[maliprog]

OK. After you finish defragment please do Combofix scan.

Step 1

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 2

Do you have Windows Vista installation disk? Maybe we'll need it to repair your system.

[Advertisements]

ComboFix 11-06-30.05 - Tendai 01/07/2011 15:39:41.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.1159 [GMT 1:00]
Running from: c:\users\Tendai\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tendai\AppData\Roaming\Microsoft\Windows\Recent\Palatial Masterpiece - Alpharetta, Georgia.url
c:\users\Tendai\qhi498fh.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 14:54 . 2011-07-01 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 11:44 . 2011-07-01 13:30 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-30 19:15 . 2011-06-07 07:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F1221F5-E0E7-48CC-B829-2AECD2B846A6}\mpengine.dll
2011-06-30 17:57 . 2009-12-31 13:02 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-06-30 17:57 . 2011-04-08 15:06 229376 ----a-w- c:\windows\system32\PuranDC.exe
2011-06-30 17:57 . 2011-04-08 15:06 109056 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-06-30 17:57 . 2011-04-08 15:06 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-06-30 17:57 . 2011-04-08 15:06 1114112 ----a-w- c:\windows\system32\PuranFD.exe
2011-06-30 17:57 . 2011-06-30 17:57 -------- d-----w- c:\program files\Puran Defrag
2011-06-30 16:54 . 2011-06-30 16:54 -------- dc----w- C:\_OTL
2011-06-30 16:25 . 2002-07-25 16:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-06-30 16:07 . 2011-06-30 16:08 -------- d-----w- c:\program files\EPSON Print CD
2011-06-30 16:06 . 2011-06-30 16:15 -------- d-----w- c:\programdata\UDL
2011-06-30 16:01 . 2005-06-01 03:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll
2011-06-30 16:01 . 2005-05-31 23:10 73728 ----a-w- c:\windows\system32\PICSDK.dll
2011-06-30 16:01 . 2005-06-01 02:10 77824 ----a-w- c:\windows\system32\PICEntry.dll
2011-06-30 16:01 . 2004-03-03 05:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-06-30 16:01 . 2004-03-03 05:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-06-30 01:16 . 2011-06-30 09:23 -------- d-----w- c:\programdata\OnlineArmor
2011-06-30 01:03 . 2011-04-06 12:02 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-06-30 01:03 . 2011-04-06 12:01 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-06-30 01:03 . 2011-04-06 12:01 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-06-30 00:58 . 2011-07-01 13:42 -------- d-----w- c:\program files\Online Armor
2011-06-30 00:19 . 2011-06-30 21:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-30 00:01 . 2011-06-30 00:01 -------- d-----w- c:\program files\OpenDNS Updater
2011-06-29 18:42 . 2011-06-29 18:42 100736 -c--a-w- C:\kgliipob.sys
2011-06-29 18:18 . 2011-06-29 18:27 -------- d-----w- c:\program files\Canon
2011-06-29 03:20 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 01:01 . 2011-06-29 01:07 -------- d-----w- c:\program files\Microsoft ATS
2011-06-27 16:06 . 2011-06-27 16:06 -------- d--h--w- c:\programdata\Common Files
2011-06-27 15:29 . 2011-06-29 18:35 -------- d-----w- c:\programdata\AVG10
2011-06-27 15:05 . 2011-06-27 15:05 -------- d-----w- c:\program files\AVG
2011-06-27 14:34 . 2011-06-29 18:13 -------- d-----w- c:\programdata\MFAData
2011-06-26 20:17 . 2011-06-27 14:10 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-06-24 14:12 . 2011-06-28 16:41 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-24 13:39 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\38013711.sys
2011-06-23 21:03 . 2010-07-25 21:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2011-06-23 21:03 . 2010-07-25 21:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2011-06-23 21:03 . 2010-07-25 21:23 258352 ----a-w- c:\windows\system32\unicows.dll
2011-06-23 21:03 . 2010-07-25 21:23 33968 ----a-w- c:\windows\system32\anim.dll
2011-06-23 21:03 . 2010-07-25 21:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2011-06-23 21:03 . 2010-07-25 21:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2011-06-23 20:27 . 2011-06-23 20:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-22 21:10 . 2011-06-08 09:53 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-06-22 21:10 . 2011-06-08 09:53 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-06-22 21:09 . 2011-06-22 21:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-06-22 21:08 . 2011-06-08 09:54 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-06-22 21:08 . 2011-06-22 21:28 -------- d-----w- c:\programdata\AVS4YOU
2011-06-22 21:06 . 2011-06-23 16:54 -------- d-----w- c:\program files\AVS4YOU
2011-06-22 20:41 . 2011-06-24 02:33 -------- d-----w- c:\program files\NOS
2011-06-22 20:41 . 2011-06-23 17:36 -------- d-----w- c:\programdata\NOS
2011-06-22 16:59 . 2011-06-22 16:59 -------- d-----w- c:\programdata\WindowsSearch
2011-06-22 15:24 . 2011-06-22 15:24 -------- d-----w- c:\program files\ArcSoft
2011-06-22 15:24 . 1999-05-26 08:46 212480 ----a-w- c:\windows\pcdlib32.dll
2011-06-22 02:25 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-22 02:25 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-22 02:14 . 2011-06-22 02:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-21 23:50 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-06-21 23:50 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-06-21 23:50 . 2011-06-21 23:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 22:01 . 2011-06-21 22:01 -------- d-----w- c:\program files\Free YouTube Downloader
2011-06-21 21:58 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-21 21:58 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 21:58 . 2011-06-21 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-21 14:57 . 2011-06-07 07:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-21 07:59 . 2011-06-21 07:57 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F81E6C7C-CA5F-45E6-B761-4FDB87E176A2}\gapaengine.dll
2011-06-21 06:56 . 2011-06-21 21:56 -------- d-----w- c:\programdata\AVAST Software
2011-06-21 06:56 . 2011-06-21 06:56 -------- d-----w- c:\program files\AVAST Software
2011-06-21 06:38 . 2011-06-21 06:43 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-21 06:34 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-21 03:16 . 2011-06-21 03:16 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 22:40 . 2011-06-19 22:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-19 22:36 . 2011-06-21 03:22 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-18 01:47 . 2011-06-18 01:47 -------- d-----w- c:\programdata\InterVideo
2011-06-17 15:59 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-17 15:32 . 2011-06-17 15:32 -------- d-----w- c:\program files\Windows Portable Devices
2011-06-17 15:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-06-17 15:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-17 15:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-17 15:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-06-17 15:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-06-17 15:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-06-17 14:59 . 2011-06-17 14:59 98816 ----a-w- c:\windows\system32\mfps.dll
2011-06-17 14:59 . 2011-06-17 14:59 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-17 14:59 . 2011-06-17 14:59 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-06-17 14:59 . 2011-06-17 14:59 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-06-17 14:59 . 2011-06-17 14:59 2873344 ----a-w- c:\windows\system32\mf.dll
2011-06-17 14:59 . 2011-06-17 14:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-17 14:59 . 2011-06-17 14:59 586240 ----a-w- c:\windows\system32\stobject.dll
2011-06-17 14:59 . 2011-06-17 14:59 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-06-17 14:43 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 14:43 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-17 14:43 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-06-17 14:43 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-06-17 14:43 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-06-17 14:43 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-06-17 14:43 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-06-17 14:43 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-17 14:43 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-17 14:43 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-06-17 14:43 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-06-17 14:43 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-06-17 14:41 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-06-17 14:35 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A65DB2DA-DF0D-43A1-9838-28F7C7B6354D}\mpengine.dll
2011-06-17 13:27 . 2011-06-17 13:27 -------- d-----w- c:\program files\Microsoft.NET
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\ca-ES
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\eu-ES
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\vi-VN
2011-06-17 09:00 . 2011-06-17 09:00 -------- d-----w- c:\windows\system32\EventProviders
2011-06-17 08:57 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-06-17 08:57 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-06-17 08:57 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-06-17 08:57 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-06-17 08:57 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-06-17 08:57 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-06-17 08:57 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-06-17 08:57 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-06-17 08:55 . 2009-04-11 06:28 368640 ----a-w- c:\windows\system32\mspbde40.dll
2011-06-17 08:54 . 2009-04-11 06:28 342528 ----a-w- c:\windows\system32\zipfldr.dll
2011-06-17 08:53 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-06-17 08:53 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-17 08:53 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-06-17 08:53 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-06-17 08:53 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-06-17 08:53 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 14:58 . 2011-06-17 14:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-06-16 16:44 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-16 16:44 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-15 15:47 . 2011-06-15 15:47 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-06-15 03:52 . 2011-06-15 03:52 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-04-22 09:35 . 2011-04-22 09:35 1460608 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-22 21:01 . 2011-06-15 01:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 3772416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jaureg.exe" [2010-05-14 237800]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
.
c:\users\Tendai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl04eaf06c;MpKsl04eaf06c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B27B764D-EBF1-4342-AF26-A1C2EE6F7DEE}\MpKsl04eaf06c.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-04-06 4326472]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-04-08 233472]
S1 38013711;38013711;c:\windows\system32\DRIVERS\38013711.sys [2009-09-25 128016]
S1 MpKsl194f0b8e;MpKsl194f0b8e;c:\windows\system32\MpEngineStore\MpKsl194f0b8e.sys [2011-07-01 28752]
S1 MpKsl788fa796;MpKsl788fa796;c:\windows\system32\MpEngineStore\MpKsl788fa796.sys [2011-07-01 28752]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-04-06 381512]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL788FA796
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-...
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-01 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-01 16:05:25
ComboFix-quarantined-files.txt 2011-07-01 15:05
.
Pre-Run: 21,431,263,232 bytes free
Post-Run: 21,442,142,208 bytes free
.
- - End Of File - - 30030F057C5A3325EEB9D036512BD7FF

[Africanlion]

ComboFix 11-06-30.05 - Tendai 01/07/2011 15:39:41.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.1159 [GMT 1:00]
Running from: c:\users\Tendai\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tendai\AppData\Roaming\Microsoft\Windows\Recent\Palatial Masterpiece - Alpharetta, Georgia.url
c:\users\Tendai\qhi498fh.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 14:54 . 2011-07-01 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 11:44 . 2011-07-01 13:30 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-30 19:15 . 2011-06-07 07:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F1221F5-E0E7-48CC-B829-2AECD2B846A6}\mpengine.dll
2011-06-30 17:57 . 2009-12-31 13:02 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-06-30 17:57 . 2011-04-08 15:06 229376 ----a-w- c:\windows\system32\PuranDC.exe
2011-06-30 17:57 . 2011-04-08 15:06 109056 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-06-30 17:57 . 2011-04-08 15:06 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-06-30 17:57 . 2011-04-08 15:06 1114112 ----a-w- c:\windows\system32\PuranFD.exe
2011-06-30 17:57 . 2011-06-30 17:57 -------- d-----w- c:\program files\Puran Defrag
2011-06-30 16:54 . 2011-06-30 16:54 -------- dc----w- C:\_OTL
2011-06-30 16:25 . 2002-07-25 16:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-06-30 16:07 . 2011-06-30 16:08 -------- d-----w- c:\program files\EPSON Print CD
2011-06-30 16:06 . 2011-06-30 16:15 -------- d-----w- c:\programdata\UDL
2011-06-30 16:01 . 2005-06-01 03:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll
2011-06-30 16:01 . 2005-05-31 23:10 73728 ----a-w- c:\windows\system32\PICSDK.dll
2011-06-30 16:01 . 2005-06-01 02:10 77824 ----a-w- c:\windows\system32\PICEntry.dll
2011-06-30 16:01 . 2004-03-03 05:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-06-30 16:01 . 2004-03-03 05:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-06-30 01:16 . 2011-06-30 09:23 -------- d-----w- c:\programdata\OnlineArmor
2011-06-30 01:03 . 2011-04-06 12:02 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-06-30 01:03 . 2011-04-06 12:01 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-06-30 01:03 . 2011-04-06 12:01 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-06-30 00:58 . 2011-07-01 13:42 -------- d-----w- c:\program files\Online Armor
2011-06-30 00:19 . 2011-06-30 21:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-30 00:01 . 2011-06-30 00:01 -------- d-----w- c:\program files\OpenDNS Updater
2011-06-29 18:42 . 2011-06-29 18:42 100736 -c--a-w- C:\kgliipob.sys
2011-06-29 18:18 . 2011-06-29 18:27 -------- d-----w- c:\program files\Canon
2011-06-29 03:20 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 01:01 . 2011-06-29 01:07 -------- d-----w- c:\program files\Microsoft ATS
2011-06-27 16:06 . 2011-06-27 16:06 -------- d--h--w- c:\programdata\Common Files
2011-06-27 15:29 . 2011-06-29 18:35 -------- d-----w- c:\programdata\AVG10
2011-06-27 15:05 . 2011-06-27 15:05 -------- d-----w- c:\program files\AVG
2011-06-27 14:34 . 2011-06-29 18:13 -------- d-----w- c:\programdata\MFAData
2011-06-26 20:17 . 2011-06-27 14:10 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-06-24 14:12 . 2011-06-28 16:41 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-24 13:39 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\38013711.sys
2011-06-23 21:03 . 2010-07-25 21:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2011-06-23 21:03 . 2010-07-25 21:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2011-06-23 21:03 . 2010-07-25 21:23 258352 ----a-w- c:\windows\system32\unicows.dll
2011-06-23 21:03 . 2010-07-25 21:23 33968 ----a-w- c:\windows\system32\anim.dll
2011-06-23 21:03 . 2010-07-25 21:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2011-06-23 21:03 . 2010-07-25 21:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2011-06-23 20:27 . 2011-06-23 20:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-22 21:10 . 2011-06-08 09:53 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-06-22 21:10 . 2011-06-08 09:53 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-06-22 21:09 . 2011-06-22 21:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-06-22 21:08 . 2011-06-08 09:54 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-06-22 21:08 . 2011-06-22 21:28 -------- d-----w- c:\programdata\AVS4YOU
2011-06-22 21:06 . 2011-06-23 16:54 -------- d-----w- c:\program files\AVS4YOU
2011-06-22 20:41 . 2011-06-24 02:33 -------- d-----w- c:\program files\NOS
2011-06-22 20:41 . 2011-06-23 17:36 -------- d-----w- c:\programdata\NOS
2011-06-22 16:59 . 2011-06-22 16:59 -------- d-----w- c:\programdata\WindowsSearch
2011-06-22 15:24 . 2011-06-22 15:24 -------- d-----w- c:\program files\ArcSoft
2011-06-22 15:24 . 1999-05-26 08:46 212480 ----a-w- c:\windows\pcdlib32.dll
2011-06-22 02:25 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-22 02:25 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-22 02:14 . 2011-06-22 02:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-21 23:50 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-06-21 23:50 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-06-21 23:50 . 2011-06-21 23:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 22:01 . 2011-06-21 22:01 -------- d-----w- c:\program files\Free YouTube Downloader
2011-06-21 21:58 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-21 21:58 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 21:58 . 2011-06-21 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-21 14:57 . 2011-06-07 07:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-21 07:59 . 2011-06-21 07:57 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F81E6C7C-CA5F-45E6-B761-4FDB87E176A2}\gapaengine.dll
2011-06-21 06:56 . 2011-06-21 21:56 -------- d-----w- c:\programdata\AVAST Software
2011-06-21 06:56 . 2011-06-21 06:56 -------- d-----w- c:\program files\AVAST Software
2011-06-21 06:38 . 2011-06-21 06:43 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-21 06:34 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-21 03:16 . 2011-06-21 03:16 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 22:40 . 2011-06-19 22:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-19 22:36 . 2011-06-21 03:22 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-18 01:47 . 2011-06-18 01:47 -------- d-----w- c:\programdata\InterVideo
2011-06-17 15:59 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-17 15:32 . 2011-06-17 15:32 -------- d-----w- c:\program files\Windows Portable Devices
2011-06-17 15:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-06-17 15:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-17 15:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-17 15:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-06-17 15:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-06-17 15:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-06-17 14:59 . 2011-06-17 14:59 98816 ----a-w- c:\windows\system32\mfps.dll
2011-06-17 14:59 . 2011-06-17 14:59 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-17 14:59 . 2011-06-17 14:59 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-06-17 14:59 . 2011-06-17 14:59 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-06-17 14:59 . 2011-06-17 14:59 2873344 ----a-w- c:\windows\system32\mf.dll
2011-06-17 14:59 . 2011-06-17 14:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-17 14:59 . 2011-06-17 14:59 586240 ----a-w- c:\windows\system32\stobject.dll
2011-06-17 14:59 . 2011-06-17 14:59 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-06-17 14:43 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 14:43 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-17 14:43 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-06-17 14:43 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-06-17 14:43 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-06-17 14:43 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-06-17 14:43 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-06-17 14:43 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-17 14:43 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-17 14:43 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-06-17 14:43 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-06-17 14:43 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-06-17 14:41 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-06-17 14:35 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A65DB2DA-DF0D-43A1-9838-28F7C7B6354D}\mpengine.dll
2011-06-17 13:27 . 2011-06-17 13:27 -------- d-----w- c:\program files\Microsoft.NET
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\ca-ES
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\eu-ES
2011-06-17 10:10 . 2011-06-17 10:12 -------- d-----w- c:\windows\system32\vi-VN
2011-06-17 09:00 . 2011-06-17 09:00 -------- d-----w- c:\windows\system32\EventProviders
2011-06-17 08:57 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-06-17 08:57 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-06-17 08:57 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-06-17 08:57 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-06-17 08:57 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-06-17 08:57 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-06-17 08:57 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-06-17 08:57 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-06-17 08:55 . 2009-04-11 06:28 368640 ----a-w- c:\windows\system32\mspbde40.dll
2011-06-17 08:54 . 2009-04-11 06:28 342528 ----a-w- c:\windows\system32\zipfldr.dll
2011-06-17 08:53 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-06-17 08:53 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-17 08:53 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-06-17 08:53 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-06-17 08:53 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-06-17 08:53 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 14:58 . 2011-06-17 14:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-06-16 16:44 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-16 16:44 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-15 15:47 . 2011-06-15 15:47 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-06-15 03:52 . 2011-06-15 03:52 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-04-22 09:35 . 2011-04-22 09:35 1460608 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-22 21:01 . 2011-06-15 01:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 3772416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jaureg.exe" [2010-05-14 237800]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
.
c:\users\Tendai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl04eaf06c;MpKsl04eaf06c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B27B764D-EBF1-4342-AF26-A1C2EE6F7DEE}\MpKsl04eaf06c.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-04-06 4326472]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-04-08 233472]
S1 38013711;38013711;c:\windows\system32\DRIVERS\38013711.sys [2009-09-25 128016]
S1 MpKsl194f0b8e;MpKsl194f0b8e;c:\windows\system32\MpEngineStore\MpKsl194f0b8e.sys [2011-07-01 28752]
S1 MpKsl788fa796;MpKsl788fa796;c:\windows\system32\MpEngineStore\MpKsl788fa796.sys [2011-07-01 28752]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-04-06 381512]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL788FA796
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buzqo.com/?cfg=2-401-0-...
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-01 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-01 16:05:25
ComboFix-quarantined-files.txt 2011-07-01 15:05
.
Pre-Run: 21,431,263,232 bytes free
Post-Run: 21,442,142,208 bytes free
.
- - End Of File - - 30030F057C5A3325EEB9D036512BD7FF

[Africanlion]

I have not got a Windows Vista disk but have got Toshiba Recovery Disk

[maliprog]

Hi Africanlion,

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
• On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

• TDSSKiller log
• aswMBR log

It would be helpful if you could post each log in separate post

[Africanlion]

2011/07/02 14:03:09.0938 5360 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 14:03:11.0974 5360 ================================================================================
2011/07/02 14:03:11.0975 5360 SystemInfo:
2011/07/02 14:03:11.0975 5360
2011/07/02 14:03:11.0975 5360 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/02 14:03:11.0975 5360 Product type: Workstation
2011/07/02 14:03:11.0976 5360 ComputerName: TENDAI-PC
2011/07/02 14:03:11.0976 5360 UserName: Tendai
2011/07/02 14:03:11.0976 5360 Windows directory: C:\Windows
2011/07/02 14:03:11.0976 5360 System windows directory: C:\Windows
2011/07/02 14:03:11.0976 5360 Processor architecture: Intel x86
2011/07/02 14:03:11.0976 5360 Number of processors: 1
2011/07/02 14:03:11.0976 5360 Page size: 0x1000
2011/07/02 14:03:11.0976 5360 Boot type: Normal boot
2011/07/02 14:03:11.0977 5360 ================================================================================
2011/07/02 14:03:15.0694 5360 Initialize success
2011/07/02 14:03:27.0823 0156 ================================================================================
2011/07/02 14:03:27.0824 0156 Scan started
2011/07/02 14:03:27.0824 0156 Mode: Manual;
2011/07/02 14:03:27.0824 0156 ================================================================================
2011/07/02 14:03:30.0145 0156 38013711 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\38013711.sys
2011/07/02 14:03:30.0259 0156 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/07/02 14:03:30.0400 0156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/02 14:03:30.0598 0156 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/02 14:03:30.0821 0156 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/02 14:03:30.0936 0156 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/02 14:03:31.0105 0156 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/02 14:03:31.0365 0156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/02 14:03:31.0592 0156 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/02 14:03:31.0779 0156 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/02 14:03:31.0968 0156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/02 14:03:32.0247 0156 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/02 14:03:32.0421 0156 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/02 14:03:32.0560 0156 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/02 14:03:32.0727 0156 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/02 14:03:32.0872 0156 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/02 14:03:33.0187 0156 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/02 14:03:33.0279 0156 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/02 14:03:33.0492 0156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/02 14:03:33.0643 0156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/02 14:03:33.0895 0156 athr (65b4e571b8c3f5b960ab889c0a770459) C:\Windows\system32\DRIVERS\athr.sys
2011/07/02 14:03:34.0247 0156 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/07/02 14:03:34.0681 0156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/02 14:03:35.0079 0156 BoiHwsetup (e55df0e45b80871199410aae44233548) C:\Windows\system32\drivers\BoiHwSetup.sys
2011/07/02 14:03:35.0206 0156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/02 14:03:35.0348 0156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/02 14:03:35.0523 0156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/02 14:03:35.0739 0156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/02 14:03:36.0017 0156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/02 14:03:36.0285 0156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/02 14:03:36.0585 0156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/02 14:03:36.0879 0156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/02 14:03:37.0407 0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/02 14:03:37.0576 0156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/02 14:03:37.0789 0156 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/02 14:03:38.0076 0156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/02 14:03:38.0590 0156 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/02 14:03:38.0708 0156 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/02 14:03:38.0817 0156 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/02 14:03:39.0066 0156 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/02 14:03:39.0196 0156 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/02 14:03:39.0525 0156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/02 14:03:39.0776 0156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/02 14:03:40.0499 0156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/02 14:03:40.0668 0156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/02 14:03:40.0824 0156 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/02 14:03:41.0005 0156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/02 14:03:41.0194 0156 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/02 14:03:41.0584 0156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/02 14:03:41.0740 0156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/02 14:03:42.0282 0156 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/02 14:03:42.0639 0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/02 14:03:43.0005 0156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/02 14:03:43.0180 0156 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/02 14:03:43.0434 0156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/02 14:03:43.0817 0156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/02 14:03:44.0050 0156 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/02 14:03:44.0582 0156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/02 14:03:45.0177 0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 14:03:45.0426 0156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/02 14:03:45.0576 0156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/02 14:03:45.0761 0156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/02 14:03:46.0315 0156 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/02 14:03:46.0468 0156 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/07/02 14:03:46.0714 0156 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/02 14:03:46.0975 0156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/02 14:03:47.0149 0156 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/02 14:03:47.0593 0156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/02 14:03:48.0317 0156 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/02 14:03:48.0631 0156 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/02 14:03:49.0239 0156 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/02 14:03:49.0981 0156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/02 14:03:50.0623 0156 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/02 14:03:50.0935 0156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/02 14:03:51.0451 0156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/02 14:03:51.0674 0156 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/02 14:03:52.0341 0156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/02 14:03:52.0670 0156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/02 14:03:53.0043 0156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/02 14:03:53.0443 0156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/02 14:03:53.0686 0156 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/02 14:03:54.0139 0156 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
2011/07/02 14:03:54.0439 0156 KR10N (0f9e83709cbb60b1549f3a65d0ab6e4f) C:\Windows\system32\drivers\kr10n.sys
2011/07/02 14:03:54.0732 0156 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/02 14:03:57.0170 0156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/02 14:03:59.0818 0156 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/02 14:04:02.0132 0156 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/02 14:04:04.0144 0156 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/02 14:04:06.0229 0156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/02 14:04:08.0724 0156 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/02 14:04:10.0737 0156 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/02 14:04:11.0216 0156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/02 14:04:11.0341 0156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/02 14:04:11.0708 0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/02 14:04:11.0946 0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/02 14:04:12.0145 0156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/02 14:04:12.0346 0156 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/02 14:04:12.0547 0156 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/02 14:04:12.0999 0156 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/02 14:04:13.0490 0156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/02 14:04:13.0884 0156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/02 14:04:14.0186 0156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/02 14:04:14.0442 0156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 14:04:14.0605 0156 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 14:04:14.0761 0156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 14:04:15.0034 0156 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/02 14:04:15.0247 0156 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/02 14:04:15.0717 0156 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/07/02 14:04:16.0109 0156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/02 14:04:16.0472 0156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/02 14:04:16.0875 0156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/02 14:04:17.0783 0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/02 14:04:18.0086 0156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/02 14:04:18.0329 0156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/02 14:04:18.0542 0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/02 14:04:18.0784 0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/02 14:04:19.0076 0156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/02 14:04:19.0454 0156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/02 14:04:19.0683 0156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/02 14:04:20.0127 0156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/02 14:04:20.0362 0156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/02 14:04:20.0693 0156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/02 14:04:21.0010 0156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/02 14:04:21.0324 0156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/02 14:04:21.0578 0156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/02 14:04:22.0396 0156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/02 14:04:22.0616 0156 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/02 14:04:23.0158 0156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/02 14:04:23.0518 0156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/02 14:04:23.0896 0156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/02 14:04:24.0403 0156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/02 14:04:24.0607 0156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/02 14:04:24.0740 0156 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/02 14:04:24.0978 0156 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/02 14:04:25.0251 0156 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/02 14:04:25.0977 0156 OADevice (131b33debe75acee4604fdad3e650ef7) C:\Windows\system32\drivers\OADriver.sys
2011/07/02 14:04:26.0249 0156 oahlpXX (c040c3baf7e9d700d54bf93a125ae0db) C:\Windows\system32\drivers\oahlp32.sys
2011/07/02 14:04:26.0481 0156 OAmon (135a8b08e46cb03fec9d9087da9031b5) C:\Windows\system32\drivers\OAmon.sys
2011/07/02 14:04:26.0828 0156 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/02 14:04:27.0157 0156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/02 14:04:27.0426 0156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/02 14:04:27.0634 0156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/02 14:04:27.0993 0156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/02 14:04:28.0201 0156 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/02 14:04:28.0438 0156 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/02 14:04:28.0766 0156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/02 14:04:30.0212 0156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/02 14:04:30.0511 0156 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/02 14:04:30.0825 0156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/02 14:04:31.0314 0156 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/07/02 14:04:31.0737 0156 qkbfiltr (63591bf8b30ba8891ee69f53f03495f6) C:\Windows\system32\DRIVERS\qkbfiltr.sys
2011/07/02 14:04:32.0072 0156 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/02 14:04:32.0956 0156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/02 14:04:33.0438 0156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/02 14:04:33.0803 0156 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/02 14:04:34.0270 0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/02 14:04:35.0313 0156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 14:04:35.0639 0156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/02 14:04:36.0058 0156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/02 14:04:36.0281 0156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/02 14:04:36.0611 0156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 14:04:37.0114 0156 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/02 14:04:38.0180 0156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/02 14:04:38.0582 0156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/02 14:04:39.0270 0156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/02 14:04:39.0632 0156 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/07/02 14:04:39.0968 0156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/02 14:04:40.0223 0156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/02 14:04:40.0709 0156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/02 14:04:42.0392 0156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/02 14:04:43.0249 0156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/02 14:04:43.0636 0156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/02 14:04:45.0095 0156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/02 14:04:45.0583 0156 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/02 14:04:45.0717 0156 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/02 14:04:45.0847 0156 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/02 14:04:46.0079 0156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/02 14:04:46.0364 0156 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/02 14:04:46.0771 0156 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/02 14:04:47.0138 0156 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/02 14:04:48.0186 0156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/02 14:04:48.0579 0156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/02 14:04:48.0846 0156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/02 14:04:49.0164 0156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/02 14:04:49.0330 0156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/02 14:04:49.0765 0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/02 14:04:50.0165 0156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/02 14:04:50.0359 0156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/02 14:04:50.0569 0156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/02 14:04:51.0038 0156 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/02 14:04:51.0797 0156 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/07/02 14:04:52.0241 0156 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/02 14:04:52.0561 0156 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/02 14:04:52.0787 0156 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/07/02 14:04:54.0607 0156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/02 14:04:55.0124 0156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/02 14:04:55.0445 0156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/02 14:04:56.0015 0156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/02 14:04:58.0162 0156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 14:04:58.0534 0156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/02 14:04:58.0730 0156 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/02 14:04:58.0970 0156 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/02 14:04:59.0276 0156 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/02 14:04:59.0543 0156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/02 14:05:00.0203 0156 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/02 14:05:00.0485 0156 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/02 14:05:00.0763 0156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/02 14:05:01.0145 0156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/02 14:05:01.0448 0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/02 14:05:02.0083 0156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/02 14:05:02.0476 0156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/02 14:05:03.0037 0156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/02 14:05:03.0322 0156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/02 14:05:03.0659 0156 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/02 14:05:03.0843 0156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/02 14:05:04.0077 0156 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/02 14:05:04.0415 0156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 14:05:04.0755 0156 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/02 14:05:05.0156 0156 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/02 14:05:05.0713 0156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/02 14:05:06.0115 0156 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/02 14:05:06.0826 0156 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/02 14:05:07.0349 0156 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/02 14:05:07.0562 0156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/02 14:05:08.0722 0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/02 14:05:09.0085 0156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/02 14:05:10.0387 0156 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/02 14:05:11.0321 0156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/02 14:05:11.0537 0156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:05:11.0675 0156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:05:12.0089 0156 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/02 14:05:12.0331 0156 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/02 14:05:14.0088 0156 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/02 14:05:15.0416 0156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/02 14:05:17.0876 0156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/02 14:05:18.0677 0156 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/02 14:05:18.0870 0156 Boot (0x1200) (1ab8fc2f11760e7f493899d6eed91de1) \Device\Harddisk0\DR0\Partition0
2011/07/02 14:05:18.0978 0156 ================================================================================
2011/07/02 14:05:18.0978 0156 Scan finished
2011/07/02 14:05:18.0979 0156 ================================================================================
2011/07/02 14:05:19.0030 4548 Detected object count: 0
2011/07/02 14:05:19.0030 4548 Actual detected object count: 0

[Africanlion]

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 14:08:45
-----------------------------
14:08:45.280 OS Version: Windows 6.0.6002 Service Pack 2
14:08:45.281 Number of processors: 1 586 0xE08
14:08:45.283 ComputerName: TENDAI-PC UserName: Tendai
14:09:35.940 Initialize success
14:10:24.971 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:10:24.991 Disk 0 Vendor: FUJITSU_MHV2060BH_PL 0000002A Size: 57231MB BusType: 3
14:10:27.050 Disk 0 MBR read successfully
14:10:27.060 Disk 0 MBR scan
14:10:27.079 Disk 0 unknown MBR code
14:10:29.142 Disk 0 scanning sectors +117207040
14:10:29.200 Disk 0 scanning C:\Windows\system32\drivers
14:10:36.682 Service scanning
14:10:39.979 Disk 0 trace - called modules:
14:10:40.032 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:10:40.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8469fac8]
14:10:40.071 3 CLASSPNP.SYS[8789f8b3] -> nt!IofCallDriver -> [0x83ba2928]
14:10:40.091 5 acpi.sys[872476bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8450c528]
14:10:40.128 Scan finished successfully
14:11:36.786 Disk 0 MBR has been saved successfully to "C:\Users\Tendai\Desktop\MBR.dat"
14:11:36.925 The log file has been saved successfully to "C:\Users\Tendai\Desktop\aswMBR.txt"

[Africanlion]

BTW Microsoft Essentials reported finding this 3 days ago (twice). VirTool;INF/Autorun!A

I removed it though, what is it

[maliprog]

Before we continue... how is your system now? Any changes?

[Africanlion]

maliprog its bit better but still not working the right way. Videos still keep freezing and when i try to open volume mixer it doesnt work and Windows Explorer still crashing and Media player wont work

[maliprog]

Hi Africanlion,

Because I don't see any trace of malware in your logs we will exclude this problem for the moment. Please test your system in Safe Mode with Networking. Do exactly what you do in normal mode and see if you get crash again.

Step 1

Please restart in safe mode:

• If the computer is running, shut down Windows, and then turn off the power
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe mode with networking option is selected.
• Press Enter. The computer then begins to start in Safe mode.

[Africanlion]

Hi maliprog sorry for late reply i had travelled to Middlesboro for past 2 days and am back now. So what should i test for?

[maliprog]

Hi Africanlion,

Test if your explorer crashes and do you have any problems like in Normal mode.

[Africanlion]

hi maliprog. It works much better in safe mode, even switching between windows is much much quicker as well as loading pages and opening new ones on the internet. So what does this mean then

Also how do i remove this buzco.com on IE, i dodnt remember installing it or anything yet its now the default home page

Edited by Africanlion, 07 July 2011 - 03:45 PM.

[maliprog]

Hi Africanlion,

That means we need to find driver or service that cause this behavior. We will do this in Steps 2 and 3.

Step 1

To change home page in Internet Explorer you must

• Click on Tools menu then click on Internet Options
• Click on General tub and in Home page section write page you wont to open on startup (for example http://www.google.com)
• press Apply then OK button to save changes

Step 2

Lets first check your startup items

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Test your system here same as you test it in Safe mode. If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results

Step 3

Lets now check your drivers and services

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Services
Click on the Hide All Microsoft Services
Then uncheck everything and press Apply button.
Restart your system now

Test your system here same as you test it in Safe mode. If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results

[Africanlion]

No real difference maliprog except that webpages seem to open bit faster after doing step e only that flv videos not playing when i have done those steps