Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow, infected laptop

Started by LukeMcD , Oct 02 2011 02:01 PM

This topic is locked

#16
LukeMcD

Posted 15 October 2011 - 08:02 AM

Member

Topic Starter
Member
102 posts

OK here's my NORMAL login screen:

Posted Image

here's what comes up after clicking "repair your computer":

Posted Image

here's what happens when I use the username and password of the only account on the system:

Posted Image

#17
Amlak

Posted 16 October 2011 - 03:51 PM

Member 1K

Member
1,470 posts

Create a Windows System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
You now have a Windows System Repair Disc.

When you reboot you will see something like this. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

Bootrec.exe /FixMbr
Once finished type Exit

Reboot to normal windows and run aswMBR . Do a Scan with it and post the log (once again).

Edited by Amlak, 16 October 2011 - 04:24 PM.

#18
LukeMcD

Posted 18 October 2011 - 11:00 AM

Member

Topic Starter
Member
102 posts

"Windows cannot find recdisc.exe"

#19
Amlak

Posted 19 October 2011 - 04:39 PM

Member 1K

Member
1,470 posts

Download Windows Vista 32-bit (x86) Recovery Disc from here.

Then burn the CD Image (ISO file) to a disc. If you're unsure how, follow the instructions here.

Keep the disc inside the system and reboot.

When you reboot you will see something like this. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

Bootrec.exe /FixMbr
Once finished type Exit

Reboot to normal windows and run aswMBR . Do a Scan with it and post the log (once again).

Edited by Amlak, 19 October 2011 - 04:39 PM.

#20
LukeMcD

Posted 20 October 2011 - 01:27 PM

Member

Topic Starter
Member
102 posts

the link to the Windows Vista 32-bit (x86) Recovery Disc is broken

#21
Amlak

Posted 20 October 2011 - 03:43 PM

Member 1K

Member
1,470 posts

Go here, scroll down a tiny bit on that page, and you'll see a download link to the x86 file (i.e. Download Windows Vista 34-bit (x86) Recovery Disc).

Download it through there and continue on with my previous instruction set.

#22
LukeMcD

Posted 23 October 2011 - 12:02 PM

Member

Topic Starter
Member
102 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-07 20:19:41
-----------------------------
20:19:41.824 OS Version: Windows 6.0.6000
20:19:41.824 Number of processors: 1 586 0x1601
20:19:41.824 ComputerName: MARTAIN-PC UserName: Martain
20:21:18.734 Initialize success
20:21:52.102 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:21:52.464 Disk 0 Vendor: Hitachi_HTS542580K9SA00 BBBOC31P Size: 76319MB BusType: 3
20:21:54.470 Disk 0 MBR read successfully
20:21:54.801 Disk 0 MBR scan
20:21:54.807 Disk 0 TDL4@MBR code has been found
20:21:54.812 Disk 0 MBR hidden
20:21:54.816 Disk 0 MBR [TDL4] **ROOTKIT**
20:21:54.824 Disk 0 trace - called modules:
20:21:54.830 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x850404d0]<<
20:21:54.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a84700]
20:21:54.845 3 ntoskrnl.exe[820a80af] -> nt!IofCallDriver -> [0x84401928]
20:21:54.854 5 acpi.sys[8047b32a] -> nt!IofCallDriver -> [0x843ffbb0]
20:21:54.861 \Driver\atapi[0x85004c90] -> IRP_MJ_CREATE -> 0x850404d0
20:21:54.868 Scan finished successfully
20:23:19.829 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
20:23:20.840 The log file has been saved successfully to "F:\aswMBR.txt"

#23
Amlak

Posted 24 October 2011 - 06:49 PM

Member 1K

Member
1,470 posts

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed, it will create a log in the root directory (usually C:\).
Please post the contents of that log in your next reply.

#24
LukeMcD

Posted 25 October 2011 - 08:17 AM

Member

Topic Starter
Member
102 posts

14:48:55.0795 2816 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
14:48:58.0431 2816 ============================================================
14:48:58.0431 2816 Current date / time: 2011/10/25 14:48:58.0431
14:48:58.0431 2816 SystemInfo:
14:48:58.0431 2816
14:48:58.0431 2816 OS Version: 6.0.6000 ServicePack: 0.0
14:48:58.0431 2816 Product type: Workstation
14:48:58.0431 2816 ComputerName: MARTAIN-PC
14:48:58.0650 2816 UserName: Martain
14:48:58.0650 2816 Windows directory: C:\Windows
14:48:58.0650 2816 System windows directory: C:\Windows
14:48:58.0650 2816 Processor architecture: Intel x86
14:48:58.0650 2816 Number of processors: 1
14:48:58.0650 2816 Page size: 0x1000
14:48:58.0650 2816 Boot type: Normal boot
14:48:58.0650 2816 ============================================================
14:49:29.0101 2816 Initialize success
14:49:40.0114 3164 ============================================================
14:49:40.0114 3164 Scan started
14:49:40.0114 3164 Mode: Manual;
14:49:40.0114 3164 ============================================================
14:49:48.0133 3164 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
14:49:48.0414 3164 ACPI - ok
14:49:48.0726 3164 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:49:49.0849 3164 adp94xx - ok
14:49:50.0052 3164 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:49:50.0332 3164 adpahci - ok
14:49:50.0676 3164 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:49:51.0081 3164 adpu160m - ok
14:49:51.0502 3164 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:49:51.0596 3164 adpu320 - ok
14:49:51.0908 3164 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
14:49:51.0970 3164 AFD - ok
14:49:52.0189 3164 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:49:52.0204 3164 agp440 - ok
14:49:52.0267 3164 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:49:52.0329 3164 aic78xx - ok
14:49:52.0579 3164 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:49:52.0610 3164 aliide - ok
14:49:52.0641 3164 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:49:52.0657 3164 amdagp - ok
14:49:52.0672 3164 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:49:52.0688 3164 amdide - ok
14:49:52.0969 3164 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:49:52.0969 3164 AmdK7 - ok
14:49:53.0016 3164 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:49:53.0031 3164 AmdK8 - ok
14:49:53.0265 3164 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:49:53.0281 3164 ApfiltrService - ok
14:49:53.0640 3164 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:49:54.0170 3164 arc - ok
14:49:54.0342 3164 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:49:54.0794 3164 arcsas - ok
14:49:54.0950 3164 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
14:49:55.0746 3164 AsyncMac - ok
14:49:55.0948 3164 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
14:49:55.0964 3164 atapi - ok
14:49:56.0058 3164 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
14:49:56.0448 3164 athr - ok
14:49:56.0682 3164 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:49:56.0775 3164 b57nd60x - ok
14:49:57.0150 3164 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
14:49:57.0165 3164 Beep - ok
14:49:57.0555 3164 blbdrive - ok
14:49:58.0070 3164 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
14:49:58.0288 3164 bowser - ok
14:49:58.0600 3164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:49:58.0850 3164 BrFiltLo - ok
14:49:59.0037 3164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:49:59.0240 3164 BrFiltUp - ok
14:49:59.0458 3164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:50:04.0731 3164 Brserid - ok
14:50:04.0887 3164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:50:04.0950 3164 BrSerWdm - ok
14:50:05.0090 3164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:50:05.0106 3164 BrUsbMdm - ok
14:50:05.0230 3164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:50:05.0246 3164 BrUsbSer - ok
14:50:05.0605 3164 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:50:05.0901 3164 BTHMODEM - ok
14:50:06.0213 3164 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
14:50:06.0416 3164 cdfs - ok
14:50:06.0603 3164 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
14:50:06.0884 3164 cdrom - ok
14:50:07.0071 3164 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:50:07.0258 3164 circlass - ok
14:50:07.0414 3164 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
14:50:07.0664 3164 CLFS - ok
14:50:07.0882 3164 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
14:50:08.0116 3164 CmBatt - ok
14:50:08.0350 3164 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:50:08.0553 3164 cmdide - ok
14:50:08.0756 3164 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
14:50:08.0896 3164 Compbatt - ok
14:50:11.0923 3164 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:50:12.0188 3164 crcdisk - ok
14:50:12.0391 3164 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:50:12.0406 3164 Crusoe - ok
14:50:12.0484 3164 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
14:50:12.0516 3164 DfsC - ok
14:50:12.0828 3164 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
14:50:13.0124 3164 disk - ok
14:50:13.0280 3164 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
14:50:13.0576 3164 DKbFltr - ok
14:50:13.0732 3164 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
14:50:14.0466 3164 DritekPortIO - ok
14:50:14.0793 3164 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
14:50:15.0214 3164 drmkaud - ok
14:50:15.0433 3164 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
14:50:15.0464 3164 DXGKrnl - ok
14:50:15.0667 3164 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:50:15.0698 3164 E1G60 - ok
14:50:15.0760 3164 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
14:50:15.0776 3164 Ecache - ok
14:50:16.0010 3164 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:50:16.0010 3164 eeCtrl - ok
14:50:16.0400 3164 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:50:16.0462 3164 elxstor - ok
14:50:17.0071 3164 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:50:17.0071 3164 EraserUtilRebootDrv - ok
14:50:17.0305 3164 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
14:50:17.0336 3164 fastfat - ok
14:50:17.0773 3164 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:50:18.0038 3164 fdc - ok
14:50:18.0568 3164 fgdbiydf - ok
14:50:18.0958 3164 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
14:50:18.0990 3164 FileInfo - ok
14:50:19.0208 3164 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
14:50:19.0239 3164 Filetrace - ok
14:50:19.0348 3164 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:50:19.0738 3164 flpydisk - ok
14:50:20.0300 3164 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
14:50:20.0628 3164 FltMgr - ok
14:50:20.0986 3164 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
14:50:21.0018 3164 Fs_Rec - ok
14:50:21.0298 3164 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:50:21.0673 3164 gagp30kx - ok
14:50:21.0954 3164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:50:22.0344 3164 GEARAspiWDM - ok
14:50:22.0562 3164 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:50:22.0593 3164 HdAudAddService - ok
14:50:22.0656 3164 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:22.0687 3164 HDAudBus - ok
14:50:22.0687 3164 Suspicious service (NoAccess): hdsector
14:50:23.0139 3164 hdsector (51da1aabf3972711008915011f827ea5) C:\Windows\system32\hdsector.sys
14:50:23.0139 3164 Suspicious file (NoAccess): C:\Windows\system32\hdsector.sys. md5: 51da1aabf3972711008915011f827ea5
14:50:26.0680 3164 Suspicious file (Hidden): C:\Windows\system32\hdsector.sys. md5: 51da1aabf3972711008915011f827ea5
14:50:27.0133 3164 hdsector ( LockedService.Multi.Generic ) - warning
14:50:27.0133 3164 hdsector - detected LockedService.Multi.Generic (1)
14:50:27.0616 3164 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:50:27.0632 3164 HidBth - ok
14:50:28.0724 3164 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:50:28.0755 3164 HidIr - ok
14:50:33.0264 3164 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
14:50:33.0310 3164 HidUsb - ok
14:50:34.0184 3164 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:50:34.0246 3164 HpCISSs - ok
14:50:35.0682 3164 hrcvcibk - ok
14:50:36.0352 3164 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:50:37.0210 3164 HSFHWAZL - ok
14:50:38.0162 3164 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:50:38.0490 3164 HSF_DPV - ok
14:50:39.0067 3164 hsvzayol - ok
14:50:39.0738 3164 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:50:40.0003 3164 HSXHWAZL - ok
14:50:40.0736 3164 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
14:50:41.0251 3164 HTTP - ok
14:50:41.0672 3164 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:50:41.0937 3164 i2omp - ok
14:50:42.0514 3164 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
14:50:42.0811 3164 i8042prt - ok
14:50:44.0074 3164 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:50:44.0854 3164 iaStorV - ok
14:50:46.0867 3164 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:50:47.0569 3164 igfx - ok
14:50:48.0255 3164 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:50:48.0349 3164 iirsp - ok
14:50:49.0020 3164 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
14:50:49.0363 3164 int15 - ok
14:50:49.0987 3164 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
14:50:50.0767 3164 IntcAzAudAddService - ok
14:50:51.0584 3164 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\DRIVERS\intelide.sys
14:50:51.0644 3164 intelide - ok
14:50:52.0749 3164 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
14:50:53.0009 3164 intelppm - ok
14:50:54.0029 3164 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:54.0349 3164 IpFilterDriver - ok
14:50:55.0534 3164 IpInIp - ok
14:50:56.0294 3164 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:50:56.0674 3164 IPMIDRV - ok
14:50:57.0644 3164 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
14:50:57.0999 3164 IPNAT - ok
14:50:59.0589 3164 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
14:50:59.0889 3164 IRENUM - ok
14:51:00.0854 3164 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:51:01.0414 3164 isapnp - ok
14:51:03.0499 3164 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
14:51:04.0054 3164 iScsiPrt - ok
14:51:04.0709 3164 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:51:05.0054 3164 iteatapi - ok
14:51:06.0034 3164 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:51:06.0214 3164 iteraid - ok
14:51:07.0009 3164 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
14:51:07.0474 3164 kbdclass - ok
14:51:09.0079 3164 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
14:51:09.0424 3164 kbdhid - ok
14:51:10.0504 3164 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
14:51:11.0184 3164 KSecDD - ok
14:51:11.0769 3164 kxnxersm - ok
14:51:12.0364 3164 lbfuboxw - ok
14:51:13.0529 3164 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
14:51:13.0734 3164 lltdio - ok
14:51:14.0544 3164 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:51:14.0779 3164 LSI_FC - ok
14:51:16.0234 3164 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:51:16.0784 3164 LSI_SAS - ok
14:51:17.0304 3164 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:51:17.0659 3164 LSI_SCSI - ok
14:51:18.0084 3164 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
14:51:18.0674 3164 luafv - ok
14:51:19.0409 3164 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:51:19.0664 3164 MBAMProtector - ok
14:51:20.0474 3164 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:51:21.0004 3164 mdmxsdk - ok
14:51:21.0619 3164 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:51:21.0654 3164 megasas - ok
14:51:22.0834 3164 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
14:51:22.0869 3164 Modem - ok
14:51:23.0859 3164 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
14:51:24.0124 3164 monitor - ok
14:51:24.0654 3164 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
14:51:25.0189 3164 mouclass - ok
14:51:26.0049 3164 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
14:51:26.0389 3164 mouhid - ok
14:51:26.0954 3164 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
14:51:27.0269 3164 MountMgr - ok
14:51:27.0769 3164 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:51:28.0034 3164 MpFilter - ok
14:51:28.0809 3164 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:51:28.0859 3164 mpio - ok
14:51:29.0594 3164 MpKsl0bf0b4de - ok
14:51:31.0124 3164 MpKsl0cc83c6f (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl0cc83c6f.sys
14:51:31.0764 3164 MpKsl0cc83c6f - ok
14:51:32.0349 3164 MpKsl1a7ef16d - ok
14:51:32.0929 3164 MpKsl2cf0134b (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl2cf0134b.sys
14:51:33.0614 3164 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl2cf0134b.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
14:51:33.0619 3164 MpKsl2cf0134b ( ForgedFile.Multi.Generic ) - warning
14:51:33.0619 3164 MpKsl2cf0134b - detected ForgedFile.Multi.Generic (1)
14:51:34.0084 3164 MpKsl38f69197 - ok
14:51:34.0564 3164 MpKsl425ad906 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl425ad906.sys
14:51:34.0594 3164 MpKsl425ad906 - ok
14:51:35.0229 3164 MpKsl470d76c9 - ok
14:51:35.0729 3164 MpKsl4b027d58 - ok
14:51:36.0314 3164 MpKsl4faeb749 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl4faeb749.sys
14:51:36.0849 3164 MpKsl4faeb749 - ok
14:51:38.0694 3164 MpKsl50148d0f - ok
14:51:39.0049 3164 MpKsl527695ba - ok
14:51:39.0469 3164 MpKsl55d0abf5 - ok
14:51:39.0929 3164 MpKsl5b777f9f - ok
14:51:40.0309 3164 MpKsl6422714b - ok
14:51:40.0734 3164 MpKsl65a03027 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl65a03027.sys
14:51:40.0774 3164 MpKsl65a03027 - ok
14:51:41.0429 3164 MpKsl65aff1e3 - ok
14:51:41.0779 3164 MpKsl7fa15cee - ok
14:51:42.0064 3164 MpKsl80ff5f28 - ok
14:51:42.0339 3164 MpKsl9cf69675 - ok
14:51:42.0874 3164 MpKslacf43418 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKslacf43418.sys
14:51:42.0904 3164 MpKslacf43418 - ok
14:51:43.0459 3164 MpKsld00b7504 - ok
14:51:44.0034 3164 MpKsld29d8f0b - ok
14:51:44.0294 3164 MpKsle19d267c (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsle19d267c.sys
14:51:45.0789 3164 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsle19d267c.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
14:51:45.0794 3164 MpKsle19d267c ( ForgedFile.Multi.Generic ) - warning
14:51:45.0794 3164 MpKsle19d267c - detected ForgedFile.Multi.Generic (1)
14:51:46.0689 3164 MpKsle51785a3 - ok
14:51:47.0039 3164 MpKsle654493e - ok
14:51:47.0369 3164 MpKsleca350af (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsleca350af.sys
14:51:52.0324 3164 MpKsleca350af - ok
14:51:53.0569 3164 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:51:53.0849 3164 MpNWMon - ok
14:51:54.0999 3164 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
14:51:55.0059 3164 mpsdrv - ok
14:51:56.0209 3164 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:51:56.0254 3164 Mraid35x - ok
14:51:57.0949 3164 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
14:51:58.0289 3164 MRxDAV - ok
14:51:59.0179 3164 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:51:59.0579 3164 mrxsmb - ok
14:52:01.0004 3164 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:01.0414 3164 mrxsmb10 - ok
14:52:02.0319 3164 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:02.0634 3164 mrxsmb20 - ok
14:52:03.0484 3164 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
14:52:03.0569 3164 msahci - ok
14:52:05.0174 3164 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:52:05.0469 3164 msdsm - ok
14:52:06.0159 3164 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
14:52:06.0469 3164 Msfs - ok
14:52:07.0319 3164 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
14:52:07.0634 3164 msisadrv - ok
14:52:08.0294 3164 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:08.0619 3164 MSKSSRV - ok
14:52:09.0469 3164 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:09.0749 3164 MSPCLOCK - ok
14:52:10.0624 3164 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
14:52:10.0929 3164 MSPQM - ok
14:52:12.0749 3164 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
14:52:13.0079 3164 MsRPC - ok
14:52:13.0924 3164 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:14.0169 3164 mssmbios - ok
14:52:14.0649 3164 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
14:52:15.0074 3164 MSTEE - ok
14:52:15.0699 3164 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
14:52:16.0159 3164 Mup - ok
14:52:17.0039 3164 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:17.0589 3164 NativeWifiP - ok
14:52:18.0004 3164 nctsyppt - ok
14:52:18.0639 3164 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
14:52:19.0199 3164 NDIS - ok
14:52:19.0679 3164 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:20.0434 3164 NdisTapi - ok
14:52:20.0884 3164 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:21.0354 3164 Ndisuio - ok
14:52:21.0894 3164 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:22.0464 3164 NdisWan - ok
14:52:23.0544 3164 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
14:52:24.0014 3164 NDProxy - ok
14:52:24.0489 3164 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
14:52:24.0929 3164 NetBIOS - ok
14:52:25.0394 3164 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
14:52:25.0634 3164 netbt - ok
14:52:26.0299 3164 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:52:26.0539 3164 nfrd960 - ok
14:52:26.0949 3164 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
14:52:27.0229 3164 Npfs - ok
14:52:27.0614 3164 nrglnlwq - ok
14:52:28.0254 3164 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
14:52:28.0514 3164 nsiproxy - ok
14:52:29.0024 3164 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
14:52:29.0279 3164 Ntfs - ok
14:52:29.0669 3164 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:52:30.0034 3164 NTIDrvr - ok
14:52:30.0544 3164 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:52:30.0804 3164 ntrigdigi - ok
14:52:31.0169 3164 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
14:52:31.0694 3164 Null - ok
14:52:32.0149 3164 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:52:32.0449 3164 nvraid - ok
14:52:32.0884 3164 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:52:33.0174 3164 nvstor - ok
14:52:33.0649 3164 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:52:34.0339 3164 nv_agp - ok
14:52:34.0739 3164 NwlnkFlt - ok
14:52:35.0779 3164 NwlnkFwd - ok
14:52:36.0379 3164 ofbgxdne - ok
14:52:37.0639 3164 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:52:38.0219 3164 ohci1394 - ok
14:52:39.0219 3164 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:52:39.0444 3164 Parport - ok
14:52:40.0109 3164 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
14:52:40.0464 3164 partmgr - ok
14:52:41.0009 3164 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:52:41.0264 3164 Parvdm - ok
14:52:41.0694 3164 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
14:52:41.0969 3164 pci - ok
14:52:42.0859 3164 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
14:52:43.0079 3164 pciide - ok
14:52:43.0494 3164 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:52:43.0904 3164 pcmcia - ok
14:52:44.0349 3164 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:52:44.0609 3164 PEAUTH - ok
14:52:45.0279 3164 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:45.0514 3164 PptpMiniport - ok
14:52:46.0159 3164 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:52:46.0414 3164 Processor - ok
14:52:46.0824 3164 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
14:52:47.0284 3164 PSched - ok
14:52:47.0909 3164 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
14:52:48.0169 3164 PSDFilter - ok
14:52:48.0684 3164 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
14:52:48.0989 3164 PSDNServ - ok
14:52:49.0364 3164 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
14:52:50.0039 3164 psdvdisk - ok
14:52:50.0619 3164 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:52:51.0059 3164 PxHelp20 - ok
14:52:51.0379 3164 qeiaigaa - ok
14:52:51.0889 3164 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:52:52.0544 3164 ql2300 - ok
14:52:52.0979 3164 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:52:53.0434 3164 ql40xx - ok
14:52:53.0929 3164 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
14:52:54.0424 3164 QWAVEdrv - ok
14:52:54.0884 3164 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:55.0304 3164 RasAcd - ok
14:52:55.0829 3164 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:56.0309 3164 Rasl2tp - ok
14:52:56.0734 3164 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:57.0214 3164 RasPppoe - ok
14:52:58.0239 3164 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:58.0764 3164 rdbss - ok
14:52:59.0319 3164 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:59.0774 3164 RDPCDD - ok
14:53:00.0464 3164 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:53:01.0124 3164 rdpdr - ok
14:53:01.0474 3164 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
14:53:01.0889 3164 RDPENCDD - ok
14:53:02.0564 3164 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
14:53:03.0044 3164 RDPWD - ok
14:53:03.0939 3164 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
14:53:04.0364 3164 RimUsb - ok
14:53:04.0844 3164 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:53:05.0294 3164 RimVSerPort - ok
14:53:06.0249 3164 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
14:53:06.0699 3164 ROOTMODEM - ok
14:53:07.0609 3164 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
14:53:08.0009 3164 rspndr - ok
14:53:08.0594 3164 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:53:09.0339 3164 sbp2port - ok
14:53:10.0189 3164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:53:10.0624 3164 secdrv - ok
14:53:11.0329 3164 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:53:11.0819 3164 Serenum - ok
14:53:12.0389 3164 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:53:12.0859 3164 Serial - ok
14:53:13.0614 3164 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
14:53:14.0359 3164 sermouse - ok
14:53:15.0129 3164 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:53:15.0599 3164 sffdisk - ok
14:53:16.0799 3164 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:53:17.0419 3164 sffp_mmc - ok
14:53:18.0894 3164 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:53:19.0234 3164 sffp_sd - ok
14:53:20.0019 3164 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:53:20.0419 3164 sfloppy - ok
14:53:21.0604 3164 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:53:21.0874 3164 sisagp - ok
14:53:22.0314 3164 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:53:23.0134 3164 SiSRaid2 - ok
14:53:24.0569 3164 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:53:24.0944 3164 SiSRaid4 - ok
14:53:26.0014 3164 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
14:53:26.0384 3164 Smb - ok
14:53:27.0069 3164 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
14:53:27.0369 3164 spldr - ok
14:53:28.0204 3164 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
14:53:29.0184 3164 srv - ok
14:53:30.0204 3164 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
14:53:30.0649 3164 srv2 - ok
14:53:31.0559 3164 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
14:53:31.0874 3164 srvnet - ok
14:53:32.0899 3164 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
14:53:33.0379 3164 swenum - ok
14:53:34.0109 3164 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:53:34.0414 3164 Symc8xx - ok
14:53:35.0094 3164 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:53:35.0429 3164 Sym_hi - ok
14:53:36.0049 3164 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:53:36.0499 3164 Sym_u3 - ok
14:53:37.0049 3164 szmpqibw - ok
14:53:37.0864 3164 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
14:53:38.0699 3164 Tcpip - ok
14:53:39.0669 3164 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
14:53:40.0024 3164 Tcpip6 - ok
14:53:43.0029 3164 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
14:53:43.0564 3164 tcpipreg - ok
14:53:43.0999 3164 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
14:53:44.0544 3164 TDPIPE - ok
14:53:45.0089 3164 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
14:53:45.0654 3164 TDTCP - ok
14:53:46.0069 3164 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
14:53:46.0609 3164 tdx - ok
14:53:46.0979 3164 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
14:53:47.0304 3164 TermDD - ok
14:53:47.0929 3164 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:48.0619 3164 tssecsrv - ok
14:53:48.0984 3164 tsylpymq - ok
14:53:49.0484 3164 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
14:53:49.0949 3164 tunmp - ok
14:53:50.0489 3164 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
14:53:50.0869 3164 tunnel - ok
14:53:51.0529 3164 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:53:51.0869 3164 uagp35 - ok
14:53:52.0384 3164 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
14:53:52.0784 3164 udfs - ok
14:53:53.0514 3164 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:53:53.0914 3164 uliagpkx - ok
14:53:54.0519 3164 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:53:54.0944 3164 uliahci - ok
14:53:55.0524 3164 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:53:55.0739 3164 UlSata - ok
14:53:56.0499 3164 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:53:56.0914 3164 ulsata2 - ok
14:53:57.0574 3164 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
14:53:58.0404 3164 umbus - ok
14:53:59.0039 3164 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
14:53:59.0769 3164 USBAAPL - ok
14:54:00.0819 3164 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:01.0344 3164 usbccgp - ok
14:54:02.0194 3164 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:54:02.0744 3164 usbcir - ok
14:54:03.0134 3164 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
14:54:03.0674 3164 usbehci - ok
14:54:04.0419 3164 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
14:54:05.0269 3164 usbhub - ok
14:54:06.0294 3164 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:54:07.0954 3164 usbohci - ok
14:54:08.0404 3164 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:54:09.0289 3164 usbprint - ok
14:54:09.0939 3164 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:10.0539 3164 USBSTOR - ok
14:54:11.0019 3164 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
14:54:11.0859 3164 usbuhci - ok
14:54:12.0304 3164 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:12.0984 3164 vga - ok
14:54:13.0404 3164 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
14:54:14.0309 3164 VgaSave - ok
14:54:15.0049 3164 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:54:15.0819 3164 viaagp - ok
14:54:16.0384 3164 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:54:16.0934 3164 ViaC7 - ok
14:54:17.0544 3164 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:54:18.0424 3164 viaide - ok
14:54:18.0879 3164 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
14:54:19.0524 3164 volmgr - ok
14:54:20.0399 3164 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
14:54:21.0464 3164 volmgrx - ok
14:54:22.0039 3164 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
14:54:22.0684 3164 volsnap - ok
14:54:23.0509 3164 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:54:24.0724 3164 vsmraid - ok
14:54:26.0194 3164 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:54:27.0789 3164 WacomPen - ok
14:54:28.0504 3164 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:30.0714 3164 Wanarp - ok
14:54:31.0569 3164 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:33.0429 3164 Wanarpv6 - ok
14:54:34.0114 3164 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:54:34.0869 3164 Wd - ok
14:54:35.0264 3164 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
14:54:35.0924 3164 Wdf01000 - ok
14:54:36.0654 3164 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:54:37.0179 3164 winachsf - ok
14:54:38.0409 3164 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:54:39.0759 3164 WmiAcpi - ok
14:54:40.0439 3164 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
14:54:40.0889 3164 WpdUsb - ok
14:54:41.0274 3164 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
14:54:41.0879 3164 ws2ifsl - ok
14:54:42.0339 3164 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:43.0024 3164 WUDFRd - ok
14:54:44.0224 3164 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
14:54:44.0984 3164 XAudio - ok
14:54:46.0544 3164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:54:46.0599 3164 \Device\Harddisk0\DR0 - ok
14:54:46.0819 3164 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
14:54:52.0794 3164 \Device\Harddisk1\DR1 - ok
14:54:52.0824 3164 Boot (0x1200) (48519ffaeb34a08b74d8cb367224f239) \Device\Harddisk0\DR0\Partition0
14:54:52.0829 3164 \Device\Harddisk0\DR0\Partition0 - ok
14:54:53.0074 3164 Boot (0x1200) (f98cb5d0f6ec11f0ffef496826b0ad77) \Device\Harddisk0\DR0\Partition1
14:54:53.0074 3164 \Device\Harddisk0\DR0\Partition1 - ok
14:54:53.0279 3164 Boot (0x1200) (3966004aad5c5e07e6b16046c3c457e9) \Device\Harddisk1\DR1\Partition0
14:54:53.0279 3164 \Device\Harddisk1\DR1\Partition0 - ok
14:54:53.0284 3164 ============================================================
14:54:53.0284 3164 Scan finished
14:54:53.0284 3164 ============================================================
14:54:53.0304 3384 Detected object count: 3
14:54:53.0304 3384 Actual detected object count: 3

#25
Amlak

Posted 26 October 2011 - 03:16 PM

Member 1K

Member
1,470 posts

Download The Avenger by Swandog46 from Here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below between the dotted lines to the clipboard by highlighting it and then pressing Ctrl+C.
```
Files to delete:
C:\WINDOWS\system32\hdsector.sys
Drivers to delete:
hdsector.sys
hdsector
```
In the avenger window, click the Paste Script from Clipboard, button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

***

Download the latest version of ComboFix from here. Make sure you have it saved to the Desktop.

Then run it.

When done, paste the contents of the resultant log in your next reply.

#26
LukeMcD

Posted 28 October 2011 - 07:18 AM

Member

Topic Starter
Member
102 posts

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  could not open file "C:\WINDOWS\sytem32\hdsector.sys"
Deletion of file "C:\WINDOWS\sytem32\hdsector.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\hdsector.sys" not found!
Deletion of driver "hdsector.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Driver "hdsector" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

ComboFix 11-10-28.03 - Martain 28/10/2011  13:17:45.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.44.1033.18.1013.123 [GMT 1:00]
Running from: c:\users\Martain\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programdata\vc71Gx4F.exe
C:\sys920e.bin
C:\syst63e.bin
c:\users\Martain\AppData\Local\{2AAE53E8-258E-4B63-A156-108607283E21}
c:\users\Martain\AppData\Local\{2AAE53E8-258E-4B63-A156-108607283E21}\chrome.manifest
c:\users\Martain\AppData\Local\{2AAE53E8-258E-4B63-A156-108607283E21}\chrome\content\_cfg.js
c:\users\Martain\AppData\Local\{2AAE53E8-258E-4B63-A156-108607283E21}\chrome\content\overlay.xul
c:\users\Martain\AppData\Local\{2AAE53E8-258E-4B63-A156-108607283E21}\install.rdf
c:\users\Martain\AppData\Local\dbnsdfte.log
c:\users\Martain\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\Martain\AppData\Local\fteppexh.log
c:\users\Martain\AppData\Local\jiwfrnxf.log
c:\users\Martain\AppData\Local\rcqfcmpn.log
c:\users\Martain\AppData\Local\syjuatse.log
c:\users\Martain\AppData\Local\vuhmlici.log
c:\users\Martain\AppData\Roaming\Adobe\plugs
c:\users\Martain\AppData\Roaming\Adobe\shed
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Martain\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Martain\GoToAssistDownloadHelper.exe
c:\windows\Fonts\e28R26x.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-28 to 2011-10-28  )))))))))))))))))))))))))))))))
.
.
2011-10-28 12:55 . 2011-10-28 12:55	--------	d-----w-	c:\users\Martain\AppData\Local\temp
2011-10-28 12:55 . 2011-10-28 12:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-28 12:55 . 2011-10-28 12:55	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-10-28 12:03 . 2011-10-28 12:03	41680	----a-w-	c:\windows\system32\drivers\mdtnioqd.sys
2011-10-28 11:51 . 2011-10-28 11:51	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl2383d859.sys
2011-10-28 11:51 . 2011-10-28 11:51	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\offreg.dll
2011-10-28 11:44 . 2011-10-28 11:44	352	----a-w-	C:\avexport.bat
2011-10-23 17:59 . 2011-10-23 17:59	14720	----a-w-	c:\windows\system32\hdsector.sys
2011-10-09 15:14 . 2011-10-09 15:14	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl0cc83c6f.sys
2011-10-07 19:29 . 2011-10-07 19:29	41984	----a-w-	c:\windows\system32\vulmu.exe
2011-10-07 19:24 . 2011-10-07 19:24	--------	d-----w-	C:\_OTL
2011-10-01 13:43 . 2011-10-01 13:43	--------	d-----w-	c:\users\Martain\AppData\Local\AskToolbar
2011-09-30 09:16 . 2011-09-30 09:16	143360	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uxome.exe
2011-09-30 09:16 . 2011-09-30 09:16	143360	----a-w-	c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\huyn.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-09-26 16:12	7269712	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\mpengine.dll
2011-09-12 23:14 . 2010-06-10 16:11	7269712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 16:00 . 2011-08-02 12:11	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29	1490312	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2011-10-04 147464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
huyn.exe [2011-9-30 143360]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
uxome.exe [2011-9-30 143360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Martain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Martain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 11:38	40048	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 12:29	395144	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06	159744	----a-w-	c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-12 11:36	623888	----a-w-	c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33	573350	------w-	c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-01-02 17:06	166424	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-01-02 17:07	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 09:14	206112	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-07-16 05:51	768520	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16	997920	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-06-22 01:25	155648	----a-w-	c:\program files\Acer\Acer Arcade\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-01-02 17:07	133656	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 14:17	236016	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06	4669440	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-08 15:48	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 17:38	583048	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 21:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-07-31 13:15	1006264	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2011-10-04 16:50	147464	----a-w-	c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 fgdbiydf;fgdbiydf;c:\windows\system32\drivers\fgdbiydf.sys [x]
R1 hrcvcibk;hrcvcibk;c:\windows\system32\drivers\hrcvcibk.sys [x]
R1 hsvzayol;hsvzayol;c:\windows\system32\drivers\hsvzayol.sys [x]
R1 kxnxersm;kxnxersm;c:\windows\system32\drivers\kxnxersm.sys [x]
R1 lbfuboxw;lbfuboxw;c:\windows\system32\drivers\lbfuboxw.sys [x]
R1 mdtnioqd;mdtnioqd;c:\windows\system32\drivers\mdtnioqd.sys [2011-10-28 41680]
R1 MpKsl0bf0b4de;MpKsl0bf0b4de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33A5A340-C082-48F1-9BB7-3A047F7FACD0}\MpKsl0bf0b4de.sys [x]
R1 MpKsl0cc83c6f;MpKsl0cc83c6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl0cc83c6f.sys [2011-10-09 28752]
R1 MpKsl1a7ef16d;MpKsl1a7ef16d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33A5A340-C082-48F1-9BB7-3A047F7FACD0}\MpKsl1a7ef16d.sys [x]
R1 MpKsl2cf0134b;MpKsl2cf0134b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl2cf0134b.sys [2011-10-05 28752]
R1 MpKsl38f69197;MpKsl38f69197;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF6A108E-88F8-4F10-BCBF-221A89D98C98}\MpKsl38f69197.sys [x]
R1 MpKsl470d76c9;MpKsl470d76c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40F279B-EA86-4B8D-8A59-C52579D6DB97}\MpKsl470d76c9.sys [x]
R1 MpKsl4b027d58;MpKsl4b027d58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl4b027d58.sys [x]
R1 MpKsl50148d0f;MpKsl50148d0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl50148d0f.sys [x]
R1 MpKsl527695ba;MpKsl527695ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl527695ba.sys [x]
R1 MpKsl55d0abf5;MpKsl55d0abf5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3DEDED3-7CEA-4723-BC5C-BE80E13772C8}\MpKsl55d0abf5.sys [x]
R1 MpKsl5b777f9f;MpKsl5b777f9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3DEDED3-7CEA-4723-BC5C-BE80E13772C8}\MpKsl5b777f9f.sys [x]
R1 MpKsl6422714b;MpKsl6422714b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40F279B-EA86-4B8D-8A59-C52579D6DB97}\MpKsl6422714b.sys [x]
R1 MpKsl65aff1e3;MpKsl65aff1e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40F279B-EA86-4B8D-8A59-C52579D6DB97}\MpKsl65aff1e3.sys [x]
R1 MpKsl7fa15cee;MpKsl7fa15cee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1496EB84-D296-48FC-9E1E-78C8764D50BC}\MpKsl7fa15cee.sys [x]
R1 MpKsl80ff5f28;MpKsl80ff5f28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E7451B7-D7F2-4073-83D7-56A618313762}\MpKsl80ff5f28.sys [x]
R1 MpKsl8171da99;MpKsl8171da99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl8171da99.sys [2011-10-25 28752]
R1 MpKsl9cf69675;MpKsl9cf69675;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E7451B7-D7F2-4073-83D7-56A618313762}\MpKsl9cf69675.sys [x]
R1 MpKsld00b7504;MpKsld00b7504;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E7451B7-D7F2-4073-83D7-56A618313762}\MpKsld00b7504.sys [x]
R1 MpKsld29d8f0b;MpKsld29d8f0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E31799D-4F48-4F21-89EE-7D67BF4A9CD8}\MpKsld29d8f0b.sys [x]
R1 MpKsle19d267c;MpKsle19d267c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsle19d267c.sys [2011-10-01 28752]
R1 MpKsle51785a3;MpKsle51785a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4C964FC-6AC8-422E-98F9-455E6A3A9AA9}\MpKsle51785a3.sys [x]
R1 MpKsle654493e;MpKsle654493e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C205F55-72F9-4395-9CDE-F43BAC6A9AD6}\MpKsle654493e.sys [x]
R1 nctsyppt;nctsyppt;c:\windows\system32\drivers\nctsyppt.sys [x]
R1 nrglnlwq;nrglnlwq;c:\windows\system32\drivers\nrglnlwq.sys [x]
R1 ofbgxdne;ofbgxdne;c:\windows\system32\drivers\ofbgxdne.sys [x]
R1 qeiaigaa;qeiaigaa;c:\windows\system32\drivers\qeiaigaa.sys [x]
R1 szmpqibw;szmpqibw;c:\windows\system32\drivers\szmpqibw.sys [x]
R1 tsylpymq;tsylpymq;c:\windows\system32\drivers\tsylpymq.sys [x]
R2 vulmu;NVIDIA Display Srv;c:\windows\system32\vulmu.exe [2011-10-07 41984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S1 MpKsl2383d859;MpKsl2383d859;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1733BB72-7441-4F8C-8957-53FD41D58478}\MpKsl2383d859.sys [2011-10-28 28752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2383D859
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Martain\AppData\Roaming\Mozilla\Firefox\Profiles\ksagft2t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_UK&apn_uid=60DDF12B-76F8-42B5-970B-09C79539A2EF&apn_ptnrs=OE&apn_sauid=D66240B2-47E3-4EF0-A05D-DFB9CD329B50&apn_dtid=VIN007YYGB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Facebook Update - c:\users\Martain\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
HKU-Default-Run-QIjLeJwkSi.exe - c:\programdata\QIjLeJwkSi.exe
MSConfigStartUp-7GXX3W7H9U0C3HXBTVL - c:\ballantinex\A1E22D3FAB2.exe
MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Pposedoxiraki - c:\users\Martain\AppData\Local\rvecfs.dll
MSConfigStartUp-Security Protection - c:\users\Martain\AppData\Roaming\defender.exe
MSConfigStartUp-SetPanel - c:\acer\APanel\APanel.cmd
MSConfigStartUp-Spyware Protection - c:\users\Martain\AppData\Roaming\defender.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Wwasudu - c:\users\Martain\AppData\Local\iwixajij.dll
MSConfigStartUp-{2847DD1B-465C-426A-46BD-4598A29001AA} - c:\users\Martain\AppData\Roaming\Saviqo\ecep.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 13:55
Windows 6.0.6000  NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-28  14:13:29
ComboFix-quarantined-files.txt  2011-10-28 13:13
.
Pre-Run: 3,130,773,504 bytes free
Post-Run: 2,976,153,600 bytes free
.
- - End Of File - - ACC7BCF531D3AE1255AFD12E43C6BA71

#27
Amlak

Posted 29 October 2011 - 07:36 PM

Member 1K

Member
1,470 posts

Please uninstall Microsoft Security Essentials for now. I'll have you reinstall it later.

Delete the current copy of ComboFix.exe that's on your system and download the latest version from here. Make sure you have it saved to the Desktop.

Open Notepad and copy the text in the box below into the file:

KillAll::

Driver::
fgdbiydf
hrcvcibk
hsvzayol
kxnxersm
lbfuboxw
mdtnioqd
MpKsl0bf0b4de
MpKsl0cc83c6f
MpKsl1a7ef16d
MpKsl2cf0134b
MpKsl38f69197
MpKsl470d76c9
MpKsl4b027d58
MpKsl50148d0f
MpKsl527695ba
MpKsl55d0abf5
MpKsl5b777f9f
MpKsl6422714b
MpKsl65aff1e3
MpKsl7fa15cee
MpKsl80ff5f28
MpKsl8171da99
MpKsl9cf69675
MpKsld00b7504
MpKsld29d8f0b
MpKsle19d267c
MpKsle51785a3
MpKsle654493e
nctsyppt
nrglnlwq
ofbgxdne
qeiaigaa
szmpqibw
tsylpymq
vulmu
MPKSL2383D859

File::
c:\windows\system32\drivers\mdtnioqd.sys
C:\avexport.bat
c:\windows\system32\hdsector.sys
c:\windows\system32\vulmu.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uxome.exe
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\huyn.exe
c:\windows\system32\drivers\fgdbiydf.sys
c:\windows\system32\drivers\hrcvcibk.sys
c:\windows\system32\drivers\hsvzayol.sys
c:\windows\system32\drivers\kxnxersm.sys
c:\windows\system32\drivers\lbfuboxw.sys
c:\windows\system32\drivers\nctsyppt.sys
c:\windows\system32\drivers\nrglnlwq.sys
c:\windows\system32\drivers\ofbgxdne.sys
c:\windows\system32\drivers\qeiaigaa.sys
c:\windows\system32\drivers\szmpqibw.sys
c:\windows\system32\drivers\tsylpymq.sys

Folder::
c:\programdata\Microsoft\Microsoft Antimalware

Save the Notepad file as CFScript.txt and make sure it's saved to the Desktop.

Make sure all windows are closed before continuing.

Referring to the image below, drag CFScript.txt into ComboFix.exe, and let the program run.

Posted Image

When done, paste the contents of the resultant log in your next reply.

***

Download Microsoft Security Essentials here and reinstall it.

#28
LukeMcD

Posted 31 October 2011 - 03:45 PM

Member

Topic Starter
Member
102 posts

combofix got to stage 30 something and the laptop powered off. will try again tomorrow, maybe it overheated but i made sure every fan was ventilated.

#29
Amlak

Posted 31 October 2011 - 06:53 PM

Member 1K

Member
1,470 posts

Yes, do try again soon. But make sure you update ComboFix to the latest version first.

If the laptop doesn't power off at Stage 30 the next time (or it powers off at another stage or something), then we might be looking at an overheating issue or some other hardware failure.

#30
LukeMcD

Posted 01 November 2011 - 11:42 AM

Member

Topic Starter
Member
102 posts

Yes, do try again soon. But make sure you update ComboFix to the latest version first.

If the laptop doesn't power off at Stage 30 the next time (or it powers off at another stage or something), then we might be looking at an overheating issue or some other hardware failure.

i must have had the laptop in a stupid position, there's definitely viruses, keep getting ad pop ups.

ComboFix 11-11-01.03 - Martain 01/11/2011  17:12:38.3.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.44.1033.18.1013.257 [GMT 0:00]
Running from: c:\users\Martain\Desktop\ComboFix.exe
Command switches used :: c:\users\Martain\Desktop\CFScript.txt
.
FILE ::
"C:\avexport.bat"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uxome.exe"
"c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\huyn.exe"
"c:\windows\system32\drivers\fgdbiydf.sys"
"c:\windows\system32\drivers\hrcvcibk.sys"
"c:\windows\system32\drivers\hsvzayol.sys"
"c:\windows\system32\drivers\kxnxersm.sys"
"c:\windows\system32\drivers\lbfuboxw.sys"
"c:\windows\system32\drivers\mdtnioqd.sys"
"c:\windows\system32\drivers\nctsyppt.sys"
"c:\windows\system32\drivers\nrglnlwq.sys"
"c:\windows\system32\drivers\ofbgxdne.sys"
"c:\windows\system32\drivers\qeiaigaa.sys"
"c:\windows\system32\drivers\szmpqibw.sys"
"c:\windows\system32\drivers\tsylpymq.sys"
"c:\windows\system32\hdsector.sys"
"c:\windows\system32\vulmu.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Microsoft Antimalware
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D18097BC-81B5-44A2-AD24-1F86702C1060}\MpKsl04e32135.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\mpasbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\mpasdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\mpavbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\mpavdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\mpengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E19C322D-36F9-475C-8329-7A894CCE6AF5}\offreg.dll
c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{0855A899-7101-C8B8-821A-7793FCD56991}-huyn.exe
c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FA5154A5-F1AE-4BF9-9F95-C106D130C83B}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5A1A0404-AF72-43F4-99A7-060282FFBAD6}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{71D2C875-FDEF-4102-8185-47E08C93DC71}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{FA5154A5-F1AE-4BF9-9F95-C106D130C83B}
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\13\AD51CCDF-560D-4C57-A4A8-D549C9D7D898
c:\programdata\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log
c:\programdata\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin
c:\programdata\Microsoft\Microsoft Antimalware\Scans\RebootActions\uhpgnoqo.dat
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpCacheStats.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPDetection-10152011-144944.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPLog-06082010-200938.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MPLog-09252011-162343.log
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10182011-175351-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10232011-185102-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10252011-144650-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10252011-150130-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10282011-123725-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10282011-125122-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10312011-192716-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10312011-202542-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10312011-203931-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10312011-205540-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-10312011-213404-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-11012011-170141-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-11012011-170511-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing-11012011-170607-00000003-ffffffff.bin
c:\programdata\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin
c:\programdata\vc71Gx4F.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL0BF0B4DE
-------\Legacy_MPKSL1A7EF16D
-------\Legacy_MPKSL38F69197
-------\Legacy_MPKSL470D76C9
-------\Legacy_MPKSL4B027D58
-------\Legacy_MPKSL50148D0F
-------\Legacy_MPKSL527695BA
-------\Legacy_MPKSL5B777F9F
-------\Legacy_MPKSL6422714B
-------\Legacy_MPKSL65AFF1E3
-------\Legacy_MPKSL7FA15CEE
-------\Legacy_MPKSL80FF5F28
-------\Legacy_MPKSL8171DA99
-------\Legacy_MPKSL9CF69675
-------\Legacy_MPKSLD00B7504
-------\Legacy_MPKSLD29D8F0B
-------\Legacy_MPKSLE51785A3
-------\Legacy_MPKSLE654493E
-------\Service_fgdbiydf
-------\Service_hrcvcibk
-------\Service_hsvzayol
-------\Service_kxnxersm
-------\Service_lbfuboxw
-------\Service_MpKsl0bf0b4de
-------\Service_MpKsl0cc83c6f
-------\Service_MpKsl1a7ef16d
-------\Service_MpKsl2cf0134b
-------\Service_MpKsl38f69197
-------\Service_MpKsl470d76c9
-------\Service_MpKsl4b027d58
-------\Service_MpKsl50148d0f
-------\Service_MpKsl527695ba
-------\Service_MpKsl55d0abf5
-------\Service_MpKsl5b777f9f
-------\Service_MpKsl6422714b
-------\Service_MpKsl65aff1e3
-------\Service_MpKsl7fa15cee
-------\Service_MpKsl80ff5f28
-------\Service_MpKsl8171da99
-------\Service_MpKsl9cf69675
-------\Service_MpKsld00b7504
-------\Service_MpKsld29d8f0b
-------\Service_MpKsle19d267c
-------\Service_MpKsle51785a3
-------\Service_MpKsle654493e
-------\Service_nctsyppt
-------\Service_nrglnlwq
-------\Service_ofbgxdne
-------\Service_qeiaigaa
-------\Service_szmpqibw
-------\Service_tsylpymq
-------\Service_vulmu
-------\Legacy_MpKsl04e32135
-------\Legacy_MpKsl04e32135
-------\Service_MpKsl04e32135
-------\Service_MpKsl04e32135
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-01 to 2011-11-01  )))))))))))))))))))))))))))))))
.
.
2011-11-01 17:24 . 2011-11-01 17:28	--------	d-----w-	c:\users\Martain\AppData\Local\temp
2011-11-01 17:24 . 2011-11-01 17:24	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-11-01 17:24 . 2011-11-01 17:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-31 21:31 . 2011-10-31 21:31	41984	----a-w-	c:\windows\system32\fterve.exe
2011-10-31 21:30 . 2011-10-31 21:30	41984	----a-w-	c:\windows\system32\aqrotp.exe
2011-10-31 21:30 . 2011-10-31 21:30	41984	----a-w-	c:\windows\system32\iqroth.exe
2011-10-31 21:30 . 2011-10-31 21:30	41984	----a-w-	c:\windows\system32\gtervf.exe
2011-10-31 21:29 . 2011-10-31 21:29	41984	----a-w-	c:\windows\system32\rqrotq.exe
2011-10-31 21:29 . 2011-10-31 21:29	41984	----a-w-	c:\windows\system32\ttixc.exe
2011-10-31 21:28 . 2011-10-31 21:28	41984	----a-w-	c:\windows\system32\wbegeg.exe
2011-10-31 21:28 . 2011-10-31 21:28	41984	----a-w-	c:\windows\system32\wtervf.exe
2011-10-31 21:28 . 2011-10-31 21:28	41984	----a-w-	c:\windows\system32\vterve.exe
2011-10-31 21:28 . 2011-10-31 21:28	41984	----a-w-	c:\windows\system32\etervu.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\stixc.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\sfinb.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\xbegeg.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\tsodt.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\csodc.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\xtervw.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\ksodz.exe
2011-10-31 21:27 . 2011-10-31 21:27	41984	----a-w-	c:\windows\system32\iweryx.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\ybegeg.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\xweryg.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\etixt.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\mtixl.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\zqroth.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\ssodc.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\hweryx.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\ltixk.exe
2011-10-31 21:25 . 2011-10-31 21:25	41984	----a-w-	c:\windows\system32\aqrota.exe
2011-10-31 21:23 . 2011-10-31 21:23	41984	----a-w-	c:\windows\system32\yweryx.exe
2011-10-31 21:22 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\pweryo.exe
2011-10-31 21:22 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\obegeo.exe
2011-10-31 21:22 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\sfinr.exe
2011-10-31 21:22 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\otervn.exe
2011-10-31 21:22 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\qweryp.exe
2011-10-31 21:21 . 2011-10-31 21:21	41984	----a-w-	c:\windows\system32\qqrotq.exe
2011-10-31 21:21 . 2011-10-31 21:21	41984	----a-w-	c:\windows\system32\uulmd.exe
2011-10-31 21:21 . 2011-10-31 21:21	41984	----a-w-	c:\windows\system32\bfinq.exe
2011-10-31 21:20 . 2011-10-31 21:20	41984	----a-w-	c:\windows\system32\zqrotj.exe
2011-10-31 21:20 . 2011-10-31 21:20	41984	----a-w-	c:\windows\system32\yweryh.exe
2011-10-31 21:20 . 2011-10-31 21:20	41984	----a-w-	c:\windows\system32\gbegev.exe
2011-10-31 21:20 . 2011-10-31 21:20	41984	----a-w-	c:\windows\system32\xweryh.exe
2011-10-31 21:20 . 2011-10-31 21:20	41984	----a-w-	c:\windows\system32\tsodc.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\ttixt.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\iqroti.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\jfiny.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\vtervf.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\utixd.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\oweryo.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\jqroty.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\nbegen.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\iqrotx.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\lulml.exe
2011-10-31 21:19 . 2011-10-31 21:19	41984	----a-w-	c:\windows\system32\rfina.exe
2011-10-31 21:17 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\ctixc.exe
2011-10-31 21:16 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\zfini.exe
2011-10-31 21:16 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\mulmm.exe
2011-10-31 21:16 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\xbegew.exe
2011-10-31 21:15 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\csodr.exe
2011-10-31 21:15 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\uulme.exe
2011-10-31 21:15 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\ntervm.exe
2011-10-31 21:15 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\afina.exe
2011-10-31 21:15 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\ltixl.exe
2011-10-31 20:58 . 2011-10-31 21:22	41984	----a-w-	c:\windows\system32\pbegeo.exe
2011-10-23 17:59 . 2011-10-23 17:59	14720	----a-w-	c:\windows\system32\hdsector.sys
2011-10-07 19:24 . 2011-10-07 19:24	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:00 . 2011-08-02 12:11	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29	1490312	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2011-10-04 147464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Martain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Martain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 11:38	40048	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 12:29	395144	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06	159744	----a-w-	c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-12 11:36	623888	----a-w-	c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33	573350	------w-	c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-01-02 17:06	166424	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-01-02 17:07	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 09:14	206112	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-07-16 05:51	768520	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16	997920	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-06-22 01:25	155648	----a-w-	c:\program files\Acer\Acer Arcade\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-01-02 17:07	133656	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 14:17	236016	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06	4669440	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-08 15:48	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 17:38	583048	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 21:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-07-31 13:15	1006264	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2011-10-04 16:50	147464	----a-w-	c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 uhpgnoqo;uhpgnoqo;c:\windows\system32\drivers\uhpgnoqo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 wbegef;NVIDIA Display Srv;c:\windows\system32\wbegef.exe [2011-10-31 41984]
R3 CFcatchme;CFcatchme;c:\combofix\CFcatchme.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Martain\AppData\Roaming\Mozilla\Firefox\Profiles\ksagft2t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_UK&apn_uid=60DDF12B-76F8-42B5-970B-09C79539A2EF&apn_ptnrs=OE&apn_sauid=D66240B2-47E3-4EF0-A05D-DFB9CD329B50&apn_dtid=VIN007YYGB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmpnscfg .exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-11-01  17:39:47 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-01 17:39
ComboFix2.txt  2011-10-28 13:13
.
Pre-Run: 1,959,890,944 bytes free
Post-Run: 2,544,799,744 bytes free
.
- - End Of File - - 7D62DC2B23332D93A5E1248E065414D8