Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Sirefef.J

Started by marissajune , Oct 07 2011 11:20 AM

  • Please log in to reply

#1
marissajune
Posted 07 October 2011 - 11:20 AM

marissajune

    New Member

  • Member
  • Pip
  • 4 posts
Last night I was on a forum that I had never been to before when my computer froze up for a bit and then when it unfroze it aksed me to run a program I didn't recognize (I don't remember what the program was). I kept clicking cancel and it kept popping back up. The only way to escape was to shut down the computer. When I restarted the Microsoft Security Essentials was freaking out. It kept telling me that my computer was at risk. I would clean computer. We would be fine for a couple minutes and then it would tell me my computer was at risk again. This happened 12 times. The first detected item was Exploit:Win32/Pdfjsc.WL. The next 11 detected items were Trojan:Win32/Sirefef.J. Even though it would supposedly delete the trojan file it kept popping back up. I ran a full scan with Microsoft Security Essentials this morning and the trojan file hasn't reappeared. I did some research on this Sirefef file and it seems to be really bad so now I am paranoid that the scans aren't detecting it anymore but it is still on my computer. My computer seems to be running fine, but I didn't want to wait until it was nonfunctional to ask for help. How can I tell if this virus (?) is still on my computer? If it is still there I do I get rid of it?

Thanks so much!

-------------------

OTL logfile created on: 10/7/2011 12:29:22 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Nadolski\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 23.44% Memory free
4.21 Gb Paging File | 1.73 Gb Available in Paging File | 41.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 24.10 Gb Free Space | 17.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.47 Gb Free Space | 54.69% Space Free | Partition Type: NTFS

Computer Name: MARISSA-PC | User Name: Nadolski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 12:29:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nadolski\Desktop\OTL.exe
PRC - [2011/10/04 07:52:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/22 10:08:17 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe
PRC - [2011/07/28 22:46:07 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/16 13:13:20 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/22 08:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/01 16:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/02/03 21:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2010/02/03 21:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/10/16 10:10:34 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/07 12:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 12:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 15:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/07/20 19:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2007/03/15 20:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/28 15:35:32 | 001,011,200 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC\update\SST.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 07:52:21 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 08:30:19 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/21 07:50:56 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b307fcf27673a18c3660e4f3438a454c\System.Web.ni.dll
MOD - [2011/05/21 07:50:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\95b780b82a20fb7c463b78f034329df5\System.Runtime.Remoting.ni.dll
MOD - [2011/05/21 07:50:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fb9f4da6dd18b147baca425a0f5fe3b5\System.Configuration.ni.dll
MOD - [2011/05/21 07:48:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7b1cc9a5490437cd5c0d5fb5ea3c0e34\System.Xml.ni.dll
MOD - [2011/05/21 07:48:33 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd2b1592d28bd0eed480f40d5f63b86c\System.Windows.Forms.ni.dll
MOD - [2011/05/21 07:48:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e9f88677c9a7357c3ce76cdaae8d4654\System.Drawing.ni.dll
MOD - [2011/05/21 07:47:04 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d55579c9c2c8ca58c6379eda52a97c9e\System.ni.dll
MOD - [2011/05/21 07:46:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\70df10917822b8ef1379b9820e7281c1\mscorlib.ni.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/11/01 16:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/11/01 16:15:10 | 000,177,616 | ---- | M] () -- C:\Program Files\SelectRebates\SRebates.dll
MOD - [2010/02/03 21:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
MOD - [2010/02/03 21:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/03 20:41:38 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/03 20:41:23 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/03 20:41:20 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/03 20:28:15 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2010/02/01 23:30:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.core.dll
MOD - [2010/02/01 23:30:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.common.dll
MOD - [2010/02/01 23:29:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2009/10/16 10:00:47 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxdatr.dll
MOD - [2009/10/16 10:00:40 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxcats.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/11/21 23:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/07/02 01:14:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/03/21 15:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/06/16 13:13:20 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/16 10:10:34 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 10:00:50 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 12:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 15:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 08:50:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55EB423C-0A95-4A20-BB96-E40D86EBE6AB}\MpKslbd095971.sys -- (MpKslbd095971)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/09/07 12:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/03/22 14:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 14:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 08:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 88 B5 28 89 82 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nadolski\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 07:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 13:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nadolski\AppData\Roaming\Move Networks [2010/01/17 10:13:27 | 000,000,000 | ---D | M]

[2010/12/12 19:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Extensions
[2010/12/12 19:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/09 19:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions
[2010/04/26 21:42:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/01 19:09:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 08:04:55 | 000,000,000 | ---D | M] (Kodak EasyShare Gallery Companion) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\[email protected]
[2011/01/16 11:01:29 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\[email protected]
[2009/07/03 13:04:22 | 000,001,632 | ---- | M] () -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\searchplugins\live-search.xml
[2011/06/12 10:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 10:25:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/17 19:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/01 11:23:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/01 08:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/01 08:09:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\NADOLSKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKKSEU9T.DEFAULT\EXTENSIONS\[email protected]
[2011/10/04 07:52:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/16 10:57:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/27 10:54:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/04/16 17:26:28 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/10/04 07:52:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B1847A4-0B56-4277-B532-D86FBF9677FD}: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B17F3FE9-0281-4AC2-8B53-A749700E8CB4}: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Nadolski\AppData\Local\cd2ed708\X) -C:\Users\Nadolski\AppData\Local\cd2ed708\X ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = WDSetup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 12:29:05 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Nadolski\Desktop\OTL.exe
[2011/10/07 08:48:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 08:46:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/07 08:46:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/07 08:46:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/07 08:46:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/07 08:30:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/06 21:09:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadolski\taskmgr.exe
[2011/10/06 21:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Nadolski\AppData\Local\cd2ed708
[2011/10/05 19:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 3600-4600 Series
[2011/09/15 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/09/15 21:42:14 | 000,000,000 | ---D | C] -- C:\Users\Nadolski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
[2011/09/15 21:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2011/09/15 21:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2011/09/14 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Nadolski\Desktop\P90X
[2011/04/12 21:08:55 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll
[2011/04/12 21:01:14 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2011/04/12 21:01:13 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2011/04/12 21:01:13 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2011/04/12 21:01:12 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2011/04/12 21:01:12 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2011/04/12 21:01:11 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2011/04/12 21:01:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2011/04/12 21:01:10 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2011/04/12 21:01:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2011/04/12 21:01:08 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2011/04/12 21:01:05 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2011/04/12 21:01:04 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2011/04/12 21:01:04 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2011/04/12 21:01:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 12:29:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nadolski\Desktop\OTL.exe
[2011/10/07 12:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 11:34:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 11:34:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 09:23:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 09:23:40 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/10/07 07:34:36 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/07 07:34:36 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/07 07:34:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 07:34:26 | 2135,105,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 21:09:57 | 000,027,136 | -HS- | M] () -- C:\Users\Nadolski\wevtapi.dll
[2011/10/04 12:08:22 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/04 12:08:22 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/22 20:18:09 | 000,405,217 | ---- | M] () -- C:\Users\Nadolski\Desktop\solids2chart.pdf
[2011/09/18 04:03:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011/09/14 21:56:12 | 000,035,184 | ---- | M] () -- C:\Users\Nadolski\Documents\Portfolio of Timothy John Nadolski.pfl
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 08:46:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/07 08:46:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/07 08:46:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/07 08:46:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/07 08:46:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/06 21:09:55 | 000,027,136 | -HS- | C] () -- C:\Users\Nadolski\wevtapi.dll
[2011/09/22 20:18:09 | 000,405,217 | ---- | C] () -- C:\Users\Nadolski\Desktop\solids2chart.pdf
[2011/04/12 21:07:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2011/04/12 21:05:20 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2011/04/12 21:05:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2011/04/12 21:05:20 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2011/04/12 21:04:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2011/04/12 21:04:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2011/04/12 21:04:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2011/04/12 21:04:25 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2011/04/12 21:01:41 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2011/04/12 21:01:14 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2011/04/12 21:01:07 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/31 13:45:29 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/15 05:01:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/15 05:01:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/01/14 00:01:43 | 000,005,648 | ---- | C] () -- C:\Users\Nadolski\AppData\Local\d3d9caps.dat
[2007/11/10 23:37:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/04 19:17:09 | 000,046,080 | ---- | C] () -- C:\Users\Nadolski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/03 16:49:23 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/10/29 15:10:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/29 15:10:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/10/29 15:10:02 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/29 15:09:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/29 15:09:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/29 07:30:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/29 07:30:19 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/04/10 17:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2011/04/02 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\calibre
[2011/01/16 10:57:29 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\Catalina Marketing Corp
[2011/08/10 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\Flip Video
[2011/04/13 14:07:21 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\Lexmark Productivity Studio
[2007/12/01 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\MusicNet
[2011/02/15 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\Nolo
[2010/04/21 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\OverDrive
[2011/05/25 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\PCDr
[2010/12/12 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Nadolski\AppData\Roaming\TomTom
[2011/10/07 07:34:36 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/07 09:23:40 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011/09/18 04:03:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/10/06 22:39:24 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/07 07:34:36 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 07 October 2011 - 10:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
dellsupportcenter

:OTL
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
[2011/08/01 19:09:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/17 19:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/01 11:23:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/01 08:09:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Users\Nadolski\AppData\Local\cd2ed708\X) -C:\Users\Nadolski\AppData\Local\cd2ed708\X ()
[2011/10/06 21:09:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadolski\taskmgr.exe
[2011/10/06 21:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Nadolski\AppData\Local\cd2ed708
[2011/10/06 21:09:57 | 000,027,136 | -HS- | M] () -- C:\Users\Nadolski\wevtapi.dll
[2011/10/07 07:34:36 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/07 09:23:40 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011/09/18 04:03:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/10/07 07:34:36 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config dellsupportcenter start= disabled /c
    
:Commands
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Ron
  • 0

#3
marissajune
Posted 08 October 2011 - 01:00 PM

marissajune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Ron. Microsoft Security Essentials detected/deleted the Trojan:Win32/Sirefef.J four times this morning so I guess it is still there.

TDSSKiller didn't create a log so I clicked on report and copy and pasted that.

When I ran aswMBR it asked "This application can us the Avast! Free Antivirus for scanning. It is recommended to download for better detection results. Would you like to download latest Avast! virus deinitions?" I clided "No". After the scan the Fix button was grey.

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7902

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

10/8/2011 1:46:14 PM
mbam-log-2011-10-08 (13-46-14).txt

Scan type: Quick scan
Objects scanned: 214815
Time elapsed: 15 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

ComboFix 11-10-08.02 - Nadolski 10/08/2011 14:12:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.890 [GMT -4:00]
Running from: c:\users\Nadolski\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll
c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll
c:\programdata\PCDr\5830\Downloads\b3c595f3-948c-4aae-b2a9-7aaa0df99c97.dll
c:\programdata\PCDr\5830\Downloads\b4ec5042-c9eb-4e0d-b56f-68c71eb653bf.dll
c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\programdata\SPL25AA.tmp
c:\programdata\SPL95C1.tmp
c:\programdata\SPLC467.tmp
c:\programdata\SPLE16F.tmp
c:\users\Nadolski\GoToAssistDownloadHelper.exe
c:\users\Tim\4681.pdf
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 18:28 . 2011-10-08 18:28 -------- d-----w- c:\users\Tim\AppData\Local\temp
2011-10-08 18:28 . 2011-10-08 18:28 -------- d-----w- c:\users\Marissa\AppData\Local\temp
2011-10-08 18:28 . 2011-10-08 18:29 -------- d-----w- c:\users\Nadolski\AppData\Local\temp
2011-10-08 18:28 . 2011-10-08 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 17:29 . 2011-10-08 17:29 -------- d-----w- c:\users\Nadolski\AppData\Roaming\Malwarebytes
2011-10-08 17:29 . 2011-10-08 17:29 -------- d-----w- c:\programdata\Malwarebytes
2011-10-08 17:29 . 2011-10-08 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 17:29 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 17:10 . 2011-10-08 17:10 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\MpKsl1ded9e1f.sys
2011-10-08 17:10 . 2011-10-08 17:10 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\offreg.dll
2011-10-08 17:08 . 2011-10-08 17:08 -------- d-----w- C:\_OTL
2011-10-08 16:55 . 2011-10-08 16:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\MpKsl26eb52a5.sys
2011-10-08 12:30 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\mpengine.dll
2011-10-08 11:56 . 2011-10-08 18:00 -------- d-----w- c:\programdata\STOPzilla!
2011-10-05 23:36 . 2011-10-05 23:36 -------- d-----w- c:\programdata\Lexmark 3600-4600 Series
2011-09-16 01:42 . 2011-09-16 01:42 -------- d-----w- c:\programdata\Trymedia
2011-09-16 01:41 . 2004-07-26 20:56 12800 ----a-w- c:\windows\system32\Wing32.dll
2011-09-16 01:41 . 2011-09-16 01:45 -------- d-----w- c:\program files\3DO
2011-09-09 15:12 . 2011-01-27 13:02 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC5F114-2112-4D6C-B448-B6A1D4343097}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 14:08 . 2011-07-13 21:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2010-05-19 22:59 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-10-04 11:52 . 2011-04-01 12:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-28 00:43 . 2007-11-11 20:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-02 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-02 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-02 133912]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-29 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-06-16 151552]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MPKSL1DED9E1F
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:28]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Nadolski\AppData\Roaming\Mozilla\Firefox\Profiles\qkkseu9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-08 14:28
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,86,76,f6,16,3e,4c,48,91,fa,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,86,76,f6,16,3e,4c,48,91,fa,08,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-08 14:37:14
ComboFix-quarantined-files.txt 2011-10-08 18:37
.
Pre-Run: 30,403,153,920 bytes free
Post-Run: 34,263,941,120 bytes free
.
- - End Of File - - 412FC863F04C5DE8D8B60D3E33BFA372

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

14:39:58.0108 4776 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
14:39:59.0278 4776 ============================================================
14:39:59.0278 4776 Current date / time: 2011/10/08 14:39:59.0278
14:39:59.0278 4776 SystemInfo:
14:39:59.0278 4776
14:39:59.0278 4776 OS Version: 6.0.6001 ServicePack: 1.0
14:39:59.0278 4776 Product type: Workstation
14:39:59.0278 4776 ComputerName: MARISSA-PC
14:39:59.0278 4776 UserName: Nadolski
14:39:59.0278 4776 Windows directory: C:\Windows
14:39:59.0278 4776 System windows directory: C:\Windows
14:39:59.0278 4776 Processor architecture: Intel x86
14:39:59.0278 4776 Number of processors: 2
14:39:59.0278 4776 Page size: 0x1000
14:39:59.0278 4776 Boot type: Normal boot
14:39:59.0278 4776 ============================================================
14:39:59.0824 4776 Initialize success
14:40:14.0878 2812 ============================================================
14:40:14.0878 2812 Scan started
14:40:14.0878 2812 Mode: Manual;
14:40:14.0878 2812 ============================================================
14:40:16.0032 2812 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:40:16.0032 2812 ACPI - ok
14:40:16.0141 2812 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:40:16.0157 2812 adp94xx - ok
14:40:16.0188 2812 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:40:16.0188 2812 adpahci - ok
14:40:16.0219 2812 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:40:16.0219 2812 adpu160m - ok
14:40:16.0266 2812 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:40:16.0282 2812 adpu320 - ok
14:40:16.0453 2812 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
14:40:16.0453 2812 AFD - ok
14:40:16.0516 2812 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
14:40:16.0516 2812 agp440 - ok
14:40:16.0562 2812 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:40:16.0562 2812 aic78xx - ok
14:40:16.0594 2812 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
14:40:16.0594 2812 aliide - ok
14:40:16.0656 2812 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
14:40:16.0656 2812 amdagp - ok
14:40:16.0687 2812 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
14:40:16.0687 2812 amdide - ok
14:40:16.0734 2812 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:40:16.0734 2812 AmdK7 - ok
14:40:16.0750 2812 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:40:16.0765 2812 AmdK8 - ok
14:40:16.0843 2812 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:40:16.0843 2812 arc - ok
14:40:16.0906 2812 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:40:16.0906 2812 arcsas - ok
14:40:16.0952 2812 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:16.0952 2812 AsyncMac - ok
14:40:16.0999 2812 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
14:40:17.0015 2812 atapi - ok
14:40:17.0140 2812 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:40:17.0140 2812 BCM43XX - ok
14:40:17.0155 2812 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:40:17.0171 2812 bcm4sbxp - ok
14:40:17.0233 2812 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:40:17.0233 2812 Beep - ok
14:40:17.0264 2812 blbdrive - ok
14:40:17.0514 2812 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:40:17.0514 2812 bowser - ok
14:40:17.0576 2812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:40:17.0576 2812 BrFiltLo - ok
14:40:17.0608 2812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:40:17.0608 2812 BrFiltUp - ok
14:40:17.0732 2812 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:40:17.0748 2812 Brserid - ok
14:40:17.0826 2812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:40:17.0826 2812 BrSerWdm - ok
14:40:17.0920 2812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:40:17.0920 2812 BrUsbMdm - ok
14:40:17.0951 2812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:40:17.0951 2812 BrUsbSer - ok
14:40:18.0013 2812 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:40:18.0013 2812 BTHMODEM - ok
14:40:18.0107 2812 catchme - ok
14:40:18.0200 2812 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:40:18.0232 2812 cdfs - ok
14:40:18.0278 2812 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:40:18.0278 2812 cdrom - ok
14:40:18.0341 2812 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:40:18.0341 2812 circlass - ok
14:40:18.0419 2812 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:40:18.0419 2812 CLFS - ok
14:40:18.0528 2812 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:18.0528 2812 CmBatt - ok
14:40:18.0590 2812 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
14:40:18.0606 2812 cmdide - ok
14:40:18.0668 2812 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:40:18.0668 2812 Compbatt - ok
14:40:18.0700 2812 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:40:18.0700 2812 crcdisk - ok
14:40:18.0731 2812 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:40:18.0731 2812 Crusoe - ok
14:40:18.0840 2812 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
14:40:18.0840 2812 DfsC - ok
14:40:18.0965 2812 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:40:18.0965 2812 disk - ok
14:40:19.0012 2812 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:40:19.0027 2812 drmkaud - ok
14:40:19.0168 2812 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:40:19.0168 2812 DSproct - ok
14:40:19.0339 2812 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
14:40:19.0339 2812 dsunidrv - ok
14:40:19.0402 2812 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:40:19.0417 2812 DXGKrnl - ok
14:40:19.0526 2812 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
14:40:19.0526 2812 e1express - ok
14:40:19.0604 2812 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:40:19.0604 2812 E1G60 - ok
14:40:19.0682 2812 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:40:19.0682 2812 Ecache - ok
14:40:19.0760 2812 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
14:40:19.0760 2812 elagopro - ok
14:40:19.0838 2812 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
14:40:19.0838 2812 elaunidr - ok
14:40:19.0932 2812 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:40:19.0932 2812 elxstor - ok
14:40:20.0057 2812 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:40:20.0057 2812 exfat - ok
14:40:20.0119 2812 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:40:20.0135 2812 fastfat - ok
14:40:20.0182 2812 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:40:20.0182 2812 fdc - ok
14:40:20.0228 2812 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:40:20.0244 2812 FileInfo - ok
14:40:20.0291 2812 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:40:20.0291 2812 Filetrace - ok
14:40:20.0384 2812 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:20.0384 2812 flpydisk - ok
14:40:20.0431 2812 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:40:20.0431 2812 FltMgr - ok
14:40:20.0478 2812 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:40:20.0478 2812 Fs_Rec - ok
14:40:20.0509 2812 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:40:20.0509 2812 gagp30kx - ok
14:40:20.0618 2812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:40:20.0618 2812 GEARAspiWDM - ok
14:40:20.0837 2812 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:40:20.0837 2812 HdAudAddService - ok
14:40:20.0868 2812 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:40:20.0868 2812 HDAudBus - ok
14:40:20.0915 2812 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:40:20.0915 2812 HidBth - ok
14:40:20.0993 2812 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:40:20.0993 2812 HidIr - ok
14:40:21.0040 2812 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:40:21.0040 2812 HidUsb - ok
14:40:21.0071 2812 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:40:21.0071 2812 HpCISSs - ok
14:40:21.0180 2812 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:40:21.0180 2812 HSF_DPV - ok
14:40:21.0211 2812 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:40:21.0227 2812 HSXHWAZL - ok
14:40:21.0305 2812 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:40:21.0320 2812 HTTP - ok
14:40:21.0352 2812 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:40:21.0367 2812 i2omp - ok
14:40:21.0445 2812 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:40:21.0445 2812 i8042prt - ok
14:40:21.0492 2812 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
14:40:21.0492 2812 iaStor - ok
14:40:21.0742 2812 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:40:21.0742 2812 iaStorV - ok
14:40:21.0913 2812 igfx (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:40:21.0929 2812 igfx - ok
14:40:22.0007 2812 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:40:22.0007 2812 iirsp - ok
14:40:22.0085 2812 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
14:40:22.0085 2812 intelide - ok
14:40:22.0147 2812 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:40:22.0147 2812 intelppm - ok
14:40:22.0272 2812 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:22.0272 2812 IpFilterDriver - ok
14:40:22.0288 2812 IpInIp - ok
14:40:22.0334 2812 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:40:22.0334 2812 IPMIDRV - ok
14:40:22.0397 2812 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:40:22.0397 2812 IPNAT - ok
14:40:22.0475 2812 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:40:22.0475 2812 IRENUM - ok
14:40:22.0537 2812 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
14:40:22.0537 2812 isapnp - ok
14:40:22.0615 2812 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:40:22.0615 2812 iScsiPrt - ok
14:40:22.0662 2812 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:40:22.0678 2812 iteatapi - ok
14:40:22.0724 2812 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:40:22.0724 2812 iteraid - ok
14:40:22.0787 2812 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:40:22.0787 2812 kbdclass - ok
14:40:22.0865 2812 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:40:22.0865 2812 kbdhid - ok
14:40:22.0927 2812 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:40:22.0943 2812 KSecDD - ok
14:40:22.0990 2812 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:40:22.0990 2812 lltdio - ok
14:40:23.0052 2812 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:40:23.0052 2812 LSI_FC - ok
14:40:23.0083 2812 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:40:23.0083 2812 LSI_SAS - ok
14:40:23.0146 2812 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:40:23.0146 2812 LSI_SCSI - ok
14:40:23.0192 2812 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:40:23.0208 2812 luafv - ok
14:40:23.0317 2812 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:40:23.0317 2812 MBAMProtector - ok
14:40:23.0380 2812 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:40:23.0380 2812 mdmxsdk - ok
14:40:23.0458 2812 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:40:23.0458 2812 megasas - ok
14:40:23.0551 2812 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:40:23.0551 2812 Modem - ok
14:40:23.0614 2812 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:40:23.0614 2812 monitor - ok
14:40:23.0660 2812 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:40:23.0660 2812 mouclass - ok
14:40:23.0676 2812 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:40:23.0676 2812 mouhid - ok
14:40:23.0785 2812 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:40:23.0785 2812 MountMgr - ok
14:40:24.0019 2812 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
14:40:24.0019 2812 MpFilter - ok
14:40:24.0082 2812 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:40:24.0082 2812 mpio - ok
14:40:24.0160 2812 MpKsl001a2fed - ok
14:40:24.0238 2812 MpKsl1ded9e1f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\MpKsl1ded9e1f.sys
14:40:24.0238 2812 MpKsl1ded9e1f - ok
14:40:24.0269 2812 MpKsl26eb52a5 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\MpKsl26eb52a5.sys
14:40:24.0284 2812 MpKsl26eb52a5 - ok
14:40:24.0300 2812 MpKsl278a300f - ok
14:40:24.0300 2812 MpKsl3ba2918f - ok
14:40:24.0347 2812 MpKsl49be9a2d - ok
14:40:24.0347 2812 MpKsl6efd55c3 - ok
14:40:24.0362 2812 MpKsl740f043f - ok
14:40:24.0362 2812 MpKsl759c3ae6 - ok
14:40:24.0378 2812 MpKsl89123373 - ok
14:40:24.0378 2812 MpKsl930871aa - ok
14:40:24.0409 2812 MpKslae2f6bd7 - ok
14:40:24.0409 2812 MpKslb05757ff - ok
14:40:24.0440 2812 MpKslbe2f4b60 - ok
14:40:24.0472 2812 MpKslc1a5f35d - ok
14:40:24.0503 2812 MpKsld22ba9f5 - ok
14:40:24.0518 2812 MpKsld6110d4a - ok
14:40:24.0550 2812 MpKslefc9d828 - ok
14:40:24.0596 2812 MpKslf9ed912f - ok
14:40:24.0784 2812 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:40:24.0784 2812 MpNWMon - ok
14:40:24.0846 2812 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:40:24.0846 2812 mpsdrv - ok
14:40:24.0908 2812 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:40:24.0908 2812 Mraid35x - ok
14:40:25.0002 2812 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:40:25.0002 2812 MREMP50 - ok
14:40:25.0018 2812 MREMP50a64 - ok
14:40:25.0033 2812 MREMPR5 - ok
14:40:25.0033 2812 MRENDIS5 - ok
14:40:25.0064 2812 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:40:25.0064 2812 MRESP50 - ok
14:40:25.0064 2812 MRESP50a64 - ok
14:40:25.0220 2812 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:40:25.0236 2812 MRxDAV - ok
14:40:25.0298 2812 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:25.0314 2812 mrxsmb - ok
14:40:25.0345 2812 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:25.0361 2812 mrxsmb10 - ok
14:40:25.0392 2812 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:25.0392 2812 mrxsmb20 - ok
14:40:25.0439 2812 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
14:40:25.0439 2812 msahci - ok
14:40:25.0486 2812 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:40:25.0486 2812 msdsm - ok
14:40:25.0595 2812 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:40:25.0595 2812 Msfs - ok
14:40:25.0626 2812 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:40:25.0626 2812 msisadrv - ok
14:40:25.0813 2812 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:40:25.0813 2812 MSKSSRV - ok
14:40:25.0907 2812 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:25.0922 2812 MSPCLOCK - ok
14:40:26.0000 2812 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:40:26.0000 2812 MSPQM - ok
14:40:26.0063 2812 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:40:26.0063 2812 MsRPC - ok
14:40:26.0110 2812 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:40:26.0110 2812 mssmbios - ok
14:40:26.0156 2812 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:40:26.0156 2812 MSTEE - ok
14:40:26.0203 2812 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:40:26.0234 2812 Mup - ok
14:40:26.0297 2812 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:40:26.0297 2812 NativeWifiP - ok
14:40:26.0359 2812 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:40:26.0359 2812 NDIS - ok
14:40:26.0422 2812 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:40:26.0422 2812 NdisTapi - ok
14:40:26.0468 2812 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:40:26.0484 2812 Ndisuio - ok
14:40:26.0531 2812 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:40:26.0531 2812 NdisWan - ok
14:40:26.0578 2812 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:40:26.0578 2812 NDProxy - ok
14:40:26.0624 2812 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:40:26.0624 2812 NetBIOS - ok
14:40:26.0656 2812 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:40:26.0671 2812 netbt - ok
14:40:26.0734 2812 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:40:26.0734 2812 nfrd960 - ok
14:40:26.0812 2812 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:40:26.0812 2812 NisDrv - ok
14:40:26.0874 2812 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:40:26.0874 2812 Npfs - ok
14:40:26.0921 2812 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:40:26.0968 2812 nsiproxy - ok
14:40:27.0046 2812 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:40:27.0092 2812 Ntfs - ok
14:40:27.0124 2812 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:40:27.0124 2812 ntrigdigi - ok
14:40:27.0170 2812 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:40:27.0170 2812 Null - ok
14:40:27.0202 2812 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:40:27.0202 2812 nvraid - ok
14:40:27.0233 2812 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:40:27.0233 2812 nvstor - ok
14:40:27.0295 2812 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
14:40:27.0295 2812 nv_agp - ok
14:40:27.0311 2812 NwlnkFlt - ok
14:40:27.0326 2812 NwlnkFwd - ok
14:40:27.0389 2812 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:40:27.0404 2812 ohci1394 - ok
14:40:27.0498 2812 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:40:27.0498 2812 Parport - ok
14:40:27.0545 2812 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:40:27.0545 2812 partmgr - ok
14:40:27.0576 2812 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:40:27.0576 2812 Parvdm - ok
14:40:27.0638 2812 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:40:27.0654 2812 pci - ok
14:40:27.0716 2812 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:40:27.0732 2812 pciide - ok
14:40:27.0810 2812 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:40:27.0810 2812 pcmcia - ok
14:40:28.0044 2812 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:40:28.0075 2812 PEAUTH - ok
14:40:28.0262 2812 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:40:28.0262 2812 PptpMiniport - ok
14:40:28.0325 2812 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:40:28.0325 2812 Processor - ok
14:40:28.0403 2812 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:40:28.0403 2812 PSched - ok
14:40:28.0465 2812 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\Windows\system32\Drivers\PxHelp20.sys
14:40:28.0465 2812 PxHelp20 - ok
14:40:28.0684 2812 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:40:28.0699 2812 ql2300 - ok
14:40:28.0715 2812 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:40:28.0715 2812 ql40xx - ok
14:40:28.0762 2812 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:40:28.0777 2812 QWAVEdrv - ok
14:40:28.0902 2812 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
14:40:28.0918 2812 R300 - ok
14:40:28.0996 2812 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:40:29.0011 2812 RasAcd - ok
14:40:29.0074 2812 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:40:29.0074 2812 Rasl2tp - ok
14:40:29.0120 2812 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:40:29.0120 2812 RasPppoe - ok
14:40:29.0167 2812 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:40:29.0214 2812 RasSstp - ok
14:40:29.0261 2812 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:40:29.0261 2812 rdbss - ok
14:40:29.0308 2812 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:40:29.0308 2812 RDPCDD - ok
14:40:29.0370 2812 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
14:40:29.0370 2812 rdpdr - ok
14:40:29.0401 2812 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:40:29.0401 2812 RDPENCDD - ok
14:40:29.0448 2812 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:40:29.0448 2812 RDPWD - ok
14:40:29.0542 2812 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:40:29.0542 2812 rimmptsk - ok
14:40:29.0620 2812 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:40:29.0620 2812 rimsptsk - ok
14:40:29.0666 2812 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:40:29.0666 2812 rismxdp - ok
14:40:29.0729 2812 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:40:29.0744 2812 rspndr - ok
14:40:29.0854 2812 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:40:29.0854 2812 sbp2port - ok
14:40:29.0994 2812 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:40:29.0994 2812 sdbus - ok
14:40:30.0088 2812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:40:30.0088 2812 secdrv - ok
14:40:30.0228 2812 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:40:30.0228 2812 Serenum - ok
14:40:30.0275 2812 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:40:30.0275 2812 Serial - ok
14:40:30.0337 2812 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:40:30.0337 2812 sermouse - ok
14:40:30.0415 2812 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:40:30.0415 2812 sffdisk - ok
14:40:30.0524 2812 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
14:40:30.0524 2812 sffp_mmc - ok
14:40:30.0556 2812 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:40:30.0556 2812 sffp_sd - ok
14:40:30.0602 2812 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:40:30.0602 2812 sfloppy - ok
14:40:30.0665 2812 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
14:40:30.0665 2812 sisagp - ok
14:40:30.0712 2812 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:40:30.0712 2812 SiSRaid2 - ok
14:40:30.0758 2812 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:40:30.0758 2812 SiSRaid4 - ok
14:40:30.0836 2812 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:40:30.0852 2812 Smb - ok
14:40:30.0930 2812 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:40:30.0930 2812 spldr - ok
14:40:31.0008 2812 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:40:31.0024 2812 srv - ok
14:40:31.0070 2812 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
14:40:31.0070 2812 srv2 - ok
14:40:31.0133 2812 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
14:40:31.0133 2812 srvnet - ok
14:40:31.0258 2812 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
14:40:31.0258 2812 STHDA - ok
14:40:31.0336 2812 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:40:31.0336 2812 swenum - ok
14:40:31.0460 2812 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:40:31.0460 2812 Symc8xx - ok
14:40:31.0523 2812 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:40:31.0538 2812 Sym_hi - ok
14:40:31.0570 2812 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:40:31.0570 2812 Sym_u3 - ok
14:40:31.0663 2812 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
14:40:31.0663 2812 SynTP - ok
14:40:31.0772 2812 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
14:40:31.0772 2812 Tcpip - ok
14:40:31.0866 2812 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
14:40:31.0866 2812 Tcpip6 - ok
14:40:31.0960 2812 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:40:31.0975 2812 tcpipreg - ok
14:40:32.0022 2812 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:40:32.0022 2812 TDPIPE - ok
14:40:32.0053 2812 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:40:32.0053 2812 TDTCP - ok
14:40:32.0116 2812 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:40:32.0116 2812 tdx - ok
14:40:32.0162 2812 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:40:32.0162 2812 TermDD - ok
14:40:32.0303 2812 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:40:32.0303 2812 tssecsrv - ok
14:40:32.0350 2812 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:40:32.0350 2812 tunmp - ok
14:40:32.0381 2812 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
14:40:32.0381 2812 tunnel - ok
14:40:32.0474 2812 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:40:32.0474 2812 uagp35 - ok
14:40:32.0537 2812 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:40:32.0552 2812 udfs - ok
14:40:32.0599 2812 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
14:40:32.0599 2812 uliagpkx - ok
14:40:32.0677 2812 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:40:32.0677 2812 uliahci - ok
14:40:32.0786 2812 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:40:32.0802 2812 UlSata - ok
14:40:32.0833 2812 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:40:32.0833 2812 ulsata2 - ok
14:40:32.0880 2812 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:40:32.0896 2812 umbus - ok
14:40:32.0942 2812 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
14:40:32.0958 2812 UMPass - ok
14:40:33.0036 2812 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
14:40:33.0036 2812 USBAAPL - ok
14:40:33.0130 2812 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
14:40:33.0145 2812 usbaudio - ok
14:40:33.0208 2812 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:40:33.0223 2812 usbccgp - ok
14:40:33.0270 2812 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:40:33.0270 2812 usbcir - ok
14:40:33.0317 2812 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:40:33.0332 2812 usbehci - ok
14:40:33.0379 2812 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:40:33.0379 2812 usbhub - ok
14:40:33.0442 2812 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:40:33.0473 2812 usbohci - ok
14:40:33.0520 2812 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:40:33.0520 2812 usbprint - ok
14:40:33.0582 2812 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:40:33.0582 2812 usbscan - ok
14:40:33.0629 2812 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:40:33.0644 2812 USBSTOR - ok
14:40:33.0691 2812 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:40:33.0691 2812 usbuhci - ok
14:40:33.0785 2812 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:40:33.0785 2812 vga - ok
14:40:33.0832 2812 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:40:33.0832 2812 VgaSave - ok
14:40:33.0863 2812 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
14:40:33.0863 2812 viaagp - ok
14:40:33.0925 2812 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:40:33.0925 2812 ViaC7 - ok
14:40:33.0956 2812 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
14:40:33.0956 2812 viaide - ok
14:40:34.0003 2812 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:40:34.0034 2812 volmgr - ok
14:40:34.0081 2812 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:40:34.0097 2812 volmgrx - ok
14:40:34.0159 2812 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:40:34.0159 2812 volsnap - ok
14:40:34.0222 2812 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:40:34.0222 2812 vsmraid - ok
14:40:34.0440 2812 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\Windows\system32\DRIVERS\VX3000.sys
14:40:34.0440 2812 VX3000 - ok
14:40:34.0502 2812 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:40:34.0502 2812 WacomPen - ok
14:40:34.0565 2812 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:40:34.0565 2812 Wanarp - ok
14:40:34.0580 2812 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:40:34.0580 2812 Wanarpv6 - ok
14:40:34.0674 2812 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:40:34.0674 2812 Wd - ok
14:40:34.0752 2812 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:40:34.0768 2812 Wdf01000 - ok
14:40:34.0892 2812 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:40:34.0892 2812 winachsf - ok
14:40:35.0002 2812 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:40:35.0017 2812 WmiAcpi - ok
14:40:35.0080 2812 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:40:35.0095 2812 WpdUsb - ok
14:40:35.0142 2812 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:40:35.0142 2812 ws2ifsl - ok
14:40:35.0204 2812 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:40:35.0220 2812 WUDFRd - ok
14:40:35.0267 2812 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
14:40:35.0267 2812 XAudio - ok
14:40:35.0298 2812 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:40:35.0314 2812 \Device\Harddisk0\DR0 - ok
14:40:35.0329 2812 Boot (0x1200) (6a8c3392732665e0bb925d3f2276ebcb) \Device\Harddisk0\DR0\Partition0
14:40:35.0329 2812 \Device\Harddisk0\DR0\Partition0 - ok
14:40:35.0329 2812 Boot (0x1200) (b151e72150e013c742c9a441a123e9e1) \Device\Harddisk0\DR0\Partition1
14:40:35.0345 2812 \Device\Harddisk0\DR0\Partition1 - ok
14:40:35.0345 2812 ============================================================
14:40:35.0345 2812 Scan finished
14:40:35.0345 2812 ============================================================
14:40:35.0345 5996 Detected object count: 0
14:40:35.0345 5996 Actual detected object count: 0

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-08 14:43:57
-----------------------------
14:43:57.892 OS Version: Windows 6.0.6001 Service Pack 1
14:43:57.892 Number of processors: 2 586 0xF0D
14:43:57.892 ComputerName: MARISSA-PC UserName: Nadolski
14:44:01.261 Initialize success
14:46:33.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:46:33.869 Disk 0 Vendor: ST916082 3.CD Size: 152627MB BusType: 3
14:46:33.901 Disk 0 MBR read successfully
14:46:33.916 Disk 0 MBR scan
14:46:33.916 Disk 0 Windows VISTA default MBR code
14:46:33.916 Disk 0 scanning sectors +312578048
14:46:34.041 Disk 0 scanning C:\Windows\system32\drivers
14:46:44.446 Service scanning
14:46:45.289 Service MpKsl1ded9e1f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C90F9C1-5ABD-4C1C-9709-E306892D4165}\MpKsl1ded9e1f.sys **LOCKED** 32
14:46:45.289 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:46:45.928 Modules scanning
14:46:57.176 Disk 0 trace - called modules:
14:46:57.207 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:46:57.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eff968]
14:46:57.223 3 CLASSPNP.SYS[885a4745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a5c030]
14:46:57.223 Scan finished successfully
14:47:12.136 Disk 0 MBR has been saved successfully to "C:\Users\Nadolski\Desktop\MBR.dat"
14:47:12.152 The log file has been saved successfully to "C:\Users\Nadolski\Desktop\aswMBR.txt"
  • 0

#4
RKinner
Posted 08 October 2011 - 03:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


If it's still being detected then:

Let's try a different anti-virus:

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast by right clicking and Run As Administrator. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
look in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt I think that's where they hide the log from the boot scan. Copy the text and paste it into a reply.

Ron
  • 0

#5
marissajune
Posted 08 October 2011 - 08:41 PM

marissajune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for all your help Ron. I ran the ESET scanner. Looks like the Trojan file is still being detected. I will try installing the Avast anti-virus next.

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

LIST OF THREATS FOUND

C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\wevtapi.dll Win32/Agent.STE trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\AppData\Local\cd2ed708\X Win32/Sirefef.DD trojan cleaned by deleting - quarantined

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5a3a0988c7d4714f8626700f64b78ac6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-09 02:19:43
# local_time=2011-10-08 10:19:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 43391349 154722213 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=245681
# found=2
# cleaned=2
# scan_time=12098
C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\wevtapi.dll Win32/Agent.STE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\AppData\Local\cd2ed708\X Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#6
RKinner
Posted 09 October 2011 - 12:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
These two:

C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\wevtapi.dll Win32/Agent.STE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10082011_130824\C_Users\Nadolski\AppData\Local\cd2ed708\X Win32/Sirefef.DD trojan (cleaned by deleting - quarantined)

Are files that OTL had already removed. Is MSSE still finding them? I think Avast is the better anti-virus so go ahead and try it.

Ron
  • 0

#7
marissajune
Posted 09 October 2011 - 10:10 AM

marissajune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ron,

MSSE wasn't detecting it. I went ahead and uninstalled MSSE and ran AVAST. It found 1 threat but it looks like something else. Unless you say otherwise, I guess that means the problem is fixed. Thanks so much for your help. You were awesome!

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

10/09/2011 07:20
Scan of all local drives

File C:\Qoobox\Quarantine\C\Program Files\SelectRebates\SelectRebatesApi.exe.vir is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Marissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WKUK8E6Q\GoogleNav[1].msp|>Toolbar_oldToToolbar_new\Binary.ToolbarInstallerExe Error 42144 {OLE archive is corrupted.}
Number of searched folders: 41349
Number of tested files: 792300
Number of infected files: 1
  • 0

#8
RKinner
Posted 09 October 2011 - 10:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.) If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP