Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware - AV Security, ARO, Weatherbug, Yoohoo [Closed]

Started by ztastorm , Nov 18 2011 02:22 AM

  • This topic is locked This topic is locked

#1
ztastorm
Posted 18 November 2011 - 02:22 AM

ztastorm

    Member

  • Member
  • PipPip
  • 86 posts
Hello,
We have been experiencing pop-ups from AV Security, as well as programs that we didn't download such as Weatherbug and this Yooohoo (note: not Yahoo)pg. Tried running OTL & Malwarebytes but every link I clicked on I was blocked out. Started the computer in Safe Mode and ran the VIPR scan and eventually Malwarebytes, which found approximately 37 threats and trojans. I removed them, was finally able to run OTL, the log file is posted below. ARO is still coming up and the computer is still running "loudly" as if there are a lot of programs/processes running at once. There's also a "testendonline" pop up that keeps coming up and redirecting my IE pages... I would appreciate any help you can provide! Thank you so much in advance, Alisha



OTL logfile created on: 11/18/2011 3:09:46 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Sinons\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.48% Memory free
3.74 Gb Paging File | 2.86 Gb Available in Paging File | 76.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 44.19 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
Drive D: | 144.03 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: THESINONS-PC | User Name: The Sinons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 03:09:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Sinons\Desktop\OTL.exe
PRC - [2011/10/06 01:18:38 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2011/05/06 17:20:33 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/06/14 03:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/06/14 03:15:24 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdkserv.exe
PRC - [2007/04/04 20:54:08 | 000,266,343 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/02/07 02:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/29 19:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe


========== Modules (No Company Name) ==========

MOD - [2007/03/14 08:54:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/11/02 04:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 07:47:07 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/06/14 03:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 03:15:24 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/04 20:54:08 | 000,266,343 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/02/07 02:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/29 19:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/09 03:05:45 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 03:05:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/30 22:21:20 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111110.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/30 22:21:20 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111110.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/14 18:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/12 13:22:05 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2007/03/14 09:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/02/02 03:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/10/29 22:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/05/21 14:16:14 | 000,471,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
DRV - [2004/05/21 14:15:31 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Sinons\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Sinons\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\The Sinons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\The Sinons\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/09/28 06:28:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FriendsChecker\DynConFf\


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\The Sinons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\The Sinons\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\The Sinons\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\The Sinons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\The Sinons\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Dallas Cowboys BHO) - {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files\Dallas Cowboys\Toolbar.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Philadelphia Phillies Toolbar) - {f722f063-925c-43d2-8308-584cfc1297fe} - C:\Program Files\Philadelphia_Phillies\tbPhi0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dallas Cowboys) - {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files\Dallas Cowboys\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Philadelphia Phillies Toolbar) - {f722f063-925c-43d2-8308-584cfc1297fe} - C:\Program Files\Philadelphia_Phillies\tbPhi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Dallas Cowboys) - {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files\Dallas Cowboys\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Philadelphia Phillies Toolbar) - {F722F063-925C-43D2-8308-584CFC1297FE} - C:\Program Files\Philadelphia_Phillies\tbPhi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5AA97B-53B2-4075-9F14-7231E4641C09}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Sinons\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\The Sinons\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\Shell - "" = AutoRun
O33 - MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\Shell\AutoRun\command - "" = J:\Photokinz.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 03:09:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Sinons\Desktop\OTL.exe
[2011/11/18 02:24:42 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\Sammsoft
[2011/11/18 02:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2011
[2011/11/18 02:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/11/17 19:58:02 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/11/17 19:58:02 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/11/17 19:57:21 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/17 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\EBC76
[2011/11/17 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\QkUVrlOBtPySiD
[2011/11/17 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\d4amH5sWJdLg
[2011/11/17 15:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/17 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\zVrlOBtxPySiD
[2011/11/17 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\ZnF4amH5s
[2011/11/17 08:37:04 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\UwjUCelIBzy
[2011/11/17 08:37:04 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\Q4pmG5sQJdKfZh
[2011/11/17 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\dyxA0uvS2b3n5Q6
[2011/11/17 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\BK7fRL9gTqYeI
[2011/11/16 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\lG5aQH6dW7R9TqY
[2011/11/16 21:59:50 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\zxA0uvS2iF
[2011/11/16 21:45:21 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\j2onF4pmHsJdK
[2011/11/16 21:25:09 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\kXqjYCekIrOtAuS
[2011/11/16 21:25:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/11/16 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\u5sA1uvSo
[2011/11/16 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\PkIBrzONyAuSiFp
[2011/11/16 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\EBC76
[2011/11/16 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\303EB
[2011/11/16 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\tG4amH6sW7E8T
[2011/11/16 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\gqhYCwkUVlBxySi
[2011/11/16 17:23:53 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\ThYXwjUVeItP
[2011/11/16 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\TYCwkUVrlBx0c1v
[2011/11/16 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\aNtxxPucS1iDoGa
[2011/11/11 14:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2011/11/11 13:54:44 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\Fighters
[2011/11/11 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011/11/11 13:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/11/11 13:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/11/11 13:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2011/11/11 13:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2008/02/18 00:01:31 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdkhcp.dll
[2008/02/18 00:01:31 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdkinpa.dll
[2008/02/18 00:01:30 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdkusb1.dll
[2008/02/18 00:01:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdkiesc.dll
[2008/02/18 00:01:29 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdkserv.dll
[2008/02/18 00:01:29 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdkpmui.dll
[2008/02/18 00:01:29 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdklmpm.dll
[2008/02/18 00:01:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdkprox.dll
[2008/02/18 00:01:28 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdkih.exe
[2008/02/18 00:01:27 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdkhbn3.dll
[2008/02/18 00:01:26 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomc.dll
[2008/02/18 00:01:26 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdkcoms.exe
[2008/02/18 00:01:26 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdkcfg.exe
[2008/02/18 00:01:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomm.dll
[2008/01/14 01:32:51 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/04/16 20:09:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/18 03:10:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E74FB6E-B0A5-4C81-AA2F-BECAC1E7FC9D}.job
[2011/11/18 03:09:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Sinons\Desktop\OTL.exe
[2011/11/18 03:07:21 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/11/18 03:07:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 03:06:55 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 03:06:55 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 03:06:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 03:06:37 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 02:28:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 02:24:33 | 000,001,657 | ---- | M] () -- C:\Users\The Sinons\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/18 02:24:33 | 000,001,651 | ---- | M] () -- C:\Users\The Sinons\Desktop\Check PC For Errors.lnk
[2011/11/17 19:56:54 | 105,930,752 | ---- | M] () -- C:\Users\The Sinons\Desktop\VIPRERescue11067.exe
[2011/11/17 19:47:58 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/17 19:47:58 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/17 19:37:56 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\0.job
[2011/11/17 15:26:04 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/17 07:19:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 03:06:37 | 1878,515,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/18 02:24:33 | 000,001,657 | ---- | C] () -- C:\Users\The Sinons\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/18 02:24:33 | 000,001,651 | ---- | C] () -- C:\Users\The Sinons\Desktop\Check PC For Errors.lnk
[2011/11/17 19:56:38 | 105,930,752 | ---- | C] () -- C:\Users\The Sinons\Desktop\VIPRERescue11067.exe
[2011/11/17 19:37:56 | 000,000,216 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/11/17 15:25:27 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/11 14:13:17 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/10/05 14:16:24 | 000,000,094 | ---- | C] () -- C:\Users\The Sinons\AppData\Roaming\wklnhst.dat
[2011/08/12 11:40:56 | 005,353,987 | ---- | C] () -- C:\Users\The Sinons\AppData\Roaming\SMRBackup162.dat
[2010/12/04 17:40:55 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/06/28 23:04:31 | 000,000,680 | ---- | C] () -- C:\Users\The Sinons\AppData\Local\d3d9caps.dat
[2009/08/04 22:06:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/03 22:49:47 | 025,049,120 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/02/11 22:17:19 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/12/21 16:28:24 | 000,471,232 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2008/12/21 16:28:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\LVUSBSta.sys
[2008/12/21 16:28:24 | 000,005,993 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/10/13 16:05:58 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/06 11:03:46 | 000,001,680 | ---- | C] () -- C:\Windows\_delis32.ini
[2008/05/06 11:03:11 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2008/04/07 20:26:00 | 000,235,520 | ---- | C] () -- C:\Users\The Sinons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 07:58:03 | 000,005,364 | ---- | C] () -- C:\ProgramData\lxdk
[2008/02/20 21:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/20 21:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/18 11:30:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/18 00:05:24 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdkcoin.dll
[2008/02/18 00:03:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDKPMON.DLL
[2008/02/18 00:03:25 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDKFXPU.DLL
[2008/02/18 00:03:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdkoem.dll
[2008/02/18 00:01:44 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdkrwrd.ini
[2008/02/18 00:01:31 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdkinst.dll
[2008/02/18 00:01:27 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdkgrd.dll
[2008/01/14 01:33:34 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/01/14 01:33:34 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/01/14 01:32:51 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/05/22 12:22:21 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdkdrs.dll
[2007/05/22 05:10:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdkcaps.dll
[2007/04/16 20:41:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/16 20:09:21 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/16 19:28:29 | 000,000,818 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/16 19:28:29 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/16 19:28:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/04/16 19:28:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/16 19:28:25 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/14 09:35:07 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdkcnv4.dll
[2007/02/07 01:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 01:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 01:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 01:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 01:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 01:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 17:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 07:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,317,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,617,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,440 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/07/31 20:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdkvs.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/11/17 21:36:56 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\303EB
[2008/02/18 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\5300 Series
[2008/02/17 23:58:29 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Acer
[2008/07/16 12:55:06 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Acoustica
[2011/11/16 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\aNtxxPucS1iDoGa
[2010/01/30 20:48:26 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\AnvSoft
[2010/12/24 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Barnes & Noble
[2011/11/17 07:21:09 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\BK7fRL9gTqYeI
[2009/01/10 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Canon
[2011/11/17 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\d4amH5sWJdLg
[2011/11/17 07:21:08 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\dyxA0uvS2b3n5Q6
[2011/11/17 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\EBC76
[2011/11/11 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Fighters
[2010/12/25 10:32:54 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Fisher-Price
[2011/11/16 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\gqhYCwkUVlBxySi
[2008/12/05 21:19:17 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\iWin
[2011/11/16 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\j2onF4pmHsJdK
[2011/11/16 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\kXqjYCekIrOtAuS
[2008/02/17 23:58:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Leadertech
[2008/02/18 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Lexmark Productivity Studio
[2011/11/16 21:59:51 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\lG5aQH6dW7R9TqY
[2009/02/13 18:17:18 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\LimeWire
[2011/02/02 20:11:18 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Ludia
[2008/03/05 09:26:34 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\MusicNet
[2011/11/16 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\PkIBrzONyAuSiFp
[2011/11/17 08:37:04 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Q4pmG5sQJdKfZh
[2011/11/17 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\QkUVrlOBtPySiD
[2011/11/18 02:24:42 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Sammsoft
[2008/10/13 16:05:43 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\ScanSoft
[2011/10/05 14:16:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Template
[2011/11/16 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\tG4amH6sW7E8T
[2011/11/16 17:23:53 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\ThYXwjUVeItP
[2011/11/16 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\TYCwkUVrlBx0c1v
[2011/11/16 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\u5sA1uvSo
[2011/11/17 08:37:04 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\UwjUCelIBzy
[2010/02/24 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\WeatherBug
[2011/11/16 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/11/17 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\ZnF4amH5s
[2011/11/17 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\zVrlOBtxPySiD
[2011/11/16 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\zxA0uvS2iF
[2011/11/17 19:37:56 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\0.job
[2011/11/17 15:26:04 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/18 03:07:21 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/11/17 15:26:53 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/18 03:10:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5E74FB6E-B0A5-4C81-AA2F-BECAC1E7FC9D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\The Sinons\Documents\Livvy Laughing.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\The Sinons\Documents\Livvy Crawling.MPG:TOC.WMV

< End of report >

Edited by ztastorm, 18 November 2011 - 05:02 AM.

  • 0

Advertisements

#2
ztastorm
Posted 18 November 2011 - 02:34 AM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
:) :yes:

Edited by ztastorm, 18 November 2011 - 05:04 AM.

  • 0

#3
SweetTech
Posted 19 November 2011 - 03:14 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

From the looks of your logs it appears you maybe infected with an infection known as ZeroAccess. Which can be a bit of a pain to remove, depending on which variant it is.

I need to warn you of the following;

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\Shell - "" = AutoRun
O33 - MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\Shell\AutoRun\command - "" = J:\Photokinz.exe
[2011/11/17 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\EBC76
[2011/11/17 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\QkUVrlOBtPySiD
[2011/11/17 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\d4amH5sWJdLg
[2011/11/17 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\zVrlOBtxPySiD
[2011/11/17 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\ZnF4amH5s
[2011/11/17 08:37:04 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\UwjUCelIBzy
[2011/11/17 08:37:04 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\Q4pmG5sQJdKfZh
[2011/11/17 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\dyxA0uvS2b3n5Q6
[2011/11/17 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\BK7fRL9gTqYeI
[2011/11/16 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\lG5aQH6dW7R9TqY
[2011/11/16 21:59:50 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\zxA0uvS2iF
[2011/11/16 21:45:21 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\j2onF4pmHsJdK
[2011/11/16 21:25:09 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\kXqjYCekIrOtAuS
[2011/11/16 21:25:08 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/11/16 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\u5sA1uvSo
[2011/11/16 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\PkIBrzONyAuSiFp
[2011/11/16 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\EBC76
[2011/11/16 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\303EB
[2011/11/16 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\tG4amH6sW7E8T
[2011/11/16 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\gqhYCwkUVlBxySi
[2011/11/16 17:23:53 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\ThYXwjUVeItP
[2011/11/16 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\TYCwkUVrlBx0c1v
[2011/11/16 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\The Sinons\AppData\Roaming\aNtxxPucS1iDoGa
[2011/11/17 19:37:56 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\0.job
[2011/11/17 15:26:04 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/17 19:37:56 | 000,000,216 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/11/17 15:25:27 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/17 21:36:56 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\303EB
[2011/11/16 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\aNtxxPucS1iDoGa
[2011/11/17 07:21:09 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\BK7fRL9gTqYeI
[2011/11/17 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\d4amH5sWJdLg
[2011/11/17 07:21:08 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\dyxA0uvS2b3n5Q6
[2011/11/17 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\EBC76
[2011/11/16 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\gqhYCwkUVlBxySi
[2011/11/16 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\j2onF4pmHsJdK
[2011/11/16 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\kXqjYCekIrOtAuS
[2011/11/16 21:59:51 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\lG5aQH6dW7R9TqY
[2011/11/16 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\PkIBrzONyAuSiFp
[2011/11/17 08:37:04 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\Q4pmG5sQJdKfZh
[2011/11/17 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\QkUVrlOBtPySiD
[2011/11/16 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\tG4amH6sW7E8T
[2011/11/16 17:23:53 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\ThYXwjUVeItP
[2011/11/16 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\TYCwkUVrlBx0c1v
[2011/11/16 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\u5sA1uvSo
[2011/11/17 08:37:04 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\UwjUCelIBzy
[2011/11/16 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/11/17 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\ZnF4amH5s
[2011/11/17 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\zVrlOBtxPySiD
[2011/11/16 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\The Sinons\AppData\Roaming\zxA0uvS2iF
[2011/11/17 19:37:56 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\0.job
[2011/11/17 15:26:04 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At1.job
@Alternate Data Stream - 64 bytes -> C:\Users\The Sinons\Documents\Livvy Laughing.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\The Sinons\Documents\Livvy Crawling.MPG:TOC.WMV

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.
  • 0

#4
ztastorm
Posted 21 November 2011 - 06:57 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Thanks so much...our system has gotten much much worse. I'm currently running in safe mode..opening windows is almost impossible as multiple windows come up..no programs or any of our desktop icons are showing up & i'm afraid it may have wiped everything out. this "Congratulaions - You are todays' WINNER" keeps popping up nonstop. Please help..I can't even find OTL on my desktop anymore :(
  • 0

#5
ztastorm
Posted 21 November 2011 - 07:57 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hi Agent ST,
Ran the scans you asked for..here are the log files:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpeetItUpFree deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f44f06c7-2c22-11e0-ab89-001c2554e967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f44f06c7-2c22-11e0-ab89-001c2554e967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f44f06c7-2c22-11e0-ab89-001c2554e967}\ not found.
File J:\Photokinz.exe not found.
C:\Program Files\EBC76 folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\QkUVrlOBtPySiD folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\d4amH5sWJdLg folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\zVrlOBtxPySiD folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\ZnF4amH5s folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\UwjUCelIBzy folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\Q4pmG5sQJdKfZh folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\dyxA0uvS2b3n5Q6 folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\BK7fRL9gTqYeI folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\lG5aQH6dW7R9TqY folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\zxA0uvS2iF folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\j2onF4pmHsJdK folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\kXqjYCekIrOtAuS folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\XbF3pnG5aHdKfLg folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\u5sA1uvSo folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\PkIBrzONyAuSiFp folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\EBC76 folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\303EB folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\tG4amH6sW7E8T folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\gqhYCwkUVlBxySi folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\ThYXwjUVeItP folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\TYCwkUVrlBx0c1v folder moved successfully.
C:\Users\The Sinons\AppData\Roaming\aNtxxPucS1iDoGa folder moved successfully.
C:\Windows\Tasks\0.job moved successfully.




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-21 20:51:51
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3320820AS rev.3.AAD
Running: gmer.exe; Driver: C:\Users\THESIN~1\AppData\Local\Temp\aglyruow.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE CI.dll!CiInitialize + 3340 807EDBAA 1 Byte [C4]
PAGE CI.dll!CiInitialize + 3340 807EDBAA 3 Bytes [C4, 00, 00]
.text smb.sys!CloseMudfrxjoyue 8D63A000 2 Bytes [00, 00] {ADD [EAX], AL}
.text smb.sys!CloseMudfrxjoyue 8D63A004 6 Bytes [00, 00, 33, C0, C2, 08]
.text smb.sys!CloseMudfrxjoyue 8D63A00B 167 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text smb.sys!CloseMudfrxjoyue 8D63A0B4 10 Bytes [83, C0, 04, 6A, 00, 50, E8, ...]
.text smb.sys!CloseMudfrxjoyue 8D63A0BF 24 Bytes [83, C4, 0C, 5D, C2, 04, 00, ...]
.text ...
.text smb.sys!Wcxwfar + 1E 8D63A143 4 Bytes [03, CF, FF, 15]
.text smb.sys!Wcxwfar + 23 8D63A148 8 Bytes [40, 64, 8D, 8D, 5E, 10, 8B, ...]
.text smb.sys!Wcxwfar + 2C 8D63A151 61 Bytes [45, 0B, FF, 15, 54, 41, 64, ...]
.text smb.sys!Ixjqknpmdwm + 38 8D63A190 26 Bytes [8B, CB, FF, 15, 58, 41, 64, ...]
.text smb.sys!Ixjqknpmdwm + 54 8D63A1AC 50 Bytes [8D, BE, 24, 01, 00, 00, 8B, ...]
.text smb.sys!Ixjqknpmdwm + 88 8D63A1E0 7 Bytes CALL 8D643595 \SystemRoot\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation)
.text smb.sys!Ixjqknpmdwm + 90 8D63A1E8 42 Bytes [50, 64, 8D, 3D, 00, 50, 64, ...]
.text smb.sys!Ixjqknpmdwm + BB 8D63A213 31 Bytes [5F, 5E, 5B, 5D, C2, 04, 00, ...]
.text ...
.text smb.sys!IsOkufjhjbbjh + E 8D63A762 21 Bytes [89, 4D, 08, FF, D7, 8B, 4E, ...]
.text smb.sys!IsOkufjhjbbjh + 26 8D63A77A 14 Bytes [8B, 48, 04, 89, 06, 89, 4E, ...]
.text smb.sys!IsOkufjhjbbjh + 35 8D63A789 4 Bytes [50, 64, 8D, 3D]
.text smb.sys!IsOkufjhjbbjh + 3A 8D63A78E 15 Bytes [50, 64, 8D, 74, 21, 80, 78, ...]
.text smb.sys!IsOkufjhjbbjh + 4A 8D63A79E 20 Bytes [02, 74, 13, 56, 68, 1C, 42, ...]
.text ...
.text smb.sys!CloseMudfrxjoyue + C 8D63ACF0 5 Bytes [8A, D0, 8D, 8B, BC]
.text smb.sys!CloseMudfrxjoyue + 14 8D63ACF8 9 Bytes [FF, 15, 08, 40, 64, 8D, 8B, ...]
.text smb.sys!CloseMudfrxjoyue + 20 8D63AD04 3 Bytes [3B, 83, FC]
.text smb.sys!CloseMudfrxjoyue + 26 8D63AD0A 5 Bytes [7C, 0A, C7, 83, F8]
.text smb.sys!CloseMudfrxjoyue + 2E 8D63AD12 1 Byte [01]
.text ...
? C:\Windows\system32\DRIVERS\smb.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 7799FD74 5 Bytes JMP 0079000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 779A06F4 5 Bytes JMP 007A000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!KiUserExceptionDispatcher 779A0E88 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[948] ole32.dll!CoCreateInstance 7687DD8F 5 Bytes JMP 0077000A

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8D64D000-8D668000 (110592 bytes)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

ADS C:\Users\The Sinons\AppData\Local\Temp:winupd.exe 127488 bytes executable
File C:\Windows\$NtUninstallKB38064$\395607326 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\@ 2048 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\bckfg.tmp 840 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\cfg.ini 196 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\keywords 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\L 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\L\qnbwvoto 66048 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB38064$\646951487\U\80000032.@ 97792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35155TE3\icnUtilsTwitter[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35155TE3\1-ORG3011_300x250[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRC5K55\player[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRC5K55\crossdomainCADDSCEG.xml 269 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE38PALG\b[4].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE38PALG\SelenaTheScene-HitTheLights-MV[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE38PALG\beacon[8].js 1194 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\afr[2].htm 1021 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\ncript211[1].js 4209 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\cm[1].gif 42 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\2782_3fbf8cf1-18ac-45b2-be09-b7f6d3bf34c4[1].jpg 3246 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\csm[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\45357b76-021d-4647-be0a-0d896f3c645d[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\a[3].aspx 634 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE4AGP1L\ddc[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[3].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blogtalkradio[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#6
SweetTech
Posted 21 November 2011 - 08:25 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Glad to hear that you were able to run the OTL fix and the GMER scan.

The GMER scan did in fact confirm my suspicions. You have a pretty nasty infection. We'll be bringing out the big toy to attack this infection.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#7
ztastorm
Posted 22 November 2011 - 02:56 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
This is not going well, Agent ST :( I ran the OpSWAT & all it located was Norton..I know that I have ERUNT & Malwarebytes on my system but am unable to remove them "manually" because I am an unable to access the control panel & there are no programs listed on my Start menu. I had to run the Combofix several times before it would actually run completely, but the log file box was blocked from popping up. There is a blue box that pops up C:\Administrator that says "Please wait. combofix is preparing to run. Access denied. Administrator permissions are needed to use the selection Use an asministrator command prompt to complete these tasks" Then it repeats that again then says "Attempting to create a new system restore point" but it basically seems like it freezes. Not sure what to do next..help!!
  • 0

#8
SweetTech
Posted 22 November 2011 - 06:12 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please don't worry about uninstalling anything.

When you were running ComboFix did you right click on it and select Run as Administrator??
  • 0

#9
ztastorm
Posted 23 November 2011 - 08:04 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Yes I did and it did run, it just took a while..it went up to Completed Stage 50 then it said "Preparing Log Report. Do not run any programs until ComboFix has finished. The following usage of the path operator in batch-parameter substitution is invalid: %~NXG.vir" For valid formats type CALL /? or FOR /?
The syntax of the command is incorrect"

Then that blue screen closed on it's own and no logfile came up for me to post. Good news is that I'm not in safe mode right now so yay ? lol please advise what to do next!
  • 0

#10
ztastorm
Posted 23 November 2011 - 08:29 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
IT WORKED!!!

ComboFix 11-11-23.03 - The Sinons 11/23/2011 21:09:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1791.1129 [GMT -5:00]
Running from: c:\users\The Sinons\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\AyBceCwcCVrA.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 02:19 . 2011-11-24 02:20 -------- d-----w- c:\users\The Sinons\AppData\Local\temp
2011-11-24 02:19 . 2011-11-24 02:19 -------- d-----w- c:\users\eeglzfan69\AppData\Local\temp
2011-11-24 02:19 . 2011-11-24 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 02:07 . 2011-11-24 02:20 -------- d-----w- \ComboFix \ComboFix
2011-11-22 12:42 . 2011-11-22 12:42 -------- d-----w- \Qoobox \Qoobox
2011-11-22 01:01 . 2011-11-22 01:01 -------- d-----w- C:\_OTL
2011-11-22 01:01 . 2011-11-22 01:01 -------- d-----w- \_OTL \_OTL
2011-11-21 13:47 . 2011-11-24 02:03 734674 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-20 11:52 . 2011-11-20 11:52 0 --sha-r- \MSDOS.SYS \MSDOS.SYS
2011-11-20 11:52 . 2011-11-20 11:52 0 --sha-r- \IO.SYS \IO.SYS
2011-11-18 07:24 . 2011-11-18 07:24 -------- d--h--w- c:\users\The Sinons\AppData\Roaming\Sammsoft
2011-11-18 07:24 . 2011-11-18 07:24 -------- d--h--w- c:\program files\ARO 2011
2011-11-18 00:58 . 2010-11-09 18:56 98392 ---ha-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-18 00:58 . 2010-11-09 18:56 27984 ---ha-w- c:\windows\system32\sbbd.exe
2011-11-18 00:57 . 2011-11-18 03:38 -------- d-----w- C:\VIPRERESCUE
2011-11-18 00:57 . 2011-11-18 03:38 -------- d-----w- \VIPRERESCUE \VIPRER~1
2011-11-16 22:24 . 2011-11-16 22:24 101888 ---ha-w- c:\users\The Sinons\AppData\Roaming\Microsoft\9673\5D84.tmp
2011-11-11 19:07 . 2011-11-11 19:07 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 19:05 . 2011-11-11 19:05 18944 ---ha-r- c:\users\The Sinons\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-11-11 19:04 . 2011-11-11 19:04 -------- d--h--w- c:\program files\Surf Canyon
2011-11-11 18:54 . 2011-11-12 02:45 -------- d--h--w- c:\users\The Sinons\AppData\Roaming\Fighters
2011-11-11 18:54 . 2011-11-11 19:04 -------- d--h--w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2009-07-13 22:01 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69CE821F-3668-475A-B66F-94719B322DE3}]
2010-10-29 14:18 1530368 ---ha-w- c:\program files\Dallas Cowboys\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f722f063-925c-43d2-8308-584cfc1297fe}]
2010-03-08 13:28 2349080 ---ha-w- c:\program files\Philadelphia_Phillies\tbPhi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f722f063-925c-43d2-8308-584cfc1297fe}"= "c:\program files\Philadelphia_Phillies\tbPhi0.dll" [2010-03-08 2349080]
"{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files\Dallas Cowboys\Toolbar.dll" [2010-10-29 1530368]
.
[HKEY_CLASSES_ROOT\clsid\{f722f063-925c-43d2-8308-584cfc1297fe}]
.
[HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F722F063-925C-43D2-8308-584CFC1297FE}"= "c:\program files\Philadelphia_Phillies\tbPhi0.dll" [2010-03-08 2349080]
"{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files\Dallas Cowboys\Toolbar.dll" [2010-10-29 1530368]
.
[HKEY_CLASSES_ROOT\clsid\{f722f063-925c-43d2-8308-584cfc1297fe}]
.
[HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winupd"="\\?\globalroot\Device\HarddiskVolume2\Users\THESIN~1\AppData\Local\Temp:winupd.exe" [?]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-19 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-10-07 2314608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Sinons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\users\The Sinons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ---ha-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 17:27 319488 ---ha-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-10-15 20:43 3387392 ---ha-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-16 01:39 151552 ---ha-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ---ha-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ---ha-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ---ha-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ---ha-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 06:57 1025320 ---ha-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 07:04 464168 ---ha-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-15 21:17 30192 ---ha-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ---ha-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-09-09 06:21 623880 ---ha-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]
2010-04-28 08:36 52280 ---ha-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5300 Series Fax Server]
2007-06-22 03:18 307888 ---ha-w- c:\program files\Lexmark 5300 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 08:06 20480 ---ha-w- c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 03:17 455344 ---ha-w- c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ---ha-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ---ha-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ---ha-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-02-19 08:07 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-02-02 08:37 630784 ---ha-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ---ha-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-19 18:30 39408 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRQ Uploader]
2011-06-16 11:50 2305464 ---ha-r- c:\program files\NortonVRQ\Engine\5.0.6.3\VRQUploadFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-02-19 08:15 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4013189884-1841922214-460819658-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvix86.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-15 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 598960]
S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe [2007-06-14 99248]
.
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = localhost;*.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AyBceCwcCVrA.exe - c:\programdata\AyBceCwcCVrA.exe
MSConfigStartUp-Apanel - c:\acersw\config\NewSetApanel.cmd
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-vrq - c:\program files\NortonInstaller\{249ccac8-dadb-42db-a9da-ab46ff418f95}\vrq\LicenseType\5.0.6.3\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 21:20
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="s\00y\00s\00t\00e\00m\003\002\00\\00D\00R\00I\00V\00E\00R\00S\00\\00s\00m\00b\00.\00s\00y\00s"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2544)
c:\windows\system32\eDSshellExt.dll
c:\windows\system32\CryptoAPI.dll
.
Completion time: 2011-11-23 21:28:13
ComboFix-quarantined-files.txt 2011-11-24 02:28
.
Pre-Run: 52,834,553,856 bytes free
Post-Run: 52,769,841,152 bytes free
.
- - End Of File - - E15431302B55D1AF6213B49EC006D934
  • 0

Advertisements

#11
SweetTech
Posted 24 November 2011 - 12:20 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Can you please attempt to download a new copy ComboFix and run a new scan with it, and see what it finds.

I'd also like to have you run TDSSKiller and see what it finds.


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#12
ztastorm
Posted 24 November 2011 - 11:45 AM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
12:38:33.0235 0672 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:38:33.0485 0672 ============================================================
12:38:33.0485 0672 Current date / time: 2011/11/24 12:38:33.0485
12:38:33.0485 0672 SystemInfo:
12:38:33.0485 0672
12:38:33.0485 0672 OS Version: 6.0.6000 ServicePack: 0.0
12:38:33.0485 0672 Product type: Workstation
12:38:33.0485 0672 ComputerName: THESINONS-PC
12:38:33.0485 0672 UserName: The Sinons
12:38:33.0485 0672 Windows directory: C:\Windows
12:38:33.0485 0672 System windows directory: C:\Windows
12:38:33.0485 0672 Processor architecture: Intel x86
12:38:33.0485 0672 Number of processors: 2
12:38:33.0485 0672 Page size: 0x1000
12:38:33.0485 0672 Boot type: Safe boot with network
12:38:33.0485 0672 ============================================================
12:38:37.0088 0672 Initialize success
12:38:43.0250 0960 ============================================================
12:38:43.0250 0960 Scan started
12:38:43.0250 0960 Mode: Manual; SigCheck; TDLFS;
12:38:43.0250 0960 ============================================================
12:38:45.0076 0960 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
12:38:45.0169 0960 ACPI - ok
12:38:45.0247 0960 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:38:45.0263 0960 adp94xx - ok
12:38:45.0310 0960 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:38:45.0325 0960 adpahci - ok
12:38:45.0372 0960 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:38:45.0372 0960 adpu160m - ok
12:38:45.0403 0960 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:38:45.0419 0960 adpu320 - ok
12:38:45.0512 0960 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
12:38:45.0544 0960 Afc - ok
12:38:45.0590 0960 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
12:38:45.0793 0960 AFD - ok
12:38:45.0902 0960 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:38:45.0902 0960 agp440 - ok
12:38:45.0980 0960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:38:45.0980 0960 aic78xx - ok
12:38:46.0043 0960 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:38:46.0043 0960 aliide - ok
12:38:46.0074 0960 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:38:46.0074 0960 amdagp - ok
12:38:46.0152 0960 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:38:46.0168 0960 amdide - ok
12:38:46.0214 0960 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:38:46.0277 0960 AmdK7 - ok
12:38:46.0324 0960 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
12:38:46.0386 0960 AmdK8 - ok
12:38:46.0511 0960 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:38:46.0526 0960 arc - ok
12:38:46.0589 0960 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:38:46.0589 0960 arcsas - ok
12:38:46.0636 0960 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:46.0682 0960 AsyncMac - ok
12:38:46.0745 0960 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
12:38:46.0760 0960 atapi - ok
12:38:46.0885 0960 atikmdag (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:47.0088 0960 atikmdag - ok
12:38:47.0135 0960 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:38:47.0150 0960 AtiPcie - ok
12:38:47.0244 0960 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
12:38:47.0306 0960 Beep - ok
12:38:47.0369 0960 blbdrive - ok
12:38:47.0416 0960 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
12:38:47.0478 0960 bowser - ok
12:38:47.0556 0960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:38:47.0712 0960 BrFiltLo - ok
12:38:47.0774 0960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:38:47.0821 0960 BrFiltUp - ok
12:38:47.0884 0960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:38:47.0946 0960 Brserid - ok
12:38:48.0040 0960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:38:48.0102 0960 BrSerWdm - ok
12:38:48.0196 0960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:38:48.0242 0960 BrUsbMdm - ok
12:38:48.0305 0960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:38:48.0352 0960 BrUsbSer - ok
12:38:48.0461 0960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:38:48.0523 0960 BTHMODEM - ok
12:38:48.0617 0960 catchme - ok
12:38:48.0726 0960 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
12:38:48.0788 0960 cdfs - ok
12:38:48.0866 0960 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
12:38:48.0929 0960 cdrom - ok
12:38:49.0007 0960 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:38:49.0054 0960 circlass - ok
12:38:49.0132 0960 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
12:38:49.0163 0960 CLFS - ok
12:38:49.0210 0960 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:38:49.0225 0960 cmdide - ok
12:38:49.0303 0960 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:38:49.0303 0960 Compbatt - ok
12:38:49.0350 0960 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:38:49.0366 0960 crcdisk - ok
12:38:49.0428 0960 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:38:49.0475 0960 Crusoe - ok
12:38:49.0584 0960 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
12:38:49.0646 0960 DfsC - ok
12:38:49.0771 0960 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
12:38:49.0787 0960 disk - ok
12:38:49.0818 0960 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
12:38:49.0880 0960 drmkaud - ok
12:38:49.0943 0960 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
12:38:50.0005 0960 DXGKrnl - ok
12:38:50.0068 0960 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:38:50.0114 0960 E1G60 - ok
12:38:50.0177 0960 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
12:38:50.0177 0960 Ecache - ok
12:38:50.0239 0960 eeCtrl - ok
12:38:50.0348 0960 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:38:50.0364 0960 elxstor - ok
12:38:50.0426 0960 EraserUtilRebootDrv - ok
12:38:50.0567 0960 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
12:38:50.0614 0960 fastfat - ok
12:38:50.0723 0960 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:38:50.0770 0960 fdc - ok
12:38:50.0879 0960 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
12:38:50.0879 0960 FileInfo - ok
12:38:50.0894 0960 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
12:38:50.0957 0960 Filetrace - ok
12:38:51.0004 0960 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:38:51.0035 0960 flpydisk - ok
12:38:51.0097 0960 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
12:38:51.0113 0960 FltMgr - ok
12:38:51.0191 0960 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
12:38:51.0222 0960 Fs_Rec - ok
12:38:51.0316 0960 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:38:51.0316 0960 gagp30kx - ok
12:38:51.0409 0960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:38:51.0409 0960 GEARAspiWDM - ok
12:38:51.0534 0960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:38:51.0596 0960 HdAudAddService - ok
12:38:51.0674 0960 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:38:51.0690 0960 HDAudBus - ok
12:38:51.0737 0960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:38:51.0784 0960 HidBth - ok
12:38:51.0846 0960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:38:51.0877 0960 HidIr - ok
12:38:51.0924 0960 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
12:38:51.0986 0960 HidUsb - ok
12:38:52.0033 0960 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:38:52.0049 0960 HpCISSs - ok
12:38:52.0127 0960 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
12:38:52.0205 0960 HTTP - ok
12:38:52.0252 0960 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:38:52.0252 0960 i2omp - ok
12:38:52.0361 0960 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
12:38:52.0392 0960 i8042prt - ok
12:38:52.0486 0960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:38:52.0501 0960 iaStorV - ok
12:38:52.0579 0960 IDSVix86 - ok
12:38:52.0673 0960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:38:52.0673 0960 iirsp - ok
12:38:52.0751 0960 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
12:38:52.0766 0960 int15 - ok
12:38:52.0907 0960 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
12:38:53.0016 0960 IntcAzAudAddService - ok
12:38:53.0063 0960 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
12:38:53.0063 0960 intelide - ok
12:38:53.0125 0960 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:38:53.0188 0960 intelppm - ok
12:38:53.0297 0960 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:38:53.0359 0960 IpFilterDriver - ok
12:38:53.0406 0960 IpInIp - ok
12:38:53.0453 0960 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:38:53.0500 0960 IPMIDRV - ok
12:38:53.0609 0960 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
12:38:53.0671 0960 IPNAT - ok
12:38:53.0765 0960 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
12:38:53.0827 0960 IRENUM - ok
12:38:53.0890 0960 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:38:53.0890 0960 isapnp - ok
12:38:53.0921 0960 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
12:38:53.0936 0960 iScsiPrt - ok
12:38:53.0999 0960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:38:53.0999 0960 iteatapi - ok
12:38:54.0030 0960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:38:54.0046 0960 iteraid - ok
12:38:54.0124 0960 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
12:38:54.0139 0960 kbdclass - ok
12:38:54.0186 0960 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
12:38:54.0202 0960 kbdhid - ok
12:38:54.0280 0960 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
12:38:54.0295 0960 KSecDD - ok
12:38:54.0389 0960 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
12:38:54.0451 0960 lltdio - ok
12:38:54.0545 0960 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:38:54.0560 0960 LSI_FC - ok
12:38:54.0576 0960 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:38:54.0576 0960 LSI_SAS - ok
12:38:54.0623 0960 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:38:54.0623 0960 LSI_SCSI - ok
12:38:54.0701 0960 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
12:38:54.0763 0960 luafv - ok
12:38:54.0872 0960 LVUSBSta (65994b84dd34e2b8fe2cbe4a077fa2f1) C:\Windows\system32\drivers\lvusbsta.sys
12:38:54.0904 0960 LVUSBSta - ok
12:38:54.0997 0960 MBAMSwissArmy - ok
12:38:55.0060 0960 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:38:55.0060 0960 megasas - ok
12:38:55.0106 0960 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
12:38:55.0169 0960 Modem - ok
12:38:55.0262 0960 MODEMCSA (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
12:38:55.0309 0960 MODEMCSA - ok
12:38:55.0434 0960 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
12:38:55.0465 0960 monitor - ok
12:38:55.0528 0960 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
12:38:55.0528 0960 mouclass - ok
12:38:55.0574 0960 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
12:38:55.0590 0960 mouhid - ok
12:38:55.0668 0960 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
12:38:55.0668 0960 MountMgr - ok
12:38:55.0730 0960 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:38:55.0730 0960 mpio - ok
12:38:55.0793 0960 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
12:38:55.0855 0960 mpsdrv - ok
12:38:55.0918 0960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:38:55.0933 0960 Mraid35x - ok
12:38:55.0964 0960 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
12:38:56.0011 0960 MRxDAV - ok
12:38:56.0058 0960 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:38:56.0105 0960 mrxsmb - ok
12:38:56.0183 0960 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:38:56.0214 0960 mrxsmb10 - ok
12:38:56.0261 0960 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:38:56.0292 0960 mrxsmb20 - ok
12:38:56.0339 0960 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:38:56.0354 0960 msahci - ok
12:38:56.0370 0960 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:38:56.0386 0960 msdsm - ok
12:38:56.0464 0960 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
12:38:56.0510 0960 Msfs - ok
12:38:56.0635 0960 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
12:38:56.0635 0960 msisadrv - ok
12:38:56.0666 0960 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
12:38:56.0713 0960 MSKSSRV - ok
12:38:56.0822 0960 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
12:38:56.0885 0960 MSPCLOCK - ok
12:38:56.0963 0960 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
12:38:57.0010 0960 MSPQM - ok
12:38:57.0072 0960 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
12:38:57.0088 0960 MsRPC - ok
12:38:57.0119 0960 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
12:38:57.0119 0960 mssmbios - ok
12:38:57.0150 0960 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
12:38:57.0197 0960 MSTEE - ok
12:38:57.0306 0960 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
12:38:57.0306 0960 Mup - ok
12:38:57.0384 0960 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
12:38:57.0431 0960 NativeWifiP - ok
12:38:57.0524 0960 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
12:38:57.0556 0960 NDIS - ok
12:38:57.0602 0960 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
12:38:57.0618 0960 NdisTapi - ok
12:38:57.0649 0960 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
12:38:57.0712 0960 Ndisuio - ok
12:38:57.0727 0960 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
12:38:57.0790 0960 NdisWan - ok
12:38:57.0868 0960 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
12:38:57.0883 0960 NDProxy - ok
12:38:57.0946 0960 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
12:38:57.0992 0960 NetBIOS - ok
12:38:58.0055 0960 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
12:38:58.0102 0960 netbt - ok
12:38:58.0226 0960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:38:58.0226 0960 nfrd960 - ok
12:38:58.0273 0960 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
12:38:58.0336 0960 Npfs - ok
12:38:58.0398 0960 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
12:38:58.0460 0960 nsiproxy - ok
12:38:58.0570 0960 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
12:38:58.0632 0960 Ntfs - ok
12:38:58.0663 0960 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
12:38:58.0694 0960 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
12:38:58.0694 0960 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
12:38:58.0741 0960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:38:58.0804 0960 ntrigdigi - ok
12:38:58.0850 0960 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
12:38:58.0897 0960 Null - ok
12:38:59.0053 0960 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:38:59.0069 0960 nvraid - ok
12:38:59.0162 0960 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:38:59.0162 0960 nvstor - ok
12:38:59.0225 0960 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:38:59.0225 0960 nv_agp - ok
12:38:59.0303 0960 NwlnkFlt - ok
12:38:59.0318 0960 NwlnkFwd - ok
12:38:59.0381 0960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
12:38:59.0443 0960 ohci1394 - ok
12:38:59.0537 0960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
12:38:59.0599 0960 Parport - ok
12:38:59.0677 0960 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
12:38:59.0677 0960 partmgr - ok
12:38:59.0693 0960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
12:38:59.0740 0960 Parvdm - ok
12:38:59.0771 0960 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
12:38:59.0786 0960 pci - ok
12:38:59.0833 0960 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
12:38:59.0833 0960 pciide - ok
12:38:59.0911 0960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:38:59.0927 0960 pcmcia - ok
12:38:59.0989 0960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:39:00.0130 0960 PEAUTH - ok
12:39:00.0239 0960 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
12:39:00.0286 0960 PptpMiniport - ok
12:39:00.0317 0960 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:39:00.0379 0960 Processor - ok
12:39:00.0473 0960 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
12:39:00.0488 0960 PSched - ok
12:39:00.0535 0960 PSDFilter (c2821f33b846a52fdc25ff554acf11f2) C:\Windows\system32\DRIVERS\psdfilter.sys
12:39:00.0535 0960 PSDFilter - ok
12:39:00.0582 0960 PSDNServ (28d3a91fe7791b970e6b15c88f98dfbd) C:\Windows\system32\drivers\PSDNServ.sys
12:39:00.0582 0960 PSDNServ - ok
12:39:00.0613 0960 psdvdisk (3a66f69459052de13ef8a0f77d728a73) C:\Windows\system32\drivers\psdvdisk.sys
12:39:00.0613 0960 psdvdisk - ok
12:39:00.0676 0960 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:39:00.0691 0960 PxHelp20 - ok
12:39:00.0816 0960 QCMerced (a5d52c11eff8b133432d98b2c2a4aee6) C:\Windows\system32\DRIVERS\LVCM.sys
12:39:00.0847 0960 QCMerced - ok
12:39:00.0956 0960 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:39:01.0003 0960 ql2300 - ok
12:39:01.0144 0960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:39:01.0144 0960 ql40xx - ok
12:39:01.0190 0960 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
12:39:01.0222 0960 QWAVEdrv - ok
12:39:01.0268 0960 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
12:39:01.0331 0960 RasAcd - ok
12:39:01.0378 0960 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:01.0393 0960 Rasl2tp - ok
12:39:01.0424 0960 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:01.0487 0960 RasPppoe - ok
12:39:01.0596 0960 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
12:39:01.0658 0960 rdbss - ok
12:39:01.0939 0960 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:01.0986 0960 RDPCDD - ok
12:39:02.0251 0960 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:39:02.0345 0960 rdpdr - ok
12:39:02.0626 0960 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
12:39:02.0688 0960 RDPENCDD - ok
12:39:02.0969 0960 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
12:39:03.0078 0960 RDPWD - ok
12:39:03.0343 0960 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
12:39:03.0421 0960 rspndr - ok
12:39:03.0671 0960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:39:03.0718 0960 sbp2port - ok
12:39:04.0076 0960 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
12:39:04.0076 0960 SBRE - ok
12:39:04.0357 0960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:39:04.0420 0960 secdrv - ok
12:39:04.0716 0960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
12:39:04.0794 0960 Serenum - ok
12:39:05.0044 0960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
12:39:05.0106 0960 Serial - ok
12:39:05.0340 0960 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
12:39:05.0356 0960 sermouse - ok
12:39:05.0683 0960 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:39:05.0746 0960 sffdisk - ok
12:39:05.0995 0960 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:39:06.0058 0960 sffp_mmc - ok
12:39:06.0323 0960 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:39:06.0385 0960 sffp_sd - ok
12:39:06.0666 0960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:39:06.0744 0960 sfloppy - ok
12:39:07.0025 0960 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:39:07.0040 0960 sisagp - ok
12:39:07.0352 0960 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:39:07.0368 0960 SiSRaid2 - ok
12:39:07.0664 0960 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:39:07.0680 0960 SiSRaid4 - ok
12:39:07.0727 0960 Smb - ok
12:39:07.0914 0960 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
12:39:08.0023 0960 smserial - ok
12:39:08.0132 0960 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
12:39:08.0132 0960 spldr - ok
12:39:08.0195 0960 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
12:39:08.0242 0960 srv - ok
12:39:08.0351 0960 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
12:39:08.0398 0960 srv2 - ok
12:39:08.0460 0960 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
12:39:08.0491 0960 srvnet - ok
12:39:08.0538 0960 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
12:39:08.0585 0960 sscdbus - ok
12:39:08.0647 0960 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:39:08.0663 0960 sscdmdfl - ok
12:39:08.0725 0960 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
12:39:08.0725 0960 sscdmdm - ok
12:39:08.0772 0960 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
12:39:08.0803 0960 sscdserd - ok
12:39:08.0881 0960 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
12:39:08.0881 0960 swenum - ok
12:39:08.0928 0960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:39:08.0928 0960 Symc8xx - ok
12:39:08.0959 0960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:39:08.0959 0960 Sym_hi - ok
12:39:08.0975 0960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:39:08.0975 0960 Sym_u3 - ok
12:39:09.0053 0960 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
12:39:09.0146 0960 Tcpip - ok
12:39:09.0209 0960 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
12:39:09.0240 0960 Tcpip6 - ok
12:39:09.0287 0960 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
12:39:09.0349 0960 tcpipreg - ok
12:39:09.0380 0960 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
12:39:09.0443 0960 TDPIPE - ok
12:39:09.0521 0960 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
12:39:09.0552 0960 TDTCP - ok
12:39:09.0614 0960 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
12:39:09.0677 0960 tdx - ok
12:39:09.0755 0960 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
12:39:09.0770 0960 TermDD - ok
12:39:09.0864 0960 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:09.0911 0960 tssecsrv - ok
12:39:10.0004 0960 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
12:39:10.0020 0960 tunmp - ok
12:39:10.0051 0960 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
12:39:10.0067 0960 tunnel - ok
12:39:10.0129 0960 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:39:10.0129 0960 uagp35 - ok
12:39:10.0176 0960 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
12:39:10.0238 0960 udfs - ok
12:39:10.0348 0960 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:39:10.0363 0960 uliagpkx - ok
12:39:10.0410 0960 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:39:10.0426 0960 uliahci - ok
12:39:10.0457 0960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:39:10.0457 0960 UlSata - ok
12:39:10.0472 0960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:39:10.0488 0960 ulsata2 - ok
12:39:10.0535 0960 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
12:39:10.0597 0960 umbus - ok
12:39:10.0706 0960 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
12:39:10.0753 0960 USBAAPL - ok
12:39:10.0816 0960 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
12:39:10.0878 0960 usbaudio - ok
12:39:10.0987 0960 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
12:39:11.0018 0960 usbbus - ok
12:39:11.0096 0960 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:11.0128 0960 usbccgp - ok
12:39:11.0174 0960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:39:11.0206 0960 usbcir - ok
12:39:11.0299 0960 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:39:11.0315 0960 UsbDiag - ok
12:39:11.0377 0960 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
12:39:11.0377 0960 usbehci - ok
12:39:11.0408 0960 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
12:39:11.0440 0960 usbhub - ok
12:39:11.0502 0960 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:39:11.0533 0960 USBModem - ok
12:39:11.0564 0960 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
12:39:11.0596 0960 usbohci - ok
12:39:11.0627 0960 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
12:39:11.0689 0960 usbprint - ok
12:39:11.0752 0960 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
12:39:11.0814 0960 usbscan - ok
12:39:11.0892 0960 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:11.0939 0960 USBSTOR - ok
12:39:12.0001 0960 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:39:12.0048 0960 usbuhci - ok
12:39:12.0095 0960 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:12.0142 0960 vga - ok
12:39:12.0157 0960 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
12:39:12.0220 0960 VgaSave - ok
12:39:12.0251 0960 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:39:12.0251 0960 viaagp - ok
12:39:12.0329 0960 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:39:12.0376 0960 ViaC7 - ok
12:39:12.0407 0960 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:39:12.0422 0960 viaide - ok
12:39:12.0422 0960 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
12:39:12.0438 0960 volmgr - ok
12:39:12.0469 0960 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
12:39:12.0485 0960 volmgrx - ok
12:39:12.0563 0960 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
12:39:12.0578 0960 volsnap - ok
12:39:12.0625 0960 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:39:12.0641 0960 vsmraid - ok
12:39:12.0703 0960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:39:12.0766 0960 WacomPen - ok
12:39:12.0890 0960 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:12.0890 0960 Wanarp - ok
12:39:12.0922 0960 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
12:39:12.0937 0960 Wanarpv6 - ok
12:39:12.0984 0960 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:39:12.0984 0960 Wd - ok
12:39:13.0093 0960 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
12:39:13.0140 0960 Wdf01000 - ok
12:39:13.0327 0960 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:39:13.0374 0960 WmiAcpi - ok
12:39:13.0452 0960 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
12:39:13.0499 0960 WpdUsb - ok
12:39:13.0546 0960 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
12:39:13.0608 0960 ws2ifsl - ok
12:39:13.0748 0960 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:13.0811 0960 WUDFRd - ok
12:39:13.0951 0960 yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
12:39:13.0998 0960 yukonwlh - ok
12:39:14.0045 0960 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
12:39:14.0747 0960 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:39:14.0747 0960 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:39:14.0778 0960 Boot (0x1200) (173487ed389bf750d051cb107e2df754) \Device\Harddisk0\DR0\Partition0
12:39:14.0778 0960 \Device\Harddisk0\DR0\Partition0 - ok
12:39:14.0794 0960 Boot (0x1200) (382b663fa0388265342e2a4498f1e6af) \Device\Harddisk0\DR0\Partition1
12:39:14.0794 0960 \Device\Harddisk0\DR0\Partition1 - ok
12:39:14.0794 0960 ============================================================
12:39:14.0794 0960 Scan finished
12:39:14.0794 0960 ============================================================
12:39:14.0840 1096 Detected object count: 2
12:39:14.0840 1096 Actual detected object count: 2
12:39:29.0208 1096 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:39:29.0208 1096 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:39:29.0208 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:39:29.0208 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:39:53.0591 0596 Deinitialize success

I tried running combofix several times but that same message about "For valid formats type CALL /? or FOR /?
The syntax of the command is incorrect" kept coming up and no logfile would pop up. I went in manually and this was the only file that resembled a logfile but I'm not sure:

ComboFix 11-11-23.03 - The Sinons 11/24/2011 10:02:01.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1791.940 [GMT -5:00]
Running from: C:\Users\The Sinons\Desktop\ComboFix.exe

Thanks so much for your help and patience!
* Created a new restore point
  • 0

#13
ztastorm
Posted 24 November 2011 - 11:47 AM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
O yeah and in order to run either scan I have to be in safe mode..initially the TSS ran in reg mode but then neither would run bc it said something about the rootkit it needed was marked for deletion. So now in order to get any kind of log or whatever to post on here I have to be in safe mode.
Thanks!!
  • 0

#14
SweetTech
Posted 25 November 2011 - 12:32 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Can you try to run ComboFix in Safe Mode and see if it will run for you there?

Also when you ran TDSSKiller were you able to take any other action besides skip?

12:39:29.0208 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:39:29.0208 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#15
ztastorm
Posted 25 November 2011 - 12:13 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ComboFix 11-11-25.02 - The Sinons 11/25/2011 12:56:40.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1791.1353 [GMT -5:00]
Running from: c:\users\The Sinons\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 18:05 . 2011-11-25 18:05 -------- d-----w- c:\users\The Sinons\AppData\Local\temp
2011-11-25 18:05 . 2011-11-25 18:05 -------- d-----w- c:\users\eeglzfan69\AppData\Local\temp
2011-11-25 18:05 . 2011-11-25 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 17:55 . 2011-11-25 18:05 -------- d-----w- \ComboFix \ComboFix
2011-11-22 12:42 . 2011-11-24 07:27 -------- d-----w- \Qoobox \Qoobox
2011-11-22 01:01 . 2011-11-22 01:01 -------- d-----w- C:\_OTL
2011-11-22 01:01 . 2011-11-22 01:01 -------- d-----w- \_OTL \_OTL
2011-11-20 11:52 . 2011-11-20 11:52 0 --sha-r- \MSDOS.SYS \MSDOS.SYS
2011-11-20 11:52 . 2011-11-20 11:52 0 --sha-r- \IO.SYS \IO.SYS
2011-11-18 07:24 . 2011-11-18 07:24 -------- d-----w- c:\users\The Sinons\AppData\Roaming\Sammsoft
2011-11-18 07:24 . 2011-11-18 07:24 -------- d-----w- c:\program files\ARO 2011
2011-11-18 00:58 . 2010-11-09 18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-18 00:58 . 2010-11-09 18:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-11-18 00:57 . 2011-11-18 03:38 -------- d-----w- C:\VIPRERESCUE
2011-11-18 00:57 . 2011-11-18 03:38 -------- d-----w- \VIPRERESCUE \VIPRER~1
2011-11-16 22:24 . 2011-11-16 22:24 101888 ----a-w- c:\users\The Sinons\AppData\Roaming\Microsoft\9673\5D84.tmp
2011-11-11 19:07 . 2011-11-11 19:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 19:05 . 2011-11-11 19:05 18944 ----a-r- c:\users\The Sinons\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-11-11 19:04 . 2011-11-11 19:04 -------- d-----w- c:\program files\Surf Canyon
2011-11-11 18:54 . 2011-11-12 02:45 -------- d-----w- c:\users\The Sinons\AppData\Roaming\Fighters
2011-11-11 18:54 . 2011-11-11 19:04 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2009-07-13 22:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69CE821F-3668-475A-B66F-94719B322DE3}]
2010-10-29 14:18 1530368 ----a-w- c:\program files\Dallas Cowboys\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f722f063-925c-43d2-8308-584cfc1297fe}]
2010-03-08 13:28 2349080 ----a-w- c:\program files\Philadelphia_Phillies\tbPhi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f722f063-925c-43d2-8308-584cfc1297fe}"= "c:\program files\Philadelphia_Phillies\tbPhi0.dll" [2010-03-08 2349080]
"{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files\Dallas Cowboys\Toolbar.dll" [2010-10-29 1530368]
.
[HKEY_CLASSES_ROOT\clsid\{f722f063-925c-43d2-8308-584cfc1297fe}]
.
[HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F722F063-925C-43D2-8308-584CFC1297FE}"= "c:\program files\Philadelphia_Phillies\tbPhi0.dll" [2010-03-08 2349080]
"{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files\Dallas Cowboys\Toolbar.dll" [2010-10-29 1530368]
.
[HKEY_CLASSES_ROOT\clsid\{f722f063-925c-43d2-8308-584cfc1297fe}]
.
[HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}]
[HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winupd"="\\?\globalroot\Device\HarddiskVolume2\Users\THESIN~1\AppData\Local\Temp:winupd.exe" [?]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-19 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-10-07 2314608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Sinons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\users\The Sinons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 17:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-10-15 20:43 3387392 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-16 01:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 06:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 07:04 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-15 21:17 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-09-09 06:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]
2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5300 Series Fax Server]
2007-06-22 03:18 307888 ----a-w- c:\program files\Lexmark 5300 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 08:06 20480 ----a-w- c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 03:17 455344 ----a-w- c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-02-19 08:07 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-02-02 08:37 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-19 18:30 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRQ Uploader]
2011-06-16 11:50 2305464 ----a-r- c:\program files\NortonVRQ\Engine\5.0.6.3\VRQUploadFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-02-19 08:15 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4013189884-1841922214-460819658-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvix86.sys [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 598960]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe [2007-06-14 99248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-15 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86752751
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
*Deregistered* - 86752751
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = localhost;*.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 13:05
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="s\00y\00s\00t\00e\00m\003\002\00\\00D\00R\00I\00V\00E\00R\00S\00\\00s\00m\00b\00.\00s\00y\00s"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-25 13:07:07
ComboFix-quarantined-files.txt 2011-11-25 18:07
ComboFix2.txt 2011-11-24 02:28
.
Pre-Run: 50,845,794,304 bytes free
Post-Run: 50,828,693,504 bytes free
.
- - End Of File - - 2ECFEFA4B43B3601C2F6FAD5A9BC8FA2


I wound up running the TDSS Killer several times..the 1st time 3 threats were detected..2 of the them were in red font & I chose "cure" the 3rd only had the "skip" option. The "reboot" prompt never came up after any of the scans I ran. I wound up running it a bunch of times because I was trying to follow ur directions correctly and except for that first time, only "skip" was ever an option and again, it always went right back to the first screen. Here's the log from a scan I just ran:

13:08:01.0067 0368 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:08:01.0317 0368 ============================================================
13:08:01.0317 0368 Current date / time: 2011/11/25 13:08:01.0317
13:08:01.0317 0368 SystemInfo:
13:08:01.0317 0368
13:08:01.0317 0368 OS Version: 6.0.6000 ServicePack: 0.0
13:08:01.0317 0368 Product type: Workstation
13:08:01.0317 0368 ComputerName: THESINONS-PC
13:08:01.0317 0368 UserName: The Sinons
13:08:01.0317 0368 Windows directory: C:\Windows
13:08:01.0317 0368 System windows directory: C:\Windows
13:08:01.0317 0368 Processor architecture: Intel x86
13:08:01.0317 0368 Number of processors: 2
13:08:01.0317 0368 Page size: 0x1000
13:08:01.0317 0368 Boot type: Safe boot with network
13:08:01.0317 0368 ============================================================
13:08:01.0863 0368 Initialize success
13:08:07.0167 1764 ============================================================
13:08:07.0167 1764 Scan started
13:08:07.0167 1764 Mode: Manual; SigCheck; TDLFS;
13:08:07.0167 1764 ============================================================
13:08:07.0588 1764 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
13:08:07.0682 1764 ACPI - ok
13:08:07.0728 1764 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:08:07.0744 1764 adp94xx - ok
13:08:07.0806 1764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:08:07.0822 1764 adpahci - ok
13:08:07.0838 1764 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:08:07.0853 1764 adpu160m - ok
13:08:07.0900 1764 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:08:07.0900 1764 adpu320 - ok
13:08:08.0009 1764 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
13:08:08.0040 1764 Afc - ok
13:08:08.0103 1764 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
13:08:08.0228 1764 AFD - ok
13:08:08.0290 1764 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:08:08.0306 1764 agp440 - ok
13:08:08.0368 1764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:08:08.0368 1764 aic78xx - ok
13:08:08.0430 1764 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:08:08.0430 1764 aliide - ok
13:08:08.0508 1764 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:08:08.0508 1764 amdagp - ok
13:08:08.0602 1764 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:08:08.0602 1764 amdide - ok
13:08:08.0649 1764 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:08:08.0711 1764 AmdK7 - ok
13:08:08.0789 1764 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
13:08:08.0836 1764 AmdK8 - ok
13:08:08.0992 1764 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:08:09.0008 1764 arc - ok
13:08:09.0054 1764 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:08:09.0054 1764 arcsas - ok
13:08:09.0132 1764 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
13:08:09.0179 1764 AsyncMac - ok
13:08:09.0288 1764 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
13:08:09.0304 1764 atapi - ok
13:08:09.0413 1764 atikmdag (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
13:08:09.0522 1764 atikmdag - ok
13:08:09.0600 1764 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:08:09.0616 1764 AtiPcie - ok
13:08:09.0725 1764 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
13:08:09.0772 1764 Beep - ok
13:08:09.0866 1764 blbdrive - ok
13:08:09.0959 1764 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
13:08:10.0022 1764 bowser - ok
13:08:10.0131 1764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:08:10.0162 1764 BrFiltLo - ok
13:08:10.0178 1764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:08:10.0224 1764 BrFiltUp - ok
13:08:10.0334 1764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:08:10.0380 1764 Brserid - ok
13:08:10.0458 1764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:08:10.0505 1764 BrSerWdm - ok
13:08:10.0614 1764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:08:10.0661 1764 BrUsbMdm - ok
13:08:10.0770 1764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:08:10.0802 1764 BrUsbSer - ok
13:08:10.0926 1764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:08:10.0973 1764 BTHMODEM - ok
13:08:11.0067 1764 catchme - ok
13:08:11.0160 1764 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
13:08:11.0223 1764 cdfs - ok
13:08:11.0285 1764 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
13:08:11.0332 1764 cdrom - ok
13:08:11.0394 1764 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:08:11.0457 1764 circlass - ok
13:08:11.0488 1764 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
13:08:11.0504 1764 CLFS - ok
13:08:11.0550 1764 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:08:11.0550 1764 cmdide - ok
13:08:11.0582 1764 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:08:11.0582 1764 Compbatt - ok
13:08:11.0628 1764 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:08:11.0644 1764 crcdisk - ok
13:08:11.0675 1764 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:08:11.0738 1764 Crusoe - ok
13:08:11.0862 1764 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
13:08:11.0909 1764 DfsC - ok
13:08:12.0065 1764 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
13:08:12.0065 1764 disk - ok
13:08:12.0143 1764 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
13:08:12.0206 1764 drmkaud - ok
13:08:12.0284 1764 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
13:08:12.0330 1764 DXGKrnl - ok
13:08:12.0424 1764 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:08:12.0486 1764 E1G60 - ok
13:08:12.0596 1764 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
13:08:12.0596 1764 Ecache - ok
13:08:12.0674 1764 eeCtrl - ok
13:08:12.0814 1764 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:08:12.0830 1764 elxstor - ok
13:08:12.0892 1764 EraserUtilRebootDrv - ok
13:08:13.0032 1764 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
13:08:13.0095 1764 fastfat - ok
13:08:13.0157 1764 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:08:13.0220 1764 fdc - ok
13:08:13.0422 1764 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
13:08:13.0422 1764 FileInfo - ok
13:08:13.0532 1764 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
13:08:13.0594 1764 Filetrace - ok
13:08:13.0641 1764 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:08:13.0703 1764 flpydisk - ok
13:08:13.0719 1764 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
13:08:13.0734 1764 FltMgr - ok
13:08:13.0844 1764 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
13:08:13.0859 1764 Fs_Rec - ok
13:08:13.0922 1764 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:08:13.0922 1764 gagp30kx - ok
13:08:13.0984 1764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:08:13.0984 1764 GEARAspiWDM - ok
13:08:14.0156 1764 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:08:14.0218 1764 HdAudAddService - ok
13:08:14.0234 1764 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:08:14.0265 1764 HDAudBus - ok
13:08:14.0280 1764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:08:14.0343 1764 HidBth - ok
13:08:14.0405 1764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:08:14.0452 1764 HidIr - ok
13:08:14.0530 1764 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
13:08:14.0592 1764 HidUsb - ok
13:08:14.0702 1764 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:08:14.0702 1764 HpCISSs - ok
13:08:14.0748 1764 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
13:08:14.0795 1764 HTTP - ok
13:08:14.0858 1764 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:08:14.0858 1764 i2omp - ok
13:08:14.0936 1764 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
13:08:14.0951 1764 i8042prt - ok
13:08:14.0982 1764 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:08:14.0998 1764 iaStorV - ok
13:08:15.0045 1764 IDSVix86 - ok
13:08:15.0170 1764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:08:15.0170 1764 iirsp - ok
13:08:15.0248 1764 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
13:08:15.0248 1764 int15 - ok
13:08:15.0388 1764 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
13:08:15.0450 1764 IntcAzAudAddService - ok
13:08:15.0497 1764 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:08:15.0497 1764 intelide - ok
13:08:15.0528 1764 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:08:15.0591 1764 intelppm - ok
13:08:15.0716 1764 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:08:15.0778 1764 IpFilterDriver - ok
13:08:15.0840 1764 IpInIp - ok
13:08:15.0856 1764 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:08:15.0918 1764 IPMIDRV - ok
13:08:15.0981 1764 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
13:08:16.0043 1764 IPNAT - ok
13:08:16.0168 1764 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
13:08:16.0199 1764 IRENUM - ok
13:08:16.0262 1764 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:08:16.0262 1764 isapnp - ok
13:08:16.0277 1764 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
13:08:16.0293 1764 iScsiPrt - ok
13:08:16.0355 1764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:08:16.0371 1764 iteatapi - ok
13:08:16.0402 1764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:08:16.0418 1764 iteraid - ok
13:08:16.0496 1764 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
13:08:16.0496 1764 kbdclass - ok
13:08:16.0527 1764 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
13:08:16.0558 1764 kbdhid - ok
13:08:16.0589 1764 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
13:08:16.0620 1764 KSecDD - ok
13:08:16.0683 1764 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
13:08:16.0745 1764 lltdio - ok
13:08:16.0854 1764 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:08:16.0854 1764 LSI_FC - ok
13:08:16.0901 1764 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:08:16.0901 1764 LSI_SAS - ok
13:08:16.0948 1764 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:08:16.0964 1764 LSI_SCSI - ok
13:08:17.0026 1764 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
13:08:17.0088 1764 luafv - ok
13:08:17.0198 1764 LVUSBSta (65994b84dd34e2b8fe2cbe4a077fa2f1) C:\Windows\system32\drivers\lvusbsta.sys
13:08:17.0229 1764 LVUSBSta - ok
13:08:17.0307 1764 MBAMSwissArmy - ok
13:08:17.0369 1764 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:08:17.0369 1764 megasas - ok
13:08:17.0416 1764 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
13:08:17.0478 1764 Modem - ok
13:08:17.0588 1764 MODEMCSA (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
13:08:17.0634 1764 MODEMCSA - ok
13:08:17.0728 1764 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
13:08:17.0775 1764 monitor - ok
13:08:17.0822 1764 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
13:08:17.0822 1764 mouclass - ok
13:08:17.0884 1764 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
13:08:17.0915 1764 mouhid - ok
13:08:17.0962 1764 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
13:08:17.0962 1764 MountMgr - ok
13:08:18.0009 1764 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:08:18.0009 1764 mpio - ok
13:08:18.0056 1764 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
13:08:18.0102 1764 mpsdrv - ok
13:08:18.0134 1764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:08:18.0134 1764 Mraid35x - ok
13:08:18.0180 1764 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
13:08:18.0227 1764 MRxDAV - ok
13:08:18.0321 1764 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:08:18.0368 1764 mrxsmb - ok
13:08:18.0430 1764 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:08:18.0461 1764 mrxsmb10 - ok
13:08:18.0570 1764 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:08:18.0602 1764 mrxsmb20 - ok
13:08:18.0711 1764 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:08:18.0711 1764 msahci - ok
13:08:18.0742 1764 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:08:18.0758 1764 msdsm - ok
13:08:18.0789 1764 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
13:08:18.0851 1764 Msfs - ok
13:08:18.0898 1764 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
13:08:18.0914 1764 msisadrv - ok
13:08:19.0023 1764 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
13:08:19.0070 1764 MSKSSRV - ok
13:08:19.0179 1764 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
13:08:19.0226 1764 MSPCLOCK - ok
13:08:19.0335 1764 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
13:08:19.0382 1764 MSPQM - ok
13:08:19.0491 1764 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
13:08:19.0506 1764 MsRPC - ok
13:08:19.0553 1764 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
13:08:19.0569 1764 mssmbios - ok
13:08:19.0600 1764 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
13:08:19.0647 1764 MSTEE - ok
13:08:19.0709 1764 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
13:08:19.0725 1764 Mup - ok
13:08:19.0803 1764 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
13:08:19.0818 1764 NativeWifiP - ok
13:08:19.0896 1764 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
13:08:19.0912 1764 NDIS - ok
13:08:19.0974 1764 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
13:08:20.0021 1764 NdisTapi - ok
13:08:20.0037 1764 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
13:08:20.0099 1764 Ndisuio - ok
13:08:20.0130 1764 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
13:08:20.0193 1764 NdisWan - ok
13:08:20.0271 1764 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
13:08:20.0302 1764 NDProxy - ok
13:08:20.0349 1764 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
13:08:20.0411 1764 NetBIOS - ok
13:08:20.0505 1764 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
13:08:20.0567 1764 netbt - ok
13:08:20.0661 1764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:08:20.0661 1764 nfrd960 - ok
13:08:20.0692 1764 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
13:08:20.0739 1764 Npfs - ok
13:08:20.0817 1764 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
13:08:20.0879 1764 nsiproxy - ok
13:08:20.0988 1764 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
13:08:21.0020 1764 Ntfs - ok
13:08:21.0082 1764 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
13:08:21.0113 1764 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:08:21.0113 1764 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:08:21.0144 1764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:08:21.0207 1764 ntrigdigi - ok
13:08:21.0285 1764 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
13:08:21.0316 1764 Null - ok
13:08:21.0394 1764 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:08:21.0410 1764 nvraid - ok
13:08:21.0472 1764 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:08:21.0472 1764 nvstor - ok
13:08:21.0519 1764 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:08:21.0534 1764 nv_agp - ok
13:08:21.0550 1764 NwlnkFlt - ok
13:08:21.0612 1764 NwlnkFwd - ok
13:08:21.0659 1764 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
13:08:21.0722 1764 ohci1394 - ok
13:08:21.0862 1764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
13:08:21.0924 1764 Parport - ok
13:08:21.0987 1764 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
13:08:21.0987 1764 partmgr - ok
13:08:22.0065 1764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
13:08:22.0096 1764 Parvdm - ok
13:08:22.0174 1764 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
13:08:22.0174 1764 pci - ok
13:08:22.0221 1764 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
13:08:22.0236 1764 pciide - ok
13:08:22.0268 1764 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:08:22.0268 1764 pcmcia - ok
13:08:22.0330 1764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:08:22.0408 1764 PEAUTH - ok
13:08:22.0548 1764 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
13:08:22.0580 1764 PptpMiniport - ok
13:08:22.0626 1764 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:08:22.0689 1764 Processor - ok
13:08:22.0767 1764 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
13:08:22.0782 1764 PSched - ok
13:08:22.0798 1764 PSDFilter (c2821f33b846a52fdc25ff554acf11f2) C:\Windows\system32\DRIVERS\psdfilter.sys
13:08:22.0814 1764 PSDFilter - ok
13:08:22.0907 1764 PSDNServ (28d3a91fe7791b970e6b15c88f98dfbd) C:\Windows\system32\drivers\PSDNServ.sys
13:08:22.0907 1764 PSDNServ - ok
13:08:22.0938 1764 psdvdisk (3a66f69459052de13ef8a0f77d728a73) C:\Windows\system32\drivers\psdvdisk.sys
13:08:22.0938 1764 psdvdisk - ok
13:08:23.0001 1764 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
13:08:23.0001 1764 PxHelp20 - ok
13:08:23.0079 1764 QCMerced (a5d52c11eff8b133432d98b2c2a4aee6) C:\Windows\system32\DRIVERS\LVCM.sys
13:08:23.0110 1764 QCMerced - ok
13:08:23.0172 1764 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:08:23.0204 1764 ql2300 - ok
13:08:23.0235 1764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:08:23.0250 1764 ql40xx - ok
13:08:23.0266 1764 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
13:08:23.0313 1764 QWAVEdrv - ok
13:08:23.0391 1764 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
13:08:23.0438 1764 RasAcd - ok
13:08:23.0500 1764 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:08:23.0516 1764 Rasl2tp - ok
13:08:23.0547 1764 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
13:08:23.0594 1764 RasPppoe - ok
13:08:23.0703 1764 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
13:08:23.0765 1764 rdbss - ok
13:08:23.0828 1764 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:08:23.0859 1764 RDPCDD - ok
13:08:23.0937 1764 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:08:23.0999 1764 rdpdr - ok
13:08:24.0093 1764 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
13:08:24.0140 1764 RDPENCDD - ok
13:08:24.0249 1764 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
13:08:24.0311 1764 RDPWD - ok
13:08:24.0405 1764 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
13:08:24.0452 1764 rspndr - ok
13:08:24.0530 1764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:08:24.0545 1764 sbp2port - ok
13:08:24.0592 1764 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
13:08:24.0592 1764 SBRE - ok
13:08:24.0717 1764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:08:24.0764 1764 secdrv - ok
13:08:24.0873 1764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
13:08:24.0920 1764 Serenum - ok
13:08:25.0029 1764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
13:08:25.0091 1764 Serial - ok
13:08:25.0122 1764 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
13:08:25.0154 1764 sermouse - ok
13:08:25.0278 1764 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:08:25.0325 1764 sffdisk - ok
13:08:25.0419 1764 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:08:25.0466 1764 sffp_mmc - ok
13:08:25.0575 1764 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:08:25.0622 1764 sffp_sd - ok
13:08:25.0731 1764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:08:25.0778 1764 sfloppy - ok
13:08:25.0902 1764 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:08:25.0902 1764 sisagp - ok
13:08:25.0949 1764 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:08:25.0949 1764 SiSRaid2 - ok
13:08:26.0012 1764 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:08:26.0012 1764 SiSRaid4 - ok
13:08:26.0043 1764 Smb - ok
13:08:26.0136 1764 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
13:08:26.0199 1764 smserial - ok
13:08:26.0292 1764 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
13:08:26.0292 1764 spldr - ok
13:08:26.0370 1764 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
13:08:26.0417 1764 srv - ok
13:08:26.0495 1764 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
13:08:26.0542 1764 srv2 - ok
13:08:26.0604 1764 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
13:08:26.0636 1764 srvnet - ok
13:08:26.0714 1764 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
13:08:26.0745 1764 sscdbus - ok
13:08:26.0854 1764 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:08:26.0901 1764 sscdmdfl - ok
13:08:26.0948 1764 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
13:08:26.0948 1764 sscdmdm - ok
13:08:26.0994 1764 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
13:08:27.0026 1764 sscdserd - ok
13:08:27.0104 1764 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
13:08:27.0104 1764 swenum - ok
13:08:27.0135 1764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:08:27.0135 1764 Symc8xx - ok
13:08:27.0182 1764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:08:27.0182 1764 Sym_hi - ok
13:08:27.0260 1764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:08:27.0260 1764 Sym_u3 - ok
13:08:27.0338 1764 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
13:08:27.0400 1764 Tcpip - ok
13:08:27.0525 1764 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
13:08:27.0540 1764 Tcpip6 - ok
13:08:27.0650 1764 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
13:08:27.0696 1764 tcpipreg - ok
13:08:27.0806 1764 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
13:08:27.0868 1764 TDPIPE - ok
13:08:27.0930 1764 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
13:08:27.0977 1764 TDTCP - ok
13:08:28.0055 1764 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
13:08:28.0102 1764 tdx - ok
13:08:28.0196 1764 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
13:08:28.0211 1764 TermDD - ok
13:08:28.0305 1764 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:08:28.0352 1764 tssecsrv - ok
13:08:28.0445 1764 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
13:08:28.0461 1764 tunmp - ok
13:08:28.0508 1764 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
13:08:28.0523 1764 tunnel - ok
13:08:28.0586 1764 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:08:28.0601 1764 uagp35 - ok
13:08:28.0648 1764 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
13:08:28.0710 1764 udfs - ok
13:08:28.0788 1764 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:08:28.0804 1764 uliagpkx - ok
13:08:28.0835 1764 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:08:28.0851 1764 uliahci - ok
13:08:28.0913 1764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:08:28.0913 1764 UlSata - ok
13:08:28.0960 1764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:08:28.0960 1764 ulsata2 - ok
13:08:28.0991 1764 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
13:08:29.0054 1764 umbus - ok
13:08:29.0194 1764 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
13:08:29.0241 1764 USBAAPL - ok
13:08:29.0350 1764 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
13:08:29.0381 1764 usbaudio - ok
13:08:29.0475 1764 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
13:08:29.0522 1764 usbbus - ok
13:08:29.0584 1764 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
13:08:29.0615 1764 usbccgp - ok
13:08:29.0678 1764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:08:29.0709 1764 usbcir - ok
13:08:29.0787 1764 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
13:08:29.0802 1764 UsbDiag - ok
13:08:29.0880 1764 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
13:08:29.0896 1764 usbehci - ok
13:08:29.0927 1764 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
13:08:29.0958 1764 usbhub - ok
13:08:30.0052 1764 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
13:08:30.0052 1764 USBModem - ok
13:08:30.0099 1764 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
13:08:30.0130 1764 usbohci - ok
13:08:30.0161 1764 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
13:08:30.0208 1764 usbprint - ok
13:08:30.0302 1764 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
13:08:30.0364 1764 usbscan - ok
13:08:30.0442 1764 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:08:30.0489 1764 USBSTOR - ok
13:08:30.0536 1764 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:08:30.0567 1764 usbuhci - ok
13:08:30.0676 1764 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:08:30.0707 1764 vga - ok
13:08:30.0785 1764 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
13:08:30.0832 1764 VgaSave - ok
13:08:30.0910 1764 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:08:30.0910 1764 viaagp - ok
13:08:30.0972 1764 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:08:31.0035 1764 ViaC7 - ok
13:08:31.0144 1764 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:08:31.0160 1764 viaide - ok
13:08:31.0160 1764 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
13:08:31.0175 1764 volmgr - ok
13:08:31.0191 1764 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
13:08:31.0206 1764 volmgrx - ok
13:08:31.0238 1764 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
13:08:31.0253 1764 volsnap - ok
13:08:31.0300 1764 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:08:31.0316 1764 vsmraid - ok
13:08:31.0347 1764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:08:31.0409 1764 WacomPen - ok
13:08:31.0503 1764 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:31.0518 1764 Wanarp - ok
13:08:31.0518 1764 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:31.0534 1764 Wanarpv6 - ok
13:08:31.0565 1764 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:08:31.0565 1764 Wd - ok
13:08:31.0628 1764 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
13:08:31.0659 1764 Wdf01000 - ok
13:08:31.0815 1764 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:08:31.0846 1764 WmiAcpi - ok
13:08:31.0971 1764 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
13:08:32.0018 1764 WpdUsb - ok
13:08:32.0111 1764 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
13:08:32.0158 1764 ws2ifsl - ok
13:08:32.0298 1764 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:08:32.0345 1764 WUDFRd - ok
13:08:32.0501 1764 yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
13:08:32.0548 1764 yukonwlh - ok
13:08:32.0595 1764 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
13:08:33.0312 1764 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:08:33.0312 1764 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:08:33.0344 1764 Boot (0x1200) (173487ed389bf750d051cb107e2df754) \Device\Harddisk0\DR0\Partition0
13:08:33.0344 1764 \Device\Harddisk0\DR0\Partition0 - ok
13:08:33.0359 1764 Boot (0x1200) (382b663fa0388265342e2a4498f1e6af) \Device\Harddisk0\DR0\Partition1
13:08:33.0359 1764 \Device\Harddisk0\DR0\Partition1 - ok
13:08:33.0375 1764 ============================================================
13:08:33.0375 1764 Scan finished
13:08:33.0375 1764 ============================================================
13:08:33.0390 0772 Detected object count: 2
13:08:33.0390 0772 Actual detected object count: 2
13:08:43.0109 0772 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:08:43.0109 0772 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:08:43.0109 0772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:08:43.0125 0772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP