Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Svchost - possible smitfraud infection [Solved]

Started by Celebran , Jan 09 2012 03:34 PM

  • This topic is locked This topic is locked

#1
Celebran
Posted 09 January 2012 - 03:34 PM

Celebran

    New Member

  • Member
  • Pip
  • 4 posts
Hi All,

I was streaming videos from a couple of different sites and not fully trusting streaming sites in general I kept monitoring my system for changes/infections. I had also downloaded a couple of tools to view/monitor video cache and it was either the streaming or those tools that brought the infection.

Malwarebytes detects the file c:\windows\svchost.exe as a trojan but does not seem to be able to clean up the file. It marks it for removal upon reboot and will stop the process running but the file gets restarted. I have downloaded a couple of logging programs from the malwarebytes and majorgeeks forums trying to identify the root cause but have been unable to identify the program restarting the process. Spybot S&D identifies the files as smitfraud.generic but has the same effect as malwarebytes. It is not identified or found by AVG free edition. TDSKiller did not seem to affect it nor did combofix with generic settings. I posted over at the malwarebytes forum last week but no response yet. I will be sure to update both posts if there is any work/progress on the issue to as to not waste people's time.

My computer operation has not seemed to been affected, I have not identified any sites I cannot visit and no strange pop-ups. Since getting this I have tried to limit my activity in case it is sniffing passwords.

The OTL log was ran after a fresh reboot without doing the malwarebytes scan to stop the process.

cheers,
Jim

This is the file everything is triggering on:
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

Here is the OTL Scan:

OTL logfile created on: 1/9/2012 12:52:07 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jbriggs\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.08% Memory free
15.90 Gb Paging File | 13.92 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.70 Gb Total Space | 93.86 Gb Free Space | 43.31% Space Free | Partition Type: NTFS
Drive E: | 29.81 Gb Total Space | 24.73 Gb Free Space | 82.95% Space Free | Partition Type: FAT32
Drive F: | 29.81 Gb Total Space | 25.04 Gb Free Space | 83.99% Space Free | Partition Type: FAT32

Computer Name: COIRNOIR_ALIEN | User Name: jbriggs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 12:23:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jbriggs\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/09/05 09:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/17 12:59:40 | 003,962,688 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/05/16 16:10:26 | 000,315,712 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/16 07:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/05/16 07:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2011/02/18 10:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/13 15:14:56 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2011/01/13 15:12:36 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2011/01/13 10:24:48 | 001,348,976 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2011/01/12 15:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/17 07:27:32 | 000,703,088 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/12 01:25:52 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio\5.0\CPMonitor.exe
PRC - [2009/10/09 19:11:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2007/02/14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerofa.exe
PRC - [2007/02/07 15:00:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 01:01:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b209c76b6b03bee6deedfa3e1a8c4290\System.Runtime.Remoting.ni.dll
MOD - [2012/01/08 23:25:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/11/01 19:47:23 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
MOD - [2011/11/01 19:45:04 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011/11/01 19:08:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/01 19:06:51 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/10/17 16:48:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 16:47:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/17 16:47:27 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/17 16:47:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/17 16:47:20 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/17 16:47:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/17 16:47:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/17 16:47:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/17 16:47:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 07:25:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/13 07:23:40 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011/10/13 07:23:29 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011/10/13 07:23:25 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll
MOD - [2011/10/13 07:23:21 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/13 07:23:17 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011/10/13 07:23:16 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011/10/13 07:23:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/13 07:23:09 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/13 07:23:08 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/13 07:23:07 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/13 07:23:02 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/10/13 07:23:02 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\97126244f88693adb36f94116d8d0dda\System.Numerics.ni.dll
MOD - [2011/05/16 07:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/03/11 09:24:32 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/13 10:24:48 | 001,348,976 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/12/17 07:27:32 | 000,703,088 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/08/12 01:25:52 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio\5.0\CPMonitor.exe
MOD - [2009/12/18 08:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
MOD - [2009/10/09 19:11:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
MOD - [2007/02/07 15:00:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/29 15:50:24 | 000,763,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV:64bit: - [2011/01/13 15:05:32 | 000,015,296 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 12:33:43 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/16 07:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
SRV - [2011/03/11 09:24:34 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/18 10:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/12 15:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/11/08 13:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 14:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/27 16:46:20 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/11/27 16:46:20 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/08/31 18:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/09 14:51:00 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/07/19 07:46:18 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/19 07:46:18 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/05/27 18:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/03 18:39:38 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/05/03 18:39:26 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/04/04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/29 15:50:46 | 002,705,000 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2011/03/29 15:50:46 | 000,068,712 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2011/03/16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 09:24:34 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 09:24:34 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/03 16:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/03 16:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/03 15:48:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/03/01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/02/01 08:48:42 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/02/01 08:36:14 | 001,410,608 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 14:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/07 05:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/27 06:42:12 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/26 18:31:46 | 000,025,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2010/12/26 11:10:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 13:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/08/20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/17 05:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/08/17 05:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/17 05:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/23 14:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2005/11/07 05:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 12:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3029454513-943974166-1053747165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKU\S-1-5-21-3029454513-943974166-1053747165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com
IE - HKU\S-1-5-21-3029454513-943974166-1053747165-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/22 08:34:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3029454513-943974166-1053747165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EE53F50-F9EA-4C21-A87F-12B919C773C8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B724128-104A-45B3-80CD-74EA310E7CC9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 12:25:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jbriggs\Desktop\OTL.exe
[2012/01/08 23:23:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/08 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unemployment
[2012/01/06 13:19:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jbriggs\Desktop\dds.scr
[2012/01/05 12:07:24 | 000,000,000 | ---D | C] -- C:\Users\jbriggs\Documents\TagsRevisited
[2012/01/05 11:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/01/05 11:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/05 11:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/05 11:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/05 11:24:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/05 11:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/05 11:02:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/05 10:54:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/05 10:52:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 14:04:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/04 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/01/01 19:51:31 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2011/12/24 04:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/12/16 15:49:21 | 000,000,000 | ---D | C] -- C:\Users\jbriggs\AppData\Roaming\Malwarebytes
[2011/12/16 15:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 15:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 15:49:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/16 15:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/16 07:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2011/12/16 07:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2011/12/16 07:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2011/12/15 22:28:53 | 000,000,000 | ---D | C] -- C:\Users\jbriggs\Documents\WindowsPowerShell
[2011/12/14 11:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/14 11:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2011/12/14 11:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011/12/14 11:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2011/12/13 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\jbriggs\.iFitLive
[2011/08/09 14:51:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\jbriggs\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/01/09 12:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 12:51:04 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 12:26:54 | 000,000,538 | ---- | M] () -- C:\Users\jbriggs\Desktop\I'm infected - What do I do now - Malwarebytes Forum.website
[2012/01/09 12:26:48 | 000,000,478 | ---- | M] () -- C:\Users\jbriggs\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.website
[2012/01/09 12:23:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jbriggs\Desktop\OTL.exe
[2012/01/09 12:08:08 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 12:08:08 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 12:06:41 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/09 12:06:41 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/09 12:06:41 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 12:06:22 | 142,633,988 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/08 23:23:30 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/06 13:19:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jbriggs\Desktop\dds.scr
[2012/01/06 02:44:38 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/06 02:44:37 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/01/06 01:43:05 | 000,000,504 | ---- | M] () -- C:\Users\jbriggs\Desktop\Watch Torchwood Online - Free TV Shows & Videos.website
[2012/01/06 01:03:07 | 000,000,566 | ---- | M] () -- C:\Users\jbriggs\Desktop\Watch Torchwood Online - Full Episodes of Torchwood & More TV Shows Online with blinkx Remote.website
[2012/01/06 00:42:37 | 000,000,519 | ---- | M] () -- C:\Users\jbriggs\Desktop\Watch Series Online for free, Full episodes - Watch Series.website
[2012/01/05 14:29:50 | 000,000,553 | ---- | M] () -- C:\Users\jbriggs\Desktop\Infected by Smitfraud.C-Generic. HELP PLEASE! - MajorGeeks Support Forums.website
[2012/01/05 11:28:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120105-120215.backup
[2012/01/04 21:04:15 | 000,000,488 | ---- | M] () -- C:\Users\jbriggs\Desktop\Doctor Who.website
[2011/12/29 17:22:11 | 850,841,790 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 17:15:24 | 000,230,416 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/12/16 15:25:58 | 000,011,360 | -HS- | M] () -- C:\Users\jbriggs\AppData\Local\ksqdqu3d8ims6rcl1meg5k246i7n
[2011/12/16 15:25:58 | 000,011,360 | -HS- | M] () -- C:\ProgramData\ksqdqu3d8ims6rcl1meg5k246i7n
[2011/12/16 13:54:15 | 000,275,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 11:12:54 | 000,000,345 | ---- | M] () -- C:\Users\jbriggs\Desktop\Microsoft Office Live Meeting - viewReg.website
[2011/12/15 22:39:05 | 000,000,087 | ---- | M] () -- C:\Users\jbriggs\Desktop\Scripting with Windows PowerShell.url
[2011/12/15 22:38:19 | 000,000,189 | ---- | M] () -- C:\Users\jbriggs\Desktop\Where is link for Windows PowerShell for Windows 7 - Microsoft Answers.url
[2011/12/15 21:12:39 | 000,000,082 | ---- | M] () -- C:\Users\jbriggs\Desktop\Scripting for Databases.url
[2011/12/14 11:55:50 | 000,109,216 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/12/14 11:55:50 | 000,084,480 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/12/10 22:47:44 | 000,000,084 | ---- | M] () -- C:\Users\jbriggs\Desktop\Penny Arcade - Extra Credits – Pacing.url
[2011/12/10 20:45:09 | 000,001,027 | ---- | M] () -- C:\Users\jbriggs\Desktop\EFT.exe - Shortcut.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/09 12:26:48 | 000,000,478 | ---- | C] () -- C:\Users\jbriggs\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.website
[2012/01/06 13:20:10 | 000,000,538 | ---- | C] () -- C:\Users\jbriggs\Desktop\I'm infected - What do I do now - Malwarebytes Forum.website
[2012/01/06 02:44:38 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/06 02:44:37 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/01/05 15:30:32 | 000,000,519 | ---- | C] () -- C:\Users\jbriggs\Desktop\Watch Series Online for free, Full episodes - Watch Series.website
[2012/01/05 12:00:31 | 000,000,553 | ---- | C] () -- C:\Users\jbriggs\Desktop\Infected by Smitfraud.C-Generic. HELP PLEASE! - MajorGeeks Support Forums.website
[2012/01/04 21:58:23 | 000,000,504 | ---- | C] () -- C:\Users\jbriggs\Desktop\Watch Torchwood Online - Free TV Shows & Videos.website
[2012/01/04 21:34:34 | 000,000,566 | ---- | C] () -- C:\Users\jbriggs\Desktop\Watch Torchwood Online - Full Episodes of Torchwood & More TV Shows Online with blinkx Remote.website
[2012/01/03 20:29:50 | 000,000,488 | ---- | C] () -- C:\Users\jbriggs\Desktop\Doctor Who.website
[2011/12/16 15:20:57 | 000,011,360 | -HS- | C] () -- C:\Users\jbriggs\AppData\Local\ksqdqu3d8ims6rcl1meg5k246i7n
[2011/12/16 15:20:57 | 000,011,360 | -HS- | C] () -- C:\ProgramData\ksqdqu3d8ims6rcl1meg5k246i7n
[2011/12/16 11:12:54 | 000,000,345 | ---- | C] () -- C:\Users\jbriggs\Desktop\Microsoft Office Live Meeting - viewReg.website
[2011/12/15 22:39:05 | 000,000,087 | ---- | C] () -- C:\Users\jbriggs\Desktop\Scripting with Windows PowerShell.url
[2011/12/15 22:38:19 | 000,000,189 | ---- | C] () -- C:\Users\jbriggs\Desktop\Where is link for Windows PowerShell for Windows 7 - Microsoft Answers.url
[2011/12/15 21:12:39 | 000,000,082 | ---- | C] () -- C:\Users\jbriggs\Desktop\Scripting for Databases.url
[2011/12/14 11:56:48 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/12/14 11:56:48 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/12/10 22:47:44 | 000,000,084 | ---- | C] () -- C:\Users\jbriggs\Desktop\Penny Arcade - Extra Credits – Pacing.url
[2011/12/10 20:45:09 | 000,001,027 | ---- | C] () -- C:\Users\jbriggs\Desktop\EFT.exe - Shortcut.lnk
[2011/12/04 22:06:56 | 000,000,098 | ---- | C] () -- C:\Windows\MRU.ini
[2011/11/16 12:57:36 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI
[2011/11/16 12:57:36 | 000,000,149 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI
[2011/11/16 12:57:36 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI
[2011/11/16 12:50:55 | 000,000,033 | ---- | C] () -- C:\Windows\LVMMail.INI
[2011/09/17 20:04:00 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/09/17 20:00:45 | 000,000,828 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/08/31 18:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 18:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 18:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/12 14:32:34 | 000,007,605 | ---- | C] () -- C:\Users\jbriggs\AppData\Local\Resmon.ResmonCfg
[2011/08/09 14:51:00 | 000,099,384 | ---- | C] () -- C:\Users\jbriggs\AppData\Roaming\inst.exe
[2011/08/09 14:51:00 | 000,007,859 | ---- | C] () -- C:\Users\jbriggs\AppData\Roaming\pcouffin.cat
[2011/08/09 14:51:00 | 000,001,167 | ---- | C] () -- C:\Users\jbriggs\AppData\Roaming\pcouffin.inf
[2011/08/04 00:19:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/04 00:19:01 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/04 00:19:01 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/04 00:19:01 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/04 00:19:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/19 07:33:40 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/19 07:33:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/19 07:32:45 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/02/10 23:47:34 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2011/02/10 06:54:10 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/13 15:14:40 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/09/09 15:18:28 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\EMSC.DLL
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/27 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\AVG10
[2011/07/27 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\DameWare Development
[2011/12/10 12:46:17 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\EVEMon
[2011/11/01 21:48:08 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\iFitLIVE.A325EF93A9FDC16120FBA0CC8A28360B0E189979.1
[2012/01/06 02:41:52 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\Opera
[2011/07/31 05:43:49 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\Synaptics
[2011/07/27 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\TeraCopy
[2011/08/09 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\Vso
[2011/08/08 19:11:15 | 000,000,000 | ---D | M] -- C:\Users\jbriggs\AppData\Roaming\wargaming.net
[2011/12/28 14:50:48 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 13 January 2012 - 10:28 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/12/16 15:25:58 | 000,011,360 | -HS- | M] () -- C:\Users\jbriggs\AppData\Local\ksqdqu3d8ims6rcl1meg5k246i7n
[2011/12/16 15:25:58 | 000,011,360 | -HS- | M] () -- C:\ProgramData\ksqdqu3d8ims6rcl1meg5k246i7n

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
Celebran
Posted 16 January 2012 - 06:50 PM

Celebran

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hmm... I thought I'd selected to be notified of any posts... sorry for the lateness of my reply due to missing this.

I'd just finished running tdsskiller and decided to manually check my post when I saw your reply. It had given me the option to cure it so that is what I'd done.
After this will be the combofix log as well.

I don't see any of the giveaways that the infection is still there, so many thanks :)
-Jim


Here's the log from running TDSS:
16:10:26.0914 2196 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:10:26.0961 2196 ============================================================
16:10:26.0961 2196 Current date / time: 2012/01/16 16:10:26.0961
16:10:26.0961 2196 SystemInfo:
16:10:26.0961 2196
16:10:26.0961 2196 OS Version: 6.1.7601 ServicePack: 1.0
16:10:26.0961 2196 Product type: Workstation
16:10:26.0961 2196 ComputerName: COIRNOIR_ALIEN
16:10:26.0961 2196 UserName: jbriggs
16:10:26.0961 2196 Windows directory: C:\Windows
16:10:26.0961 2196 System windows directory: C:\Windows
16:10:26.0961 2196 Running under WOW64
16:10:26.0961 2196 Processor architecture: Intel x64
16:10:26.0961 2196 Number of processors: 4
16:10:26.0961 2196 Page size: 0x1000
16:10:26.0961 2196 Boot type: Normal boot
16:10:26.0961 2196 ============================================================
16:10:27.0117 2196 Initialize success
16:10:37.0990 8044 ============================================================
16:10:37.0990 8044 Scan started
16:10:37.0990 8044 Mode: Manual; SigCheck; TDLFS;
16:10:37.0990 8044 ============================================================
16:10:38.0271 8044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
16:10:38.0349 8044 1394ohci - ok
16:10:38.0365 8044 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:10:38.0412 8044 Acceler - ok
16:10:38.0427 8044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:10:38.0443 8044 ACPI - ok
16:10:38.0458 8044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:10:38.0490 8044 AcpiPmi - ok
16:10:38.0505 8044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:10:38.0521 8044 adp94xx - ok
16:10:38.0536 8044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:10:38.0552 8044 adpahci - ok
16:10:38.0568 8044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:10:38.0583 8044 adpu320 - ok
16:10:38.0599 8044 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:10:38.0614 8044 AFD - ok
16:10:38.0630 8044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:10:38.0646 8044 agp440 - ok
16:10:38.0677 8044 Ak27x64 (8fe1246881a8195ab5f018ccf380bd2a) C:\Windows\system32\DRIVERS\Ak27x64.sys
16:10:38.0739 8044 Ak27x64 - ok
16:10:38.0755 8044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:10:38.0770 8044 aliide - ok
16:10:38.0786 8044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:10:38.0786 8044 amdide - ok
16:10:38.0802 8044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:10:38.0817 8044 AmdK8 - ok
16:10:38.0833 8044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:10:38.0833 8044 AmdPPM - ok
16:10:38.0848 8044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:10:38.0864 8044 amdsata - ok
16:10:38.0880 8044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:10:38.0895 8044 amdsbs - ok
16:10:38.0895 8044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:10:38.0911 8044 amdxata - ok
16:10:38.0926 8044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:10:39.0036 8044 AppID - ok
16:10:39.0051 8044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:10:39.0067 8044 arc - ok
16:10:39.0082 8044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:10:39.0082 8044 arcsas - ok
16:10:39.0098 8044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:39.0160 8044 AsyncMac - ok
16:10:39.0176 8044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:10:39.0176 8044 atapi - ok
16:10:39.0192 8044 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:10:39.0223 8044 AVGIDSDriver - ok
16:10:39.0223 8044 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:10:39.0254 8044 AVGIDSEH - ok
16:10:39.0254 8044 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:10:39.0270 8044 AVGIDSFilter - ok
16:10:39.0285 8044 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
16:10:39.0316 8044 Avgldx64 - ok
16:10:39.0332 8044 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:10:39.0348 8044 Avgmfx64 - ok
16:10:39.0363 8044 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:10:39.0379 8044 Avgrkx64 - ok
16:10:39.0394 8044 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
16:10:39.0426 8044 Avgtdia - ok
16:10:39.0441 8044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:10:39.0472 8044 b06bdrv - ok
16:10:39.0472 8044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:39.0488 8044 b57nd60a - ok
16:10:39.0504 8044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:10:39.0535 8044 Beep - ok
16:10:39.0550 8044 BfLwf (2ea61e5f1b5ca43665895e7aafc54eab) C:\Windows\system32\DRIVERS\bflwfx64.sys
16:10:39.0582 8044 BfLwf - ok
16:10:39.0597 8044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:39.0613 8044 blbdrive - ok
16:10:39.0613 8044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:10:39.0628 8044 bowser - ok
16:10:39.0644 8044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:10:39.0660 8044 BrFiltLo - ok
16:10:39.0660 8044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:10:39.0675 8044 BrFiltUp - ok
16:10:39.0691 8044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:10:39.0706 8044 Brserid - ok
16:10:39.0722 8044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:39.0738 8044 BrSerWdm - ok
16:10:39.0738 8044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:39.0753 8044 BrUsbMdm - ok
16:10:39.0769 8044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:39.0784 8044 BrUsbSer - ok
16:10:39.0800 8044 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:10:39.0816 8044 BthEnum - ok
16:10:39.0816 8044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:10:39.0831 8044 BTHMODEM - ok
16:10:39.0847 8044 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:10:39.0862 8044 BthPan - ok
16:10:39.0878 8044 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:10:39.0894 8044 BTHPORT - ok
16:10:39.0909 8044 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:10:39.0925 8044 BTHUSB - ok
16:10:39.0940 8044 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
16:10:39.0956 8044 btwampfl - ok
16:10:39.0972 8044 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
16:10:39.0987 8044 btwavdt - ok
16:10:40.0003 8044 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys
16:10:40.0018 8044 btwrchid - ok
16:10:40.0050 8044 camdrv42 (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys
16:10:40.0081 8044 camdrv42 - ok
16:10:40.0096 8044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:10:40.0128 8044 cdfs - ok
16:10:40.0143 8044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:10:40.0159 8044 cdrom - ok
16:10:40.0159 8044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:10:40.0174 8044 circlass - ok
16:10:40.0190 8044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:10:40.0206 8044 CLFS - ok
16:10:40.0221 8044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:40.0237 8044 CmBatt - ok
16:10:40.0252 8044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:10:40.0252 8044 cmdide - ok
16:10:40.0268 8044 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:10:40.0299 8044 CNG - ok
16:10:40.0299 8044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:10:40.0315 8044 Compbatt - ok
16:10:40.0330 8044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:10:40.0346 8044 CompositeBus - ok
16:10:40.0346 8044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:10:40.0362 8044 crcdisk - ok
16:10:40.0377 8044 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:10:40.0408 8044 CSC - ok
16:10:40.0424 8044 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:10:40.0424 8044 CtClsFlt - ok
16:10:40.0471 8044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:10:40.0502 8044 DfsC - ok
16:10:40.0502 8044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:10:40.0533 8044 discache - ok
16:10:40.0549 8044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:10:40.0564 8044 Disk - ok
16:10:40.0580 8044 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:10:40.0596 8044 dmvsc - ok
16:10:40.0596 8044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:10:40.0611 8044 drmkaud - ok
16:10:40.0642 8044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:10:40.0658 8044 DXGKrnl - ok
16:10:40.0705 8044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:10:40.0767 8044 ebdrv - ok
16:10:40.0783 8044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:10:40.0798 8044 elxstor - ok
16:10:40.0814 8044 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
16:10:40.0814 8044 EMSC - ok
16:10:40.0830 8044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:10:40.0830 8044 ErrDev - ok
16:10:40.0845 8044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:10:40.0892 8044 exfat - ok
16:10:40.0908 8044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:10:40.0939 8044 fastfat - ok
16:10:40.0954 8044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:10:40.0970 8044 fdc - ok
16:10:40.0970 8044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:10:40.0986 8044 FileInfo - ok
16:10:41.0001 8044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:10:41.0032 8044 Filetrace - ok
16:10:41.0032 8044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:10:41.0048 8044 flpydisk - ok
16:10:41.0064 8044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:10:41.0079 8044 FltMgr - ok
16:10:41.0095 8044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:10:41.0110 8044 FsDepends - ok
16:10:41.0110 8044 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:10:41.0126 8044 Fs_Rec - ok
16:10:41.0142 8044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:10:41.0157 8044 fvevol - ok
16:10:41.0173 8044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:10:41.0188 8044 gagp30kx - ok
16:10:41.0204 8044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:10:41.0220 8044 hcw85cir - ok
16:10:41.0235 8044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:10:41.0251 8044 HdAudAddService - ok
16:10:41.0266 8044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:41.0282 8044 HDAudBus - ok
16:10:41.0282 8044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:10:41.0298 8044 HidBatt - ok
16:10:41.0313 8044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:10:41.0329 8044 HidBth - ok
16:10:41.0329 8044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:10:41.0344 8044 HidIr - ok
16:10:41.0360 8044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:10:41.0376 8044 HidUsb - ok
16:10:41.0391 8044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:10:41.0407 8044 HpSAMD - ok
16:10:41.0422 8044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:10:41.0469 8044 HTTP - ok
16:10:41.0485 8044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:10:41.0485 8044 hwpolicy - ok
16:10:41.0500 8044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:10:41.0532 8044 i8042prt - ok
16:10:41.0547 8044 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
16:10:41.0578 8044 iaStor - ok
16:10:41.0594 8044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:10:41.0610 8044 iaStorV - ok
16:10:41.0734 8044 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:10:41.0922 8044 igfx - ok
16:10:41.0937 8044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:10:41.0953 8044 iirsp - ok
16:10:41.0968 8044 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
16:10:41.0984 8044 Impcd - ok
16:10:42.0031 8044 IntcAzAudAddService (72a253efca059d8cf303371255624890) C:\Windows\system32\drivers\RTKVHD64.sys
16:10:42.0109 8044 IntcAzAudAddService - ok
16:10:42.0109 8044 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:10:42.0140 8044 IntcDAud - ok
16:10:42.0156 8044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:10:42.0156 8044 intelide - ok
16:10:42.0171 8044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:10:42.0187 8044 intelppm - ok
16:10:42.0187 8044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:42.0234 8044 IpFilterDriver - ok
16:10:42.0234 8044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:10:42.0249 8044 IPMIDRV - ok
16:10:42.0265 8044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:10:42.0296 8044 IPNAT - ok
16:10:42.0296 8044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:10:42.0327 8044 IRENUM - ok
16:10:42.0327 8044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:10:42.0343 8044 isapnp - ok
16:10:42.0358 8044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:10:42.0374 8044 iScsiPrt - ok
16:10:42.0390 8044 JMCR (df4265062db60a2a72e8e04c358bd3d1) C:\Windows\system32\DRIVERS\jmcr.sys
16:10:42.0405 8044 JMCR - ok
16:10:42.0421 8044 johci (579f26399d4158588af9b1212fc4cba0) C:\Windows\system32\drivers\johci.sys
16:10:42.0452 8044 johci - ok
16:10:42.0452 8044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:42.0468 8044 kbdclass - ok
16:10:42.0483 8044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:10:42.0499 8044 kbdhid - ok
16:10:42.0499 8044 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:10:42.0514 8044 KSecDD - ok
16:10:42.0530 8044 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:10:42.0546 8044 KSecPkg - ok
16:10:42.0546 8044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:10:42.0577 8044 ksthunk - ok
16:10:42.0592 8044 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:10:42.0624 8044 L1C - ok
16:10:42.0624 8044 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
16:10:42.0655 8044 LGBusEnum - ok
16:10:42.0655 8044 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
16:10:42.0686 8044 LGVirHid - ok
16:10:42.0686 8044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:10:42.0733 8044 lltdio - ok
16:10:42.0748 8044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:10:42.0764 8044 LSI_FC - ok
16:10:42.0764 8044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:10:42.0780 8044 LSI_SAS - ok
16:10:42.0795 8044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:10:42.0795 8044 LSI_SAS2 - ok
16:10:42.0811 8044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:10:42.0826 8044 LSI_SCSI - ok
16:10:42.0842 8044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:10:42.0873 8044 luafv - ok
16:10:42.0873 8044 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:10:42.0904 8044 MBAMProtector - ok
16:10:42.0920 8044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:10:42.0920 8044 megasas - ok
16:10:42.0936 8044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:10:42.0951 8044 MegaSR - ok
16:10:42.0967 8044 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:10:42.0982 8044 MEIx64 - ok
16:10:42.0998 8044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:10:43.0029 8044 Modem - ok
16:10:43.0045 8044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:10:43.0060 8044 monitor - ok
16:10:43.0060 8044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:10:43.0076 8044 mouclass - ok
16:10:43.0092 8044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:10:43.0092 8044 mouhid - ok
16:10:43.0107 8044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:10:43.0123 8044 mountmgr - ok
16:10:43.0138 8044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:10:43.0138 8044 mpio - ok
16:10:43.0154 8044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:10:43.0185 8044 mpsdrv - ok
16:10:43.0201 8044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:10:43.0216 8044 MRxDAV - ok
16:10:43.0232 8044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:43.0248 8044 mrxsmb - ok
16:10:43.0263 8044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:43.0279 8044 mrxsmb10 - ok
16:10:43.0294 8044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:43.0294 8044 mrxsmb20 - ok
16:10:43.0310 8044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:10:43.0326 8044 msahci - ok
16:10:43.0326 8044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:10:43.0341 8044 msdsm - ok
16:10:43.0357 8044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:10:43.0388 8044 Msfs - ok
16:10:43.0404 8044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:10:43.0435 8044 mshidkmdf - ok
16:10:43.0435 8044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:10:43.0450 8044 msisadrv - ok
16:10:43.0466 8044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:10:43.0497 8044 MSKSSRV - ok
16:10:43.0513 8044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:43.0544 8044 MSPCLOCK - ok
16:10:43.0560 8044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:10:43.0606 8044 MSPQM - ok
16:10:43.0622 8044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:10:43.0638 8044 MsRPC - ok
16:10:43.0653 8044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:10:43.0669 8044 mssmbios - ok
16:10:43.0669 8044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:10:43.0731 8044 MSTEE - ok
16:10:43.0731 8044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:10:43.0762 8044 MTConfig - ok
16:10:43.0762 8044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:10:43.0778 8044 Mup - ok
16:10:43.0794 8044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:10:43.0809 8044 NativeWifiP - ok
16:10:43.0840 8044 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:10:43.0856 8044 NDIS - ok
16:10:43.0872 8044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:43.0903 8044 NdisCap - ok
16:10:43.0918 8044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:43.0950 8044 NdisTapi - ok
16:10:43.0965 8044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:43.0996 8044 Ndisuio - ok
16:10:43.0996 8044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:44.0043 8044 NdisWan - ok
16:10:44.0059 8044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:10:44.0090 8044 NDProxy - ok
16:10:44.0090 8044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:10:44.0137 8044 NetBIOS - ok
16:10:44.0137 8044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:10:44.0184 8044 NetBT - ok
16:10:44.0199 8044 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
16:10:44.0215 8044 netvsc - ok
16:10:44.0230 8044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:10:44.0246 8044 nfrd960 - ok
16:10:44.0246 8044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:10:44.0277 8044 Npfs - ok
16:10:44.0293 8044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:10:44.0324 8044 nsiproxy - ok
16:10:44.0355 8044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:10:44.0402 8044 Ntfs - ok
16:10:44.0402 8044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:10:44.0449 8044 Null - ok
16:10:44.0449 8044 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:10:44.0464 8044 nusb3hub - ok
16:10:44.0480 8044 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:10:44.0496 8044 nusb3xhc - ok
16:10:44.0511 8044 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
16:10:44.0527 8044 NVHDA - ok
16:10:44.0667 8044 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:10:44.0917 8044 nvlddmkm - ok
16:10:44.0932 8044 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:10:44.0948 8044 nvpciflt - ok
16:10:44.0964 8044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:10:44.0979 8044 nvraid - ok
16:10:44.0979 8044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:10:44.0995 8044 nvstor - ok
16:10:45.0010 8044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:10:45.0026 8044 nv_agp - ok
16:10:45.0042 8044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:10:45.0042 8044 ohci1394 - ok
16:10:45.0057 8044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:10:45.0073 8044 Parport - ok
16:10:45.0088 8044 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:10:45.0104 8044 partmgr - ok
16:10:45.0120 8044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:10:45.0120 8044 pci - ok
16:10:45.0135 8044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:10:45.0151 8044 pciide - ok
16:10:45.0166 8044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:10:45.0182 8044 pcmcia - ok
16:10:45.0182 8044 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:10:45.0213 8044 pcouffin - ok
16:10:45.0213 8044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:10:45.0229 8044 pcw - ok
16:10:45.0244 8044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:10:45.0291 8044 PEAUTH - ok
16:10:45.0322 8044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:10:45.0354 8044 PptpMiniport - ok
16:10:45.0369 8044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:10:45.0385 8044 Processor - ok
16:10:45.0400 8044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:10:45.0432 8044 Psched - ok
16:10:45.0447 8044 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:10:45.0463 8044 PxHlpa64 - ok
16:10:45.0494 8044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:10:45.0525 8044 ql2300 - ok
16:10:45.0541 8044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:10:45.0556 8044 ql40xx - ok
16:10:45.0556 8044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:10:45.0588 8044 QWAVEdrv - ok
16:10:45.0588 8044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:10:45.0619 8044 RasAcd - ok
16:10:45.0634 8044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:45.0666 8044 RasAgileVpn - ok
16:10:45.0681 8044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:45.0712 8044 Rasl2tp - ok
16:10:45.0728 8044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:45.0759 8044 RasPppoe - ok
16:10:45.0759 8044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:10:45.0806 8044 RasSstp - ok
16:10:45.0822 8044 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\DB3G.sys
16:10:45.0837 8044 Razerlow - ok
16:10:45.0853 8044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:10:45.0900 8044 rdbss - ok
16:10:45.0900 8044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:10:45.0915 8044 rdpbus - ok
16:10:45.0931 8044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:45.0962 8044 RDPCDD - ok
16:10:45.0978 8044 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:10:45.0993 8044 RDPDR - ok
16:10:45.0993 8044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:10:46.0024 8044 RDPENCDD - ok
16:10:46.0040 8044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:10:46.0087 8044 RDPREFMP - ok
16:10:46.0102 8044 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:10:46.0118 8044 RdpVideoMiniport - ok
16:10:46.0118 8044 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:10:46.0165 8044 RDPWD - ok
16:10:46.0180 8044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:10:46.0180 8044 rdyboost - ok
16:10:46.0196 8044 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:10:46.0212 8044 RFCOMM - ok
16:10:46.0227 8044 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:10:46.0243 8044 RimUsb - ok
16:10:46.0258 8044 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:10:46.0258 8044 RimVSerPort - ok
16:10:46.0274 8044 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:10:46.0336 8044 ROOTMODEM - ok
16:10:46.0352 8044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:10:46.0383 8044 rspndr - ok
16:10:46.0399 8044 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
16:10:46.0399 8044 RzSynapse - ok
16:10:46.0414 8044 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:10:46.0430 8044 s3cap - ok
16:10:46.0430 8044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:10:46.0446 8044 sbp2port - ok
16:10:46.0461 8044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:10:46.0508 8044 scfilter - ok
16:10:46.0524 8044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:10:46.0555 8044 secdrv - ok
16:10:46.0570 8044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:10:46.0586 8044 Serenum - ok
16:10:46.0602 8044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:10:46.0602 8044 Serial - ok
16:10:46.0617 8044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:10:46.0633 8044 sermouse - ok
16:10:46.0648 8044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:10:46.0664 8044 sffdisk - ok
16:10:46.0664 8044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:10:46.0695 8044 sffp_mmc - ok
16:10:46.0695 8044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:10:46.0711 8044 sffp_sd - ok
16:10:46.0726 8044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:10:46.0742 8044 sfloppy - ok
16:10:46.0758 8044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:10:46.0758 8044 SiSRaid2 - ok
16:10:46.0773 8044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:10:46.0789 8044 SiSRaid4 - ok
16:10:46.0789 8044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:10:46.0820 8044 Smb - ok
16:10:46.0836 8044 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
16:10:46.0851 8044 SMSIVZAM5X64 - ok
16:10:46.0867 8044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:10:46.0882 8044 spldr - ok
16:10:46.0898 8044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:10:46.0914 8044 srv - ok
16:10:46.0929 8044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:10:46.0960 8044 srv2 - ok
16:10:46.0960 8044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:10:46.0976 8044 srvnet - ok
16:10:46.0992 8044 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:10:47.0023 8044 stdcfltn - ok
16:10:47.0038 8044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:10:47.0038 8044 stexstor - ok
16:10:47.0054 8044 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:10:47.0070 8044 storvsc - ok
16:10:47.0070 8044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:10:47.0085 8044 swenum - ok
16:10:47.0101 8044 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
16:10:47.0116 8044 Synth3dVsc - ok
16:10:47.0116 8044 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
16:10:47.0132 8044 SynthVid - ok
16:10:47.0163 8044 SynTP (ddbe73ea697ab792a049d2126b951e29) C:\Windows\system32\DRIVERS\SynTP.sys
16:10:47.0226 8044 SynTP - ok
16:10:47.0241 8044 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
16:10:47.0272 8044 tap0901 - ok
16:10:47.0304 8044 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:10:47.0335 8044 Tcpip - ok
16:10:47.0366 8044 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:10:47.0397 8044 TCPIP6 - ok
16:10:47.0413 8044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:10:47.0444 8044 tcpipreg - ok
16:10:47.0460 8044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:10:47.0491 8044 TDPIPE - ok
16:10:47.0506 8044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:10:47.0538 8044 TDTCP - ok
16:10:47.0553 8044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:10:47.0584 8044 tdx - ok
16:10:47.0584 8044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:10:47.0600 8044 TermDD - ok
16:10:47.0616 8044 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
16:10:47.0631 8044 terminpt - ok
16:10:47.0647 8044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:47.0678 8044 tssecsrv - ok
16:10:47.0694 8044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:10:47.0694 8044 TsUsbFlt - ok
16:10:47.0709 8044 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:10:47.0725 8044 TsUsbGD - ok
16:10:47.0740 8044 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
16:10:47.0756 8044 tsusbhub - ok
16:10:47.0756 8044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:10:47.0787 8044 tunnel - ok
16:10:47.0803 8044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:10:47.0818 8044 uagp35 - ok
16:10:47.0834 8044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:10:47.0865 8044 udfs - ok
16:10:47.0881 8044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:10:47.0896 8044 uliagpkx - ok
16:10:47.0912 8044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:10:47.0912 8044 umbus - ok
16:10:47.0928 8044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:10:47.0943 8044 UmPass - ok
16:10:47.0959 8044 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:10:47.0974 8044 usbaudio - ok
16:10:47.0990 8044 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:48.0006 8044 usbccgp - ok
16:10:48.0021 8044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:10:48.0037 8044 usbcir - ok
16:10:48.0037 8044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:10:48.0052 8044 usbehci - ok
16:10:48.0068 8044 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
16:10:48.0084 8044 usbhub - ok
16:10:48.0099 8044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:10:48.0115 8044 usbohci - ok
16:10:48.0115 8044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:10:48.0130 8044 usbprint - ok
16:10:48.0146 8044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:48.0162 8044 USBSTOR - ok
16:10:48.0162 8044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:10:48.0177 8044 usbuhci - ok
16:10:48.0193 8044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:10:48.0224 8044 usbvideo - ok
16:10:48.0240 8044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:10:48.0240 8044 vdrvroot - ok
16:10:48.0255 8044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:48.0271 8044 vga - ok
16:10:48.0286 8044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:10:48.0318 8044 VgaSave - ok
16:10:48.0333 8044 VGPU - ok
16:10:48.0349 8044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:10:48.0349 8044 vhdmp - ok
16:10:48.0364 8044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:10:48.0380 8044 viaide - ok
16:10:48.0396 8044 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:10:48.0396 8044 VMBusHID - ok
16:10:48.0411 8044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:10:48.0427 8044 volmgr - ok
16:10:48.0442 8044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:10:48.0458 8044 volmgrx - ok
16:10:48.0474 8044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:10:48.0489 8044 volsnap - ok
16:10:48.0505 8044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:10:48.0520 8044 vsmraid - ok
16:10:48.0536 8044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:10:48.0552 8044 vwifibus - ok
16:10:48.0567 8044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:10:48.0598 8044 vwififlt - ok
16:10:48.0598 8044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:10:48.0614 8044 WacomPen - ok
16:10:48.0630 8044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:48.0661 8044 WANARP - ok
16:10:48.0661 8044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:48.0692 8044 Wanarpv6 - ok
16:10:48.0723 8044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:10:48.0723 8044 Wd - ok
16:10:48.0754 8044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:10:48.0770 8044 Wdf01000 - ok
16:10:48.0801 8044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:48.0832 8044 WfpLwf - ok
16:10:48.0848 8044 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:10:48.0864 8044 WimFltr - ok
16:10:48.0864 8044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:10:48.0879 8044 WIMMount - ok
16:10:48.0895 8044 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
16:10:48.0910 8044 WinUSB - ok
16:10:48.0926 8044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:10:48.0942 8044 WmiAcpi - ok
16:10:48.0957 8044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:10:49.0004 8044 ws2ifsl - ok
16:10:49.0020 8044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:10:49.0082 8044 WudfPf - ok
16:10:49.0082 8044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:49.0129 8044 WUDFRd - ok
16:10:49.0144 8044 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
16:10:49.0144 8044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:10:49.0144 8044 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:10:49.0191 8044 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:10:49.0191 8044 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:10:49.0207 8044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:10:49.0394 8044 \Device\Harddisk1\DR1 - ok
16:10:49.0394 8044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
16:10:49.0581 8044 \Device\Harddisk2\DR2 - ok
16:10:49.0581 8044 Boot (0x1200) (0eef47e4180af00c84b6b03c40b0d6a1) \Device\Harddisk0\DR0\Partition0
16:10:49.0581 8044 \Device\Harddisk0\DR0\Partition0 - ok
16:10:49.0581 8044 Boot (0x1200) (8280706f46ab6fe9d6663bd04c37db33) \Device\Harddisk0\DR0\Partition1
16:10:49.0581 8044 \Device\Harddisk0\DR0\Partition1 - ok
16:10:49.0597 8044 Boot (0x1200) (c285e3f6ea4821f57650d7e7969105cd) \Device\Harddisk1\DR1\Partition0
16:10:49.0597 8044 \Device\Harddisk1\DR1\Partition0 - ok
16:10:49.0597 8044 Boot (0x1200) (a1f38d859fc336ddefb4d68e431c3667) \Device\Harddisk2\DR2\Partition0
16:10:49.0597 8044 \Device\Harddisk2\DR2\Partition0 - ok
16:10:49.0597 8044 ============================================================
16:10:49.0597 8044 Scan finished
16:10:49.0597 8044 ============================================================
16:10:49.0597 7852 Detected object count: 2
16:10:49.0597 7852 Actual detected object count: 2
16:11:18.0176 7852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:11:18.0176 7852 \Device\Harddisk0\DR0 - ok
16:11:18.0176 7852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:11:18.0176 7852 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:11:18.0176 7852 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:11:18.0192 7852 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:11:18.0192 7852 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:11:18.0192 7852 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:11:18.0207 7852 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:11:18.0207 7852 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:11:18.0223 7852 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:11:18.0223 7852 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:11:18.0223 7852 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:11:18.0223 7852 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
16:11:20.0469 7272 Deinitialize success

-------------------------------------------------------------------------------------------------------------
Here is the combofix log from after running tdss.


ComboFix 12-01-16.04 - jbriggs 01/16/2012 16:36:38.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8140.6009 [GMT -8:00]
Running from: c:\users\jbriggs\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jbriggs\AppData\Roaming\inst.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 00:25 . 2012-01-17 00:25 -------- d-----w- C:\_OTL
2012-01-17 00:11 . 2012-01-17 00:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-05 19:43 . 2012-01-05 19:44 -------- d-----w- c:\program files (x86)\Safer Networking
2012-01-05 19:41 . 2012-01-06 10:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-05 19:41 . 2012-01-06 10:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-05 19:19 . 2012-01-05 19:19 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-04 22:04 . 2012-01-04 22:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-04 20:38 . 2012-01-04 20:38 -------- d-----w- c:\program files (x86)\NirSoft
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-02 03:51 . 2012-01-02 06:25 -------- d-sh--w- C:\System Recovery
2011-12-24 12:33 . 2012-01-10 12:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 22:53 . 2011-07-19 13:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 19:55 . 2011-12-14 19:56 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-12-14 19:55 . 2011-12-14 19:56 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2011-12-10 23:24 . 2011-12-16 23:49 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 00:46 . 2011-11-28 00:46 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-11-28 00:46 . 2011-11-28 00:46 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-11-28 00:46 . 2011-11-28 00:46 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-11-28 00:46 . 2011-11-28 00:46 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-11-24 04:52 . 2011-12-16 21:49 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-16 21:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-16 21:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-16 21:50 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-16 21:50 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-16 21:50 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-16 21:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-16 21:50 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-16 21:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 21:50 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-16 21:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-16 21:49 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-13 1348976]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Diamondback"="c:\program files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe" [2009-10-10 226816]
"LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-11 127022]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-08-12 520330]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2011-3-29 778752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-01-13 15296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-11 2009704]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-03-29 763904]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-01-03 8704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-05-16 1688384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"(Default)"="" [BU]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-01-13 13256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
c:\program files (x86)\Razer\Diamondback\Razer\Diamondback\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-01-16 16:43:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 00:43
ComboFix2.txt 2012-01-05 19:30
ComboFix3.txt 2012-01-05 19:02
.
Pre-Run: 99,515,023,360 bytes free
Post-Run: 98,952,130,560 bytes free
.
- - End Of File - - 45DBFF5871E26912535B2C4AA50F881E
  • 0

#4
Gammo
Posted 17 January 2012 - 05:10 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
That looks a lot better. :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#5
Celebran
Posted 17 January 2012 - 01:30 PM

Celebran

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I made sure the Malwarebytes was updated and ran the scan, it looks all clean :) so I'd say this topic should be closed.

Many thanks for your help.

-Jim

Here's the scan log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jbriggs :: COIRNOIR_ALIEN [administrator]

Protection: Enabled

1/17/2012 11:24:06 AM
mbam-log-2012-01-17 (11-24-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 199944
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
Gammo
Posted 17 January 2012 - 01:33 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#7
Celebran
Posted 19 January 2012 - 07:00 AM

Celebran

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Again many thanks and done with the cleanup.

Filehippo is a nice addition to what I'm doing since it caught a couple of things that needed updating. It's easy to get lazy and get caught by something. I've saved the recommendation post locally and will make sure to implement it as time allows.

This should be my last post in the thread as all appears to be running fine and no questions so far.

cheers,
Jim
  • 0

#8
Gammo
Posted 26 January 2012 - 10:56 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP