84000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BE9A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BEA8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BEE4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BEEE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BF05000 \SystemRoot\system32\DRIVERS\usbccid.sys
0x8BF11000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8BF1C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92840000 \SystemRoot\System32\win32k.sys
0x8BF1E000 \SystemRoot\System32\drivers\Dxapi.sys
0x92A50000 \SystemRoot\System32\drivers\dxg.sys
0x92A80000 \SystemRoot\System32\TSDDD.dll
0x8BF28000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BF35000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BF40000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x92B00000 \SystemRoot\System32\framebuf.dll
0x8BF48000 \SystemRoot\system32\drivers\WudfPf.sys
0x8BF62000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BF8C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BF96000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BFAF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BFC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95A04000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95A3D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x95A55000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95A6B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95A80000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76E70000 \Windows\System32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
452 csrss.exe
488 csrss.exe
496 C:\Windows\System32\wininit.exe
540 C:\Windows\System32\winlogon.exe
572 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1180 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1236 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1508 unsecapp.exe
1588 WmiPrvSE.exe
1764 C:\Windows\explorer.exe
296 C:\Windows\System32\wbem\unsecapp.exe
892 C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
1196 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1520 C:\Users\Alvin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`805e1a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001a`f3100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS722012K9A300, Rev: DCCOCA1H

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 

·
Premium Member
Joined
·
29,790 Posts
Would you be able to borrow a Vista Business Edition DVD from someone?
 
1 - 20 of 32 Posts
Status
Not open for further replies.
Top