Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan aspx.js.win32

Started by tina12580 , Jul 02 2010 05:44 AM

  • Please log in to reply

#1
tina12580
Posted 02 July 2010 - 05:44 AM

tina12580

    Member

  • Member
  • PipPip
  • 12 posts
My sister's Laptop keeps getting a message popping up saying it's infected with trojan aspx.js.win32, there are porn icons on the desktop and the internet keeps redirecting. I could only get to this website via safe mode. I have tried running malwarebytes and each time it has found infections and removed them, but upon reboot the infections are back. I haven't got a clue how to go about fixing this and would really appreciate some help :) Thanks in advance
  • 0

Advertisements

#2
RKinner
Posted 02 July 2010 - 11:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
tina12580
Posted 02 July 2010 - 01:27 PM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Before reading your reply I downloaded malwarebytes from this website and tried to scan again, this time they seem to have been removed. The only thing now is that my searches redirect to findgala. I will go and do the scans you suggested now. But here is the log from the last malwarebytes scan...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18904

02/07/2010 18:19:58
mbam-log-2010-07-02 (18-19-58).txt

Scan type: Quick scan
Objects scanned: 138326
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 157
Registry Values Infected: 17
Registry Data Items Infected: 7
Folders Infected: 3
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRV (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PDRV (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-virus professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antispywarxp2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oacat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oahlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oareg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc_antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peravir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psancu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psanhost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psantomanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psunmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quick heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickhealcleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safetykeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savearmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savekeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secure veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\security center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securityfighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softsafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trustwarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthaux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows police pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security master av (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\defense center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ppdrv (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\carol\AppData\Roaming\Security Master AV (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\f9f0b00\SMf9f0.exe (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2512116029-1123958170-2343260633-1000\$RELDP1O\defcnt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2512116029-1123958170-2343260633-1000\$RELDP1O\defext.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2512116029-1123958170-2343260633-1000\$RELDP1O\defhook.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2512116029-1123958170-2343260633-1000\$RELDP1O\Uninstall.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\pdrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\pdrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\0.8809770554946863.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\A5C3.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\asd3A8F.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\asd9D29.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\asdC560.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\asdF804.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\esentutl64.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\mschrt20ex.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmp3AAF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmp5F5E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmp9D58.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmpA5C1.tmp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmpe93263fd.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmpF823.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\topwesitjh (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276038630.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276046020.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276051968.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276087042.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276108254.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\zpskon_1276141813.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Local\Temp\tmp2e24c5b9\rap.exe (Trojan.ZBot) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully.
C:\Users\carol\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\01005153535554.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\048102515610049.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\0505448994955.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\052575210198102.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\055102102565799.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\05557102489799.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\0569949489854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\09857491009853.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1275997018.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276026942.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276027253.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276029435.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276029739.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276030399.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276076998.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276077367.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276078091.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276082317.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276082683.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276086617.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276086989.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276111870.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276112237.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276116062.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276116428.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276166641.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276166945.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276170764.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276171072.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276184866.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carol\Local Settings\Application Data\rdr_1276185167.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
  • 0

#4
RKinner
Posted 02 July 2010 - 02:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run OTL now (Step 5) and post the logs. Don't forget to right click and select Run As Administrator instead of simple double clicking.

Also
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
tina12580
Posted 02 July 2010 - 03:57 PM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Right I have ran both programs and now I can't connect to the internet to post the logs. I looked in device manager and the network adapters are not working.

Atheros AR5007EG wireless network adapter - winpkfilter miniport

Device status

Windows cannot start this hardware device because it's configuration information (in the registry) is incomplete or damaged (code 19)


Broadcom netlink ™ fast ethernet - winpkfilter miniport

Device status

Windows cannot start this hardware device because it's configuration information (in the registry) is incomplete or damaged (code 19)


Microsoft ISATAP adapter #4

Device status

This device is not working properly because windows cannot load the drivers required for this device (code 31)


WAN miniport (ip) - winpkfilter miniport

Device status

Windows cannot start this hardware device because it's configuration information (in the registry) is incomplete or damaged (code 19)


WAN miniport (ipv6) - winpkfilter miniport

Device status

Windows cannot start this hardware device because it's configuration information (in the registry) is incomplete or damaged (code 19)


WAN mniniport (network monitor) - winpkfilter miniport

Device status

Windows cannot start this hardware device because it's configuration information (in the registry) is incomplete or damaged (code 19)
  • 0

#6
RKinner
Posted 02 July 2010 - 05:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on Computer and select Manage the Device Manager. You will probably see it flashing at the bottom. Click on it and then Continue. Find your network adapters and right click on each and Uninstall. Then reboot. It should redetect and reinstall each adapter.

If that doesn't work then Start, Programs, Accessories, right click on Command Prompt and Run As Administrator. Type with an Enter after each line:

netsh  winsock  reset  catalog

netsh  int  ip  reset  reset.log
(I use two space in the code box so you can see where one space goes.)
Ron

Edited by RKinner, 02 July 2010 - 06:03 PM.

  • 0

#7
tina12580
Posted 03 July 2010 - 01:53 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I tried both methods and only the first 2 would uninstall.
  • 0

#8
tina12580
Posted 03 July 2010 - 02:16 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Uninstalled them in network connections, internet working now.

OTL Log (only one notepad window opened)

OTL logfile created on: 02/07/2010 21:47:17 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\carol\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 19.22 Gb Free Space | 27.94% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROL-PC
Current User Name: carol
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/02 21:38:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\carol\Desktop\OTL.exe
PRC - [2010/07/02 20:40:35 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\carol\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/07/02 11:10:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/02 11:10:57 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/02 11:10:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/02 11:10:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/02 11:10:41 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/02 11:10:19 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/02 11:10:15 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/11 10:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 14:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/05 01:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/22 15:21:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/01/10 02:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/04 18:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 19:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 20:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/07/02 21:38:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\carol\Desktop\OTL.exe
MOD - [2010/07/02 11:11:46 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/02 11:10:19 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/02 11:10:15 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/07/02 11:11:42 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/02 11:11:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/02 11:10:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/22 15:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 15:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2009/03/27 11:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/26 15:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 15:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 15:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/03/20 17:38:00 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/03/11 11:55:36 | 002,077,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/22 15:21:38 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 12:07:26 | 000,059,952 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/01/03 12:07:24 | 000,018,480 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/01/03 12:07:24 | 000,016,432 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/12/11 10:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/07/30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/22 08:00:44 | 000,180,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/07/03 18:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/26 10:19:26 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 10:18:04 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/04/26 10:17:54 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/09 07:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/01/30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 21:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 1D CB 21 14 A0 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/07/02 12:09:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FCTBPos00Pos Class) - {8C7ADD44-D01F-4D04-B525-AE372B98AFD2} - C:\Program Files\ICN Gaming Bar\Toolbar.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICN Gaming Bar) - {30BF4CEA-A50C-4947-A685-48D697938BD3} - C:\Program Files\ICN Gaming Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICN Gaming Bar) - {30BF4CEA-A50C-4947-A685-48D697938BD3} - C:\Program Files\ICN Gaming Bar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fssui.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{028EF317-AEA5-5DD1-39F1-07711D62E7E8}] C:\Users\carol\AppData\Roaming\Geygt\pybio.exe File not found
O4 - HKCU..\Run: [{ABCEAED5-2A50-DEB1-A804-35398C9B5088}] C:\Users\carol\AppData\Roaming\Weit\ciavo.exe File not found
O4 - Startup: C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\carol\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\carol\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/13 12:55:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{257da89f-2830-11dd-b851-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{257da89f-2830-11dd-b851-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/07/13 12:55:00 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6d30d3dd-0416-11df-8ef9-001eec494393}\Shell\AutoRun\command - "" = F:\tip2go\tescoip.exe -- File not found
O33 - MountPoints2\{6d30d3dd-0416-11df-8ef9-001eec494393}\Shell\tip2go\command - "" = F:\tip2go\tescoip.exe -- File not found
O33 - MountPoints2\{6d30d440-0416-11df-8ef9-001eec494393}\Shell - "" = AutoRun
O33 - MountPoints2\{6d30d440-0416-11df-8ef9-001eec494393}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{6d30d4cb-0416-11df-8ef9-001eec494393}\Shell - "" = AutoRun
O33 - MountPoints2\{6d30d4cb-0416-11df-8ef9-001eec494393}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{d74d7a13-0851-11df-b149-001eec494393}\Shell - "" = AutoRun
O33 - MountPoints2\{d74d7a13-0851-11df-b149-001eec494393}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{d74d7a15-0851-11df-b149-001eec494393}\Shell - "" = AutoRun
O33 - MountPoints2\{d74d7a15-0851-11df-b149-001eec494393}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/02 21:38:26 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\carol\Desktop\OTL.exe
[2010/07/02 20:48:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/02 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/02 20:46:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\carol\Desktop\erunt_setup.exe
[2010/07/02 20:30:12 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\carol\Desktop\TFC.exe
[2010/07/02 18:40:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/02 18:10:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\carol\Desktop\mbam-setup-1.46.exe
[2010/07/02 12:09:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/02 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\carol\AppData\Roaming\Defense Center
[2010/07/02 11:11:44 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/02 11:11:40 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/02 11:11:36 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/02 11:11:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/07/02 11:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/07/02 11:10:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/02 11:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/02 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/08 13:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMITICOAV
[2010/06/08 13:34:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\f9f0b00
[2010/06/08 13:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/09 06:40:59 | 000,000,000 | ---D | C] -- C:\Users\carol\AppData\Roaming\Oqup

========== Files - Modified Within 90 Days ==========

[2010/07/02 21:47:21 | 002,883,584 | -HS- | M] () -- C:\Users\carol\ntuser.dat
[2010/07/02 21:44:09 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{489A4867-CA35-4851-AC7E-223E40B6F4DB}.job
[2010/07/02 21:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/02 21:38:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\carol\Desktop\OTL.exe
[2010/07/02 21:37:43 | 003,725,496 | ---- | M] () -- C:\Users\carol\Desktop\george.exe.exe
[2010/07/02 21:08:21 | 002,304,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/02 21:08:21 | 000,980,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/02 21:08:21 | 000,004,884 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/02 21:03:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/02 21:03:04 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\PersonalAV.job
[2010/07/02 21:03:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 20:48:13 | 000,000,737 | ---- | M] () -- C:\Users\carol\Desktop\NTREGOPT.lnk
[2010/07/02 20:48:13 | 000,000,718 | ---- | M] () -- C:\Users\carol\Desktop\ERUNT.lnk
[2010/07/02 20:46:33 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\carol\Desktop\erunt_setup.exe
[2010/07/02 20:40:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:40:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/02 20:39:32 | 3210,723,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/02 20:37:57 | 000,524,288 | -HS- | M] () -- C:\Users\carol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/02 20:37:57 | 000,065,536 | -HS- | M] () -- C:\Users\carol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/02 20:30:15 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\carol\Desktop\TFC.exe
[2010/07/02 19:59:56 | 002,414,610 | -H-- | M] () -- C:\Users\carol\AppData\Local\IconCache.db
[2010/07/02 18:32:46 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/07/02 18:32:46 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/02 18:11:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 18:10:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\carol\Desktop\mbam-setup-1.46.exe
[2010/07/02 17:51:24 | 000,001,356 | ---- | M] () -- C:\Users\carol\AppData\Local\d3d9caps.dat
[2010/07/02 12:09:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/07/02 11:19:05 | 000,001,623 | ---- | M] () -- C:\Users\carol\Desktop\Computer.lnk
[2010/07/02 11:11:46 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/02 11:11:46 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/02 11:11:42 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/02 11:11:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/02 11:11:36 | 061,580,418 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/02 11:11:36 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/02 11:10:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/02 00:44:29 | 143,400,457 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/11 11:45:49 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 11:45:49 | 000,262,144 | ---- | M] () -- C:\ProgramData\NTUSER.DAT
[2010/06/11 11:45:49 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TM.blf
[2010/06/10 20:47:12 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 20:47:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 20:47:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 20:47:10 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TM.blf
[2010/06/09 12:44:16 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/04/30 08:15:25 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 20:42:42 | 000,001,959 | ---- | M] () -- C:\Users\carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/07/02 21:37:43 | 003,725,496 | ---- | C] () -- C:\Users\carol\Desktop\george.exe.exe
[2010/07/02 20:48:13 | 000,000,737 | ---- | C] () -- C:\Users\carol\Desktop\NTREGOPT.lnk
[2010/07/02 20:48:13 | 000,000,718 | ---- | C] () -- C:\Users\carol\Desktop\ERUNT.lnk
[2010/07/02 19:09:46 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{489A4867-CA35-4851-AC7E-223E40B6F4DB}.job
[2010/07/02 18:22:07 | 3210,723,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/02 11:11:46 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/02 11:11:36 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/02 11:11:35 | 061,580,418 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/02 04:20:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/07/02 04:20:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/06/10 20:47:12 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 20:47:12 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 20:47:12 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a8c-747c-11df-ad2f-001eec494393}.TM.blf
[2010/06/10 20:47:10 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 20:47:10 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 20:47:10 | 000,262,144 | ---- | C] () -- C:\ProgramData\NTUSER.DAT
[2010/06/10 20:47:10 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{7f221a7a-747c-11df-ad2f-001eec494393}.TM.blf
[2010/06/10 20:47:10 | 000,005,120 | -H-- | C] () -- C:\ProgramData\NTUSER.DAT.LOG1
[2010/06/10 20:47:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\NTUSER.DAT.LOG2
[2010/06/08 13:34:30 | 000,001,623 | ---- | C] () -- C:\Users\carol\Desktop\Computer.lnk
[2010/04/21 20:42:42 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/04/21 20:42:42 | 000,001,959 | ---- | C] () -- C:\Users\carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/04/21 20:38:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 20:38:14 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/01/03 00:56:27 | 000,000,162 | ---- | C] () -- C:\Windows\System32\pinf.sys
[2009/01/03 00:44:30 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jRegistryKey.dll
[2009/01/03 00:44:19 | 000,000,321 | -HS- | C] () -- C:\Windows\System32\3571627886.sys
[2008/08/15 21:49:02 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/15 21:49:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/15 21:45:49 | 000,040,960 | ---- | C] () -- C:\Windows\unTH83_.dll
[2008/05/22 20:40:59 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/05/22 20:40:55 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/03/20 19:25:45 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/20 17:48:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/20 17:44:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/20 17:25:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/20 17:00:24 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/20 17:00:24 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/03/20 17:00:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/03/20 17:00:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/02/07 22:12:11 | 000,000,000 | -HSD | M] -- C:\Users\carol\AppData\Roaming\.#
[2008/03/20 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Acer GameZone Console
[2001/01/13 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Afesax
[2008/08/15 04:50:30 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Big Fish Games
[2001/01/17 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Bowyy
[2010/07/02 11:31:32 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Defense Center
[2008/08/20 02:23:39 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Gaijin Ent
[2010/07/02 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Geygt
[2009/01/03 12:11:07 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\iWin
[2010/07/02 19:27:35 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Izobhy
[2009/06/13 08:27:53 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\LG Electronics
[2008/10/01 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Nokia
[2008/10/01 18:43:31 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Nokia Multimedia Player
[2001/01/18 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Oqup
[2008/09/29 12:17:51 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\PC Suite
[2008/08/15 02:55:42 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\PlayFirst
[2008/09/02 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Shareaza
[2010/01/20 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Tatara Systems
[2008/08/21 05:34:20 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Template
[2010/07/02 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Weit
[2008/10/07 10:15:41 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Windows Live Writer
[2008/10/03 13:02:57 | 000,000,000 | ---D | M] -- C:\Users\carol\AppData\Roaming\Zylom
[2010/07/02 21:03:04 | 000,000,226 | ---- | M] () -- C:\Windows\Tasks\PersonalAV.job
[2010/07/02 21:02:02 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/02 21:44:09 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{489A4867-CA35-4851-AC7E-223E40B6F4DB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/20 17:39:30 | 000,699,114 | ---- | M] () -- C:\bknowsetup.log
[2008/01/21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/03/20 17:01:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/08 12:36:56 | 000,000,907 | ---- | M] () -- C:\fb20100608.log
[2010/07/02 20:39:32 | 3210,723,328 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/24 14:52:10 | 000,000,091 | ---- | M] () -- C:\MCEDS.log
[2009/08/24 14:50:16 | 000,000,091 | ---- | M] () -- C:\MDisc.log
[2009/08/24 14:50:53 | 000,000,091 | ---- | M] () -- C:\MDR.log
[2010/07/02 20:39:31 | 3524,517,888 | -HS- | M] () -- C:\pagefile.sys
[2009/08/24 14:51:43 | 000,000,091 | ---- | M] () -- C:\PMovie.log
[2009/08/24 14:51:20 | 000,000,437 | ---- | M] () -- C:\PowerDV.log
[2009/11/15 16:59:13 | 000,000,473 | ---- | M] () -- C:\rarreg.key
[2008/05/22 20:05:15 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2009/08/24 14:52:05 | 000,000,090 | ---- | M] () -- C:\SDMA.log
[2008/03/20 17:39:30 | 000,000,032 | ---- | M] () -- C:\setup.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/01/21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-05 22:09:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 16 bytes -> C:\Users\carol\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:45FE2B4E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:FC420CE6
< End of report >
  • 0

#9
tina12580
Posted 03 July 2010 - 02:19 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
combo fix log

ComboFix 10-07-01.02 - carol 02/07/2010 22:00:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3061.1835 [GMT 1:00]
Running from: c:\users\carol\Desktop\george.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\programdata\f9f0b00
c:\programdata\f9f0b00\121307.reg
c:\programdata\f9f0b00\814266.reg
c:\programdata\f9f0b00\846.mof
c:\programdata\f9f0b00\BackUp\Empowering Technology Launcher.lnk
c:\programdata\f9f0b00\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\programdata\f9f0b00\mcp.ico
c:\programdata\f9f0b00\SMAV.ico
c:\programdata\f9f0b00\SMAVSys\vd952342.bd
c:\users\carol\AppData\Roaming\.#
c:\users\carol\AppData\Roaming\.#\MBX@D34@1782990.###
c:\users\carol\AppData\Roaming\.#\MBX@D34@17829C0.###
c:\users\carol\AppData\Roaming\.#\MBX@D34@17829F0.###
c:\users\carol\AppData\Roaming\.#\MBX@DC8@262990.###
c:\users\carol\AppData\Roaming\.#\MBX@DC8@2629C0.###
c:\users\carol\AppData\Roaming\.#\MBX@DC8@2629F0.###
c:\users\carol\AppData\Roaming\Geygt\pybio.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\My Music.url
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.tmp
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\carol\AppData\Roaming\Weit\ciavo.exe
c:\users\Guest\AppData\Roaming\.#
c:\users\Guest\AppData\Roaming\.#\MBX@12B4@362990.###
c:\users\Guest\AppData\Roaming\.#\MBX@12B4@3629C0.###
c:\users\Guest\AppData\Roaming\.#\MBX@12B4@3629F0.###
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd
-------\Service_NdisrdMP


((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 21:10 . 2010-07-02 21:13 -------- d-----w- c:\users\carol\AppData\Local\temp
2010-07-02 21:10 . 2010-07-02 21:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-02 19:48 . 2010-07-02 19:48 -------- d-----w- c:\program files\ERUNT
2010-07-02 17:40 . 2010-07-02 17:40 -------- d-----w- C:\$AVG
2010-07-02 11:09 . 2010-07-02 11:09 -------- d-----w- C:\_OTL
2010-07-02 10:31 . 2010-07-02 10:31 -------- d-----w- c:\users\carol\AppData\Roaming\Defense Center
2010-07-02 10:11 . 2010-07-02 10:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-02 10:11 . 2010-07-02 10:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-02 10:11 . 2010-07-02 10:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-02 10:11 . 2010-07-02 10:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-02 10:11 . 2010-07-02 10:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-07-02 10:10 . 2010-07-02 10:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 10:08 . 2010-07-02 10:08 -------- d-----w- c:\program files\AVG
2010-07-02 10:08 . 2010-07-02 10:13 -------- d-----w- c:\programdata\avg9
2010-06-08 12:34 . 2010-06-08 12:34 -------- d-sh--w- c:\programdata\SMITICOAV
2010-06-08 12:06 . 2010-06-08 12:06 -------- d-----w- c:\windows\Sun
2010-06-05 14:12 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 18:27 . 2001-01-06 21:06 -------- d-----w- c:\users\carol\AppData\Roaming\Izobhy
2010-07-02 17:40 . 2001-01-13 18:51 -------- d-----w- c:\users\carol\AppData\Roaming\Weit
2010-07-02 17:40 . 2009-04-15 08:17 -------- d-----w- c:\users\carol\AppData\Roaming\Geygt
2010-07-02 17:39 . 2008-09-13 11:42 -------- d-----w- c:\program files\Google
2010-07-02 17:11 . 2009-08-24 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 16:51 . 2009-05-21 13:53 1356 ----a-w- c:\users\carol\AppData\Local\d3d9caps.dat
2010-06-11 10:45 . 2010-06-10 19:47 262144 ----a-w- c:\programdata\NTUSER.DAT
2010-05-21 13:14 . 2009-10-02 19:59 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 10:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-18 10:03 . 2008-03-20 17:22 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 14:39 . 2009-08-24 17:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-08-24 17:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-02 23:44 . 2009-01-02 23:44 321 --sh--w- c:\windows\System32\3571627886.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7ADD44-D01F-4D04-B525-AE372B98AFD2}]
2009-01-31 22:14 1249792 ----a-w- c:\program files\ICN Gaming Bar\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30BF4CEA-A50C-4947-A685-48D697938BD3}"= "c:\program files\ICN Gaming Bar\Toolbar.dll" [2009-01-31 1249792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{30bf4cea-a50c-4947-a685-48d697938bd3}]
[HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30BF4CEA-A50C-4947-A685-48D697938BD3}"= "c:\program files\ICN Gaming Bar\Toolbar.dll" [2009-01-31 1249792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{30bf4cea-a50c-4947-a685-48d697938bd3}]
[HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-02 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
yvuwo.exe [2001-1-6 136782]

c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-20 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-02 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-02 243024]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-02 921440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-02 308136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 19:37]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 19:37]

2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{489A4867-CA35-4851-AC7E-223E40B6F4DB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.uk.acer.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-{028EF317-AEA5-5DD1-39F1-07711D62E7E8} - c:\users\carol\AppData\Roaming\Geygt\pybio.exe
HKCU-Run-{ABCEAED5-2A50-DEB1-A804-35398C9B5088} - c:\users\carol\AppData\Roaming\Weit\ciavo.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-fssui - c:\program files\Windows Live\Family Safety\fssui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 22:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1444)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-07-02 22:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-02 21:20

Pre-Run: 20,418,195,456 bytes free
Post-Run: 20,088,356,864 bytes free

- - End Of File - - F5330C93FCA72B333B02DA1EC73C9D13
  • 0

#10
RKinner
Posted 03 July 2010 - 07:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe
C:\Windows\tasks\PersonalAV.job

Folder::
c:\users\carol\AppData\Roaming\Izobhy
c:\users\carol\AppData\Roaming\Weit
c:\users\carol\AppData\Roaming\Geygt

RootKit::
C:\Windows\System32\3571627886.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7ADD44-D01F-4D04-B525-AE372B98AFD2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30BF4CEA-A50C-4947-A685-48D697938BD3}"=-
[-HKEY_CLASSES_ROOT\clsid\{30bf4cea-a50c-4947-a685-48d697938bd3}]
[-HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[-HKEY_CLASSES_ROOT\FCTB000059033.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30BF4CEA-A50C-4947-A685-48D697938BD3}"=-




******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Copy (Highlight and Ctrl + c) the next line.

http://www.bitdefend...nline/free.html

Close all programs and browsers. Right click and select Run As Administrator on IE or FireFox icon on your desktop and then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter.


I'm particularly interested in any files it can't find or can't scan.


Ron
  • 0

Advertisements

#11
tina12580
Posted 03 July 2010 - 11:33 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 10-07-01.02 - carol 03/07/2010 15:35:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3061.1766 [GMT 1:00]
Running from: c:\users\carol\Desktop\george.exe.exe
Command switches used :: c:\users\carol\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe"
"c:\windows\tasks\PersonalAV.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\carol\AppData\Roaming\Geygt
c:\users\carol\AppData\Roaming\Izobhy
c:\users\carol\AppData\Roaming\Weit
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd


((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 14:41 . 2010-07-03 14:44 -------- d-----w- c:\users\carol\AppData\Local\temp
2010-07-03 14:41 . 2010-07-03 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-03 14:41 . 2010-07-03 14:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-03 14:41 . 2010-07-03 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-03 14:33 . 2010-07-03 14:33 -------- d-----w- C:\32788R22FWJFW
2010-07-02 19:48 . 2010-07-02 19:48 -------- d-----w- c:\program files\ERUNT
2010-07-02 17:40 . 2010-07-02 17:40 -------- d-----w- C:\$AVG
2010-07-02 11:09 . 2010-07-02 11:09 -------- d-----w- C:\_OTL
2010-07-02 10:31 . 2010-07-02 10:31 -------- d-----w- c:\users\carol\AppData\Roaming\Defense Center
2010-07-02 10:11 . 2010-07-02 10:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-02 10:11 . 2010-07-02 10:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-02 10:11 . 2010-07-02 10:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-02 10:11 . 2010-07-03 14:00 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-02 10:11 . 2010-07-02 10:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-07-02 10:10 . 2010-07-02 10:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 10:08 . 2010-07-02 10:08 -------- d-----w- c:\program files\AVG
2010-07-02 10:08 . 2010-07-02 10:13 -------- d-----w- c:\programdata\avg9
2010-06-08 12:34 . 2010-06-08 12:34 -------- d-sh--w- c:\programdata\SMITICOAV
2010-06-08 12:06 . 2010-06-08 12:06 -------- d-----w- c:\windows\Sun
2010-06-05 14:12 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 17:39 . 2008-09-13 11:42 -------- d-----w- c:\program files\Google
2010-07-02 17:11 . 2009-08-24 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 16:51 . 2009-05-21 13:53 1356 ----a-w- c:\users\carol\AppData\Local\d3d9caps.dat
2010-06-11 10:45 . 2010-06-10 19:47 262144 ----a-w- c:\programdata\NTUSER.DAT
2010-05-21 13:14 . 2009-10-02 19:59 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 10:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-18 10:03 . 2008-03-20 17:22 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 14:39 . 2009-08-24 17:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-08-24 17:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-02 23:44 . 2009-01-02 23:44 321 --sh--w- c:\windows\System32\3571627886.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-02 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-20 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-02 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-02 243024]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-02 921440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-02 308136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 19:37]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 19:37]

2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{489A4867-CA35-4851-AC7E-223E40B6F4DB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.uk.acer.yahoo.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 15:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(936)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-07-03 15:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 14:51
ComboFix2.txt 2010-07-02 21:20

Pre-Run: 20,318,318,592 bytes free
Post-Run: 20,455,759,872 bytes free

- - End Of File - - 711753DD66528DFE4AEE9E7883CDA031
  • 0

#12
tina12580
Posted 03 July 2010 - 11:35 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
16:00:39:222 1104 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
16:00:39:222 1104 ================================================================================
16:00:39:222 1104 SystemInfo:

16:00:39:222 1104 OS Version: 6.0.6001 ServicePack: 1.0
16:00:39:222 1104 Product type: Workstation
16:00:39:222 1104 ComputerName: CAROL-PC
16:00:39:222 1104 UserName: carol
16:00:39:222 1104 Windows directory: C:\Windows
16:00:39:222 1104 System windows directory: C:\Windows
16:00:39:222 1104 Processor architecture: Intel x86
16:00:39:222 1104 Number of processors: 2
16:00:39:222 1104 Page size: 0x1000
16:00:39:222 1104 Boot type: Normal boot
16:00:39:222 1104 ================================================================================
16:00:58:581 1104 Initialize success
16:00:58:581 1104
16:00:58:581 1104 Scanning Services ...
16:00:59:611 1104 Raw services enum returned 443 services
16:00:59:611 1104
16:00:59:611 1104 Scanning Drivers ...
16:01:00:625 1104 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:01:00:687 1104 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:01:00:734 1104 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:01:00:765 1104 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:01:00:796 1104 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:01:00:874 1104 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
16:01:00:952 1104 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
16:01:00:999 1104 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:01:01:030 1104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:01:01:046 1104 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:01:01:077 1104 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:01:01:093 1104 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:01:01:124 1104 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:01:01:155 1104 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:01:01:186 1104 ApfiltrService (0a0fbc30de483233124cdaef8e5cbcdd) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:01:01:218 1104 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:01:01:249 1104 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:01:01:280 1104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:01:327 1104 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:01:01:374 1104 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
16:01:01:467 1104 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
16:01:01:498 1104 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
16:01:01:561 1104 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
16:01:01:608 1104 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:01:01:623 1104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:01:01:654 1104 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:01:01:701 1104 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
16:01:01:732 1104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:01:01:748 1104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:01:01:795 1104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:01:01:826 1104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:01:01:857 1104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:01:01:888 1104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:01:01:920 1104 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:01:01:951 1104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:01:02:013 1104 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:01:02:029 1104 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:01:02:076 1104 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:01:02:107 1104 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:02:122 1104 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:01:02:169 1104 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:01:02:216 1104 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:01:02:247 1104 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:01:02:294 1104 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
16:01:02:341 1104 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:01:02:388 1104 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
16:01:02:434 1104 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
16:01:02:466 1104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:01:02:512 1104 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:01:02:559 1104 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:01:02:622 1104 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:01:02:668 1104 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:01:02:715 1104 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:01:02:746 1104 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:01:02:778 1104 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:01:02:809 1104 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:01:02:887 1104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:01:02:918 1104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:01:02:949 1104 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:03:012 1104 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:01:03:058 1104 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
16:01:03:074 1104 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:03:105 1104 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:01:03:136 1104 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:01:03:168 1104 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:01:03:199 1104 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:01:03:230 1104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:01:03:261 1104 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
16:01:03:277 1104 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:01:03:339 1104 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:01:03:386 1104 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:01:03:448 1104 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:01:03:526 1104 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:01:03:589 1104 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:01:03:620 1104 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:01:03:698 1104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:01:03:729 1104 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:01:03:823 1104 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:01:03:870 1104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:01:03:979 1104 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
16:01:04:088 1104 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
16:01:04:166 1104 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:01:04:197 1104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:04:213 1104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:04:260 1104 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:01:04:306 1104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:01:04:338 1104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:01:04:369 1104 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:01:04:400 1104 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:01:04:431 1104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:01:04:462 1104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:01:04:509 1104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:01:04:525 1104 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
16:01:04:556 1104 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
16:01:04:650 1104 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:01:04:696 1104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:04:728 1104 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:01:04:743 1104 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:01:04:774 1104 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:01:04:821 1104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:01:04:852 1104 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:01:04:868 1104 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:01:04:899 1104 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:01:04:930 1104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:01:04:962 1104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:01:05:008 1104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:01:05:040 1104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
16:01:05:086 1104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:01:05:118 1104 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:01:05:133 1104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:01:05:164 1104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:01:05:196 1104 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:01:05:242 1104 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:05:274 1104 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:05:305 1104 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:05:352 1104 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:01:05:383 1104 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:01:05:414 1104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:01:05:445 1104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:01:05:476 1104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:05:508 1104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:05:523 1104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:01:05:554 1104 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:01:05:586 1104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:01:05:617 1104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:01:05:664 1104 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:01:05:710 1104 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:05:820 1104 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:01:05:866 1104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:05:898 1104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:05:913 1104 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:05:944 1104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:01:06:007 1104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:01:06:085 1104 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:01:06:132 1104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:01:06:178 1104 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
16:01:06:225 1104 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
16:01:06:241 1104 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
16:01:06:272 1104 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
16:01:06:288 1104 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:01:06:334 1104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:01:06:397 1104 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:01:06:428 1104 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:01:06:459 1104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:01:06:490 1104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:01:06:522 1104 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:01:06:537 1104 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:01:06:568 1104 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:01:06:631 1104 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:01:06:662 1104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:01:06:740 1104 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:01:06:787 1104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:01:06:849 1104 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
16:01:06:880 1104 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:01:06:927 1104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:01:06:974 1104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:01:07:021 1104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:01:07:052 1104 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:01:07:114 1104 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:01:07:161 1104 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
16:01:07:192 1104 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
16:01:07:208 1104 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
16:01:07:286 1104 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:01:07:333 1104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:01:07:364 1104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:01:07:411 1104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:01:07:426 1104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:07:458 1104 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:07:473 1104 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:01:07:551 1104 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:01:07:582 1104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:07:614 1104 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:01:07:645 1104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:01:07:692 1104 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:01:07:723 1104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:01:07:770 1104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:01:07:801 1104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:01:07:832 1104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:01:07:863 1104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:01:07:910 1104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:01:07:941 1104 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:01:07:972 1104 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:01:07:988 1104 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:01:08:019 1104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:01:08:050 1104 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:01:08:097 1104 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:01:08:128 1104 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:01:08:206 1104 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:01:08:238 1104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:01:08:284 1104 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
16:01:08:316 1104 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
16:01:08:362 1104 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
16:01:08:394 1104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:01:08:409 1104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:01:08:440 1104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:01:08:472 1104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:01:08:612 1104 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
16:01:08:674 1104 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
16:01:08:706 1104 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:01:08:737 1104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:01:08:768 1104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:01:08:846 1104 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:01:08:893 1104 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
16:01:08:924 1104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:01:08:955 1104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:01:09:002 1104 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:01:09:033 1104 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:01:09:064 1104 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:01:09:096 1104 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:01:09:127 1104 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:01:09:158 1104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:01:09:205 1104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:01:09:236 1104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:01:09:283 1104 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
16:01:09:314 1104 usbbus (3cd48971e76bfa457d7a75e58cd48edc) C:\Windows\system32\DRIVERS\lgusbbus.sys
16:01:09:361 1104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:01:09:408 1104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:01:09:454 1104 UsbDiag (46ba8ded8d1439f362cbfe22d132200e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
16:01:09:486 1104 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:01:09:517 1104 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:01:09:564 1104 USBModem (c828cbd0a15380020443945b975eb701) C:\Windows\system32\DRIVERS\lgusbmodem.sys
16:01:09:579 1104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:01:09:610 1104 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:01:09:673 1104 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:01:09:688 1104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:01:09:720 1104 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:01:09:782 1104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:01:09:829 1104 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:01:09:844 1104 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:01:09:876 1104 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:01:09:938 1104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:01:10:032 1104 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:01:10:110 1104 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:01:10:172 1104 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:01:10:203 1104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:01:10:250 1104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:10:250 1104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:10:281 1104 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:01:10:375 1104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:01:10:437 1104 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:01:10:500 1104 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:01:10:546 1104 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:01:10:593 1104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:01:10:624 1104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:01:10:640 1104 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
16:01:10:656 1104
16:01:10:656 1104 Completed
16:01:10:656 1104
16:01:10:656 1104 Results:
16:01:10:656 1104 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:01:10:656 1104 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:01:10:656 1104
16:01:10:656 1104 KLMD(ARK) unloaded successfully
  • 0

#13
tina12580
Posted 03 July 2010 - 11:43 AM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
BitDefender Online Scanner



Scan report generated at: Sat, Jul 03, 2010 - 17:15:01





Scan path: C:\;D:\;E:\;







Statistics

Time
01:07:06

Files
269644

Folders
19600

Boot Sectors
0

Archives
3327

Packed Files
11409




Results

Identified Viruses
4

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
1

Deleted Files
3




Engines Info

Virus Definitions
6368441

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Qoobox\Quarantine\C\ProgramData\f9f0b00\846.mof.vir
Infected with: Trojan.FakeAV.LAJ

C:\Qoobox\Quarantine\C\ProgramData\f9f0b00\846.mof.vir
Deleted

C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe.vir
Infected with: Gen:Variant.TDss.18

C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yvuwo.exe.vir
Deleted

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\i8042prt.sys.vir
Infected with: Rootkit.Patched.TDSS.Gen

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\i8042prt.sys.vir
Disinfected

C:\Users\carol\Downloads\Magic_ISO_Maker_v5.4.zip=>keygen.exe
Infected with: Trojan.Generic.3107658

C:\Users\carol\Downloads\Magic_ISO_Maker_v5.4.zip=>keygen.exe
Deleted

C:\Users\carol\Downloads\Magic_ISO_Maker_v5.4.zip
Updated
  • 0

#14
RKinner
Posted 03 July 2010 - 02:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your logs look pretty clean now. Are you still having problems?

Ron
  • 0

#15
tina12580
Posted 03 July 2010 - 02:36 PM

tina12580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The laptop seems to be running great, thanks so much for your help, you've been great! I still have bing redirecting to findgala but apart from that everything is fine.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP