Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Remains of Malware causing trouble, Can't solve problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 28th, 2010, 3:41 pm

Ok so I've posted everything you've asked for. I hope it isn't too hard to read, especially the MBRCheck.log, which I split into about 7 or 8 posts. My computer is still running the same and having the same problems. Good luck with analyzing all of that, and take your time. I'm in no rush :)
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm
Advertisement
Register to Remove

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby Cypher » August 29th, 2010, 6:14 am

Hi hesserman101.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Right Click on the erunt-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    apsx97jo
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes Anti-Malware (reboot)"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ZE18MW23GY"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    "C:\Users\Jon\AppData\Roaming\zzangohj.exe"=-
    
    :Files
    C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    C:\Users\Jon\AppData\Local\Temp\Tld.exe
    C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1
    C:\Program Files\BitTorrent
    C:\Users\Jon\AppData\Roaming\zzangohj.exe
    C:\Windows\Tfupaa.exe
    C:\Program Files\LimeWire
    C:\Users\Jon\AppData\Roaming\BitTorrent
    C:\Program Files\DNA
    C:\WINDOWS\system32\drivers\etc\hosts
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Download HostsXpert and unzip it to your desktop.
  • Right click on HostsXpert.exe and select " Run as administrator " to run it.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

Next.
Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 29th, 2010, 10:21 pm

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named apsx97jo was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apsx97jo deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ZE18MW23GY deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Users\Jon\AppData\Roaming\zzangohj.exe deleted successfully.
========== FILES ==========
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Users\Jon\AppData\Local\Temp\Tld.exe moved successfully.
C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1 folder moved successfully.
C:\Program Files\BitTorrent folder moved successfully.
File/Folder C:\Users\Jon\AppData\Roaming\zzangohj.exe not found.
C:\Windows\Tfupaa.exe moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\Users\Jon\AppData\Roaming\BitTorrent folder moved successfully.
C:\Program Files\DNA\plugins folder moved successfully.
C:\Program Files\DNA folder moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 30401754 bytes
->Temporary Internet Files folder emptied: 78733339 bytes
->Flash cache emptied: 3644 bytes

User: Jon
->Temp folder emptied: 407599208 bytes
->Temporary Internet Files folder emptied: 180470071 bytes
->Java cache emptied: 84106216 bytes
->FireFox cache emptied: 88539527 bytes
->Flash cache emptied: 199825 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 148642 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72757699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2091395 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1311191 bytes
RecycleBin emptied: 22646931 bytes

Total Files Cleaned = 924.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08292010_215750

Files moved on Reboot...
File C:\Users\Jon\AppData\Local\Temp\~DF14D7.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF14E3.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF163E.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF164B.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF16D8.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF16E9.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF7817.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF7823.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF7C48.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF7E72.tmp not found!
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PEDE05VS\viewtopic[1].htm moved successfully.
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RYP4T85\index[1].htm moved successfully.
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File C:\Windows\temp\mcafee_Qwsqhen5YHYge0N not found!
File C:\Windows\temp\mcafee_xPkBRaoTwMBy6jQ not found!

Registry entries deleted on Reboot...
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 29th, 2010, 10:21 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jon at 2010-08-29 22:14:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 24 GB (17%) free of 140 GB
Total RAM: 2045 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:40 PM, on 8/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jon\Desktop\RSIT.exe
C:\Program Files\trend micro\Jon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100711101147.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [secureapp70700.exe] C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Folding@HomeCPU\1\Fah.exe
O23 - Service: Folding@home-CPU-[2] - Unknown owner - C:\Folding@HomeCPU\2\Fah.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11085 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{CABDDF5B-D45B-4464-B6DE-DCAE3C3FFECF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100711101147.dll [2010-05-31 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1029416]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-12-03 36864]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [2007-07-18 775952]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"Turbine Download Manager Tray Icon"=C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-01 405504]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-22 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2010-07-09 261736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"secureapp70700.exe"=C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"iexplore.exe"="C:\windows\iexplore.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-29 21:57:50 ----D---- C:\_OTM
2010-08-29 21:53:49 ----D---- C:\Windows\ERDNT
2010-08-29 21:52:58 ----D---- C:\Program Files\ERUNT
2010-08-28 12:03:35 ----D---- C:\rsit
2010-08-27 16:17:58 ----D---- C:\MGADiagToolOutput
2010-08-23 21:42:14 ----D---- C:\Program Files\Trend Micro
2010-08-20 15:56:07 ----D---- C:\Windows\system32\WindowsPowerShell
2010-08-20 15:52:29 ----D---- C:\Program Files\Microsoft ATS
2010-08-16 12:13:39 ----D---- C:\Program Files\iPod
2010-08-11 22:45:05 ----D---- C:\ProgramData\NVIDIA Corporation
2010-08-11 22:44:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-11 22:40:51 ----A---- C:\Windows\system32\OpenCL.dll
2010-08-11 22:40:51 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-08-11 22:40:51 ----A---- C:\Windows\system32\dpinst.exe
2010-08-11 22:40:50 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-08-11 22:40:48 ----A---- C:\Windows\system32\nvoglv32.dll
2010-08-11 22:40:48 ----A---- C:\Windows\system32\nvcuvid.dll
2010-08-11 22:40:47 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-08-11 22:40:47 ----A---- C:\Windows\system32\nvcuda.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcompiler.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcod1922.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcod.dll
2010-08-11 21:41:23 ----D---- C:\Program Files\StarCraft II
2010-08-11 18:41:07 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 18:41:04 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 18:41:01 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 18:41:00 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 18:41:00 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 18:40:58 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 18:40:56 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 18:40:55 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 18:40:55 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\occache.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 18:40:53 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 18:40:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 18:40:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 18:40:44 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 18:40:41 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 18:40:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 18:40:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 18:40:20 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 18:40:16 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 18:40:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 18:40:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 16:48:32 ----D---- C:\ProgramData\Hitman Pro
2010-08-11 16:48:31 ----D---- C:\Program Files\Hitman Pro 3.5
2010-08-09 21:06:12 ----A---- C:\Windows\ntbtlog.txt
2010-08-09 20:38:11 ----SHD---- C:\Users\Jon\AppData\Roaming\My Security Shield
2010-08-09 20:29:15 ----SHD---- C:\ProgramData\MSSPES
2010-08-08 00:18:41 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-29 22:14:00 ----D---- C:\Windows\Temp
2010-08-29 22:12:56 ----D---- C:\Windows\System32
2010-08-29 22:12:56 ----D---- C:\Windows\inf
2010-08-29 22:12:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-29 22:11:54 ----D---- C:\Windows\system32\drivers\etc
2010-08-29 22:03:15 ----D---- C:\Windows
2010-08-29 21:58:07 ----RD---- C:\Program Files
2010-08-29 21:58:06 ----D---- C:\Windows\Tasks
2010-08-29 21:48:01 ----D---- C:\Windows\system32\Tasks
2010-08-28 12:15:18 ----D---- C:\Windows\system32\drivers
2010-08-27 16:08:55 ----D---- C:\ProgramData\Viewpoint
2010-08-27 16:07:52 ----SHD---- C:\Windows\Installer
2010-08-27 16:07:34 ----D---- C:\Program Files\Java
2010-08-27 16:05:31 ----SHD---- C:\System Volume Information
2010-08-27 16:02:09 ----D---- C:\Program Files\Common Files
2010-08-23 16:54:04 ----D---- C:\Windows\rescache
2010-08-23 16:37:26 ----D---- C:\Program Files\McAfee
2010-08-23 07:07:49 ----D---- C:\Windows\system32\catroot2
2010-08-20 16:18:53 ----RSD---- C:\Windows\assembly
2010-08-20 16:18:53 ----D---- C:\Windows\Microsoft.NET
2010-08-20 16:04:58 ----D---- C:\Windows\AppPatch
2010-08-20 15:56:57 ----SD---- C:\Windows\Downloaded Program Files
2010-08-20 15:56:14 ----D---- C:\Windows\winsxs
2010-08-20 15:55:56 ----D---- C:\Windows\system32\catroot
2010-08-17 23:07:34 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-16 12:14:41 ----D---- C:\Program Files\iTunes
2010-08-16 12:13:37 ----D---- C:\Program Files\Common Files\Apple
2010-08-12 09:15:17 ----D---- C:\Program Files\Common Files\Adobe
2010-08-12 09:15:12 ----D---- C:\ProgramData\Adobe
2010-08-12 09:15:05 ----D---- C:\Program Files\Adobe
2010-08-12 03:23:44 ----D---- C:\Windows\system32\migration
2010-08-12 03:23:44 ----D---- C:\Program Files\Internet Explorer
2010-08-12 03:23:43 ----D---- C:\Program Files\Movie Maker
2010-08-12 03:07:25 ----D---- C:\Program Files\Microsoft Works
2010-08-12 03:05:37 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 03:02:10 ----D---- C:\Program Files\Windows Mail
2010-08-11 23:06:00 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-11 22:53:32 ----D---- C:\ProgramData\NVIDIA
2010-08-11 22:45:40 ----D---- C:\Program Files\AGEIA Technologies
2010-08-11 22:45:05 ----HD---- C:\ProgramData
2010-08-11 22:40:37 ----D---- C:\NVIDIA
2010-08-11 22:21:23 ----D---- C:\Program Files\SystemRequirementsLab
2010-08-11 17:02:44 ----D---- C:\Users\Jon\AppData\Roaming\U3
2010-08-11 16:58:36 ----D---- C:\Windows\Prefetch
2010-08-11 16:20:54 ----AD---- C:\ProgramData\TEMP
2010-08-09 21:42:10 ----SD---- C:\Users\Jon\AppData\Roaming\Microsoft
2010-08-03 14:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-19 277784]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-05-31 385880]
R0 NIPALK;NIPALK; C:\Windows\system32\drivers\NIPALK.sys [2003-05-12 455680]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-12 717296]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R2 nidimk;nidimk; C:\Windows\system32\drivers\nidimk.dll [2003-04-23 107102]
R2 nipxirmk;nipxirmk; C:\Windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-17 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-05-31 55456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-05-31 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-05-31 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-05-31 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 niorbk;niorbk; C:\Windows\system32\drivers\niorbk.dll [2003-04-17 28254]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-09 11008040]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32; C:\Windows\system32\DRIVERS\physX32.sys [2007-09-13 120320]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 193456]
S3 avv8apqj;avv8apqj; C:\Windows\system32\drivers\avv8apqj.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-03-12 27672]
S3 LTower;LEGO USB Tower Driver; C:\Windows\System32\Drivers\LTower.sys [2004-01-22 39936]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NiViPxiK;NiViPxiK; C:\Windows\system32\drivers\NiViPxiK.sys [2003-06-24 17920]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-01 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 Folding@home-CPU-[1];Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe [2009-11-13 422400]
R2 Folding@home-CPU-[2];Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe [2009-11-13 422400]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe [2009-07-08 359952]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-14 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]
R2 nipxirmu;nipxirmu; C:\Windows\system32\nipalsm.exe [2003-05-12 20480]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-01 102400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-11-08 16680]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 29th, 2010, 10:22 pm

2010/08/29 22:15:56.0036 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/29 22:15:56.0036 ================================================================================
2010/08/29 22:15:56.0036 SystemInfo:
2010/08/29 22:15:56.0036
2010/08/29 22:15:56.0036 OS Version: 6.0.6002 ServicePack: 2.0
2010/08/29 22:15:56.0036 Product type: Workstation
2010/08/29 22:15:56.0036 ComputerName: JON-PC
2010/08/29 22:15:56.0036 UserName: Jon
2010/08/29 22:15:56.0036 Windows directory: C:\Windows
2010/08/29 22:15:56.0036 System windows directory: C:\Windows
2010/08/29 22:15:56.0036 Processor architecture: Intel x86
2010/08/29 22:15:56.0036 Number of processors: 2
2010/08/29 22:15:56.0037 Page size: 0x1000
2010/08/29 22:15:56.0037 Boot type: Normal boot
2010/08/29 22:15:56.0037 ================================================================================
2010/08/29 22:16:03.0500 Initialize success
2010/08/29 22:16:20.0551 ================================================================================
2010/08/29 22:16:20.0551 Scan started
2010/08/29 22:16:20.0551 Mode: Manual;
2010/08/29 22:16:20.0552 ================================================================================
2010/08/29 22:16:22.0011 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/08/29 22:16:22.0063 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/29 22:16:22.0093 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/29 22:16:22.0122 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/29 22:16:22.0167 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/29 22:16:22.0300 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/08/29 22:16:22.0364 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/29 22:16:22.0419 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/29 22:16:22.0475 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/29 22:16:22.0524 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/29 22:16:22.0564 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/29 22:16:22.0606 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/29 22:16:22.0637 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/29 22:16:22.0755 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/29 22:16:22.0819 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/29 22:16:22.0986 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/29 22:16:23.0029 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/08/29 22:16:23.0110 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/29 22:16:23.0169 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/29 22:16:23.0214 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/29 22:16:23.0303 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/29 22:16:23.0344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/29 22:16:23.0372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/29 22:16:23.0397 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/29 22:16:23.0423 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/29 22:16:23.0455 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/29 22:16:23.0490 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/29 22:16:23.0536 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/29 22:16:23.0601 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/29 22:16:23.0667 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/29 22:16:23.0761 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/08/29 22:16:23.0802 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/29 22:16:23.0860 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/08/29 22:16:23.0884 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/08/29 22:16:23.0913 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/29 22:16:23.0972 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/29 22:16:24.0012 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/29 22:16:24.0062 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\Windows\system32\drivers\cfwids.sys
2010/08/29 22:16:24.0117 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/29 22:16:24.0180 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/08/29 22:16:24.0274 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/29 22:16:24.0312 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/29 22:16:24.0366 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/29 22:16:24.0398 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/29 22:16:24.0421 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/29 22:16:24.0493 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/08/29 22:16:24.0586 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/08/29 22:16:24.0689 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/29 22:16:24.0735 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/29 22:16:24.0802 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/08/29 22:16:24.0843 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/29 22:16:24.0911 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/08/29 22:16:24.0972 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/29 22:16:25.0056 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2010/08/29 22:16:25.0104 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/29 22:16:25.0238 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/08/29 22:16:25.0281 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/08/29 22:16:25.0348 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/29 22:16:25.0423 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/29 22:16:25.0465 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/29 22:16:25.0532 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/29 22:16:25.0586 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/08/29 22:16:25.0704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/29 22:16:25.0740 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/29 22:16:25.0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/29 22:16:25.0874 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/29 22:16:25.0923 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/29 22:16:25.0953 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/29 22:16:25.0989 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/29 22:16:26.0026 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/29 22:16:26.0075 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/08/29 22:16:26.0124 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/29 22:16:26.0170 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/29 22:16:26.0223 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2010/08/29 22:16:26.0257 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/29 22:16:26.0305 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/29 22:16:26.0381 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/29 22:16:26.0408 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/29 22:16:26.0473 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/29 22:16:26.0537 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/29 22:16:26.0567 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/29 22:16:26.0639 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/29 22:16:26.0670 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/29 22:16:26.0726 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/29 22:16:26.0789 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/29 22:16:26.0832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/29 22:16:26.0851 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/29 22:16:26.0897 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/29 22:16:26.0947 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/29 22:16:27.0072 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/29 22:16:27.0136 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/29 22:16:27.0163 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/29 22:16:27.0199 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/29 22:16:27.0261 LTower (cb02c9626546fb1414795c6999d35a3f) C:\Windows\system32\Drivers\LTower.sys
2010/08/29 22:16:27.0320 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/29 22:16:27.0483 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/29 22:16:27.0518 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/29 22:16:27.0553 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\Windows\system32\drivers\mfeapfk.sys
2010/08/29 22:16:27.0611 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\Windows\system32\drivers\mfeavfk.sys
2010/08/29 22:16:27.0739 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\Windows\system32\drivers\mfebopk.sys
2010/08/29 22:16:27.0972 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\Windows\system32\drivers\mfefirek.sys
2010/08/29 22:16:28.0112 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\Windows\system32\drivers\mfehidk.sys
2010/08/29 22:16:28.0163 mfenlfk (738ea065c00112c46a64ecf7f6d81902) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/08/29 22:16:28.0202 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\Windows\system32\drivers\mferkdet.sys
2010/08/29 22:16:28.0245 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
2010/08/29 22:16:28.0316 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2010/08/29 22:16:28.0383 mfewfpk (53ed75f57e87831d3651ff32cb3d5648) C:\Windows\system32\drivers\mfewfpk.sys
2010/08/29 22:16:28.0446 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/29 22:16:28.0465 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/29 22:16:28.0514 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/29 22:16:28.0565 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/29 22:16:28.0606 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/29 22:16:28.0657 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
2010/08/29 22:16:28.0733 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/29 22:16:28.0763 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/29 22:16:28.0830 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/29 22:16:28.0866 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/29 22:16:28.0914 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/29 22:16:28.0947 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/29 22:16:28.0966 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/29 22:16:29.0014 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/29 22:16:29.0059 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/29 22:16:29.0108 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/29 22:16:29.0157 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/29 22:16:29.0212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/29 22:16:29.0241 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/29 22:16:29.0292 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/29 22:16:29.0336 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/08/29 22:16:29.0375 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/29 22:16:29.0423 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/29 22:16:29.0480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/08/29 22:16:29.0527 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/29 22:16:29.0590 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/08/29 22:16:29.0631 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/29 22:16:29.0662 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/29 22:16:29.0710 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/29 22:16:29.0738 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/29 22:16:29.0781 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/29 22:16:29.0814 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/29 22:16:29.0951 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/08/29 22:16:30.0021 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/29 22:16:30.0109 nidimk (be4af05c8d9176a65b2854e7a1da752b) C:\Windows\system32\drivers\nidimk.dll
2010/08/29 22:16:30.0155 niorbk (79b4624620cce9cc8decbf5ed7898f2c) C:\Windows\system32\drivers\niorbk.dll
2010/08/29 22:16:30.0196 NIPALK (dda074ee53c37dc5b54e1ba2b414f10a) C:\Windows\system32\drivers\NIPALK.sys
2010/08/29 22:16:30.0266 nipxirmk (e58b22c89cc8d3c7a511f03148a1eab9) C:\Windows\system32\drivers\nipxirmk.dll
2010/08/29 22:16:30.0324 NiViPxiK (bf2e68c70db20888a3d58bfe6a7644e3) C:\Windows\system32\drivers\NiViPxiK.sys
2010/08/29 22:16:30.0419 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/08/29 22:16:30.0463 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/29 22:16:30.0537 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/08/29 22:16:30.0642 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/29 22:16:30.0695 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/08/29 22:16:30.0740 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/29 22:16:31.0179 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/29 22:16:31.0596 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/29 22:16:31.0641 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/29 22:16:31.0706 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/29 22:16:31.0812 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/08/29 22:16:31.0834 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/08/29 22:16:31.0905 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/29 22:16:31.0996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/29 22:16:32.0046 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/08/29 22:16:32.0123 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/29 22:16:32.0197 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/08/29 22:16:32.0251 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/08/29 22:16:32.0297 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/29 22:16:32.0382 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/29 22:16:32.0525 physX32 (4e34a8bdab879ce6a2b5f88b98ebf451) C:\Windows\system32\DRIVERS\physX32.sys
2010/08/29 22:16:32.0625 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/29 22:16:32.0696 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/29 22:16:32.0774 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/29 22:16:32.0847 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/29 22:16:32.0934 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/29 22:16:33.0055 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/29 22:16:33.0103 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/29 22:16:33.0219 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/29 22:16:33.0283 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/29 22:16:33.0349 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/29 22:16:33.0402 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/29 22:16:33.0436 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/29 22:16:33.0493 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/29 22:16:33.0539 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/29 22:16:33.0595 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/29 22:16:33.0633 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/29 22:16:33.0718 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/08/29 22:16:33.0836 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/29 22:16:33.0880 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/29 22:16:33.0902 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/29 22:16:33.0942 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/29 22:16:34.0018 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/29 22:16:34.0091 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/29 22:16:34.0157 SCDEmu (23aa53256ce05b975398b78a33474265) C:\Windows\system32\drivers\SCDEmu.sys
2010/08/29 22:16:34.0287 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/29 22:16:34.0357 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/29 22:16:34.0406 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/29 22:16:34.0452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/29 22:16:34.0485 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/29 22:16:34.0573 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/29 22:16:34.0606 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/29 22:16:34.0670 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/29 22:16:34.0713 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/29 22:16:34.0794 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/29 22:16:34.0847 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/29 22:16:34.0901 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/29 22:16:34.0977 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/08/29 22:16:35.0069 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/29 22:16:35.0153 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/08/29 22:16:35.0154 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/08/29 22:16:35.0165 sptd - detected Locked file (1)
2010/08/29 22:16:35.0252 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/08/29 22:16:35.0301 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/29 22:16:35.0362 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/29 22:16:35.0457 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/08/29 22:16:35.0571 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/29 22:16:35.0633 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/29 22:16:35.0681 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/29 22:16:35.0732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/29 22:16:35.0824 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/29 22:16:35.0988 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/08/29 22:16:36.0064 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/29 22:16:36.0119 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/29 22:16:36.0180 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/29 22:16:36.0241 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/29 22:16:36.0291 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/29 22:16:36.0354 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/29 22:16:36.0473 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/29 22:16:36.0516 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/29 22:16:36.0565 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/29 22:16:36.0630 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/29 22:16:36.0708 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/29 22:16:36.0798 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/29 22:16:36.0844 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/29 22:16:36.0914 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/29 22:16:36.0980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/29 22:16:37.0068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/29 22:16:37.0129 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/29 22:16:37.0271 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/29 22:16:37.0341 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/29 22:16:37.0393 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/29 22:16:37.0491 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/29 22:16:37.0567 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/29 22:16:37.0645 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/29 22:16:37.0707 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/08/29 22:16:37.0771 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/29 22:16:37.0835 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/29 22:16:37.0942 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/29 22:16:38.0004 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/29 22:16:38.0063 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/29 22:16:38.0125 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/29 22:16:38.0157 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/29 22:16:38.0195 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/29 22:16:38.0249 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/08/29 22:16:38.0303 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/08/29 22:16:38.0367 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/29 22:16:38.0456 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/29 22:16:38.0505 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/29 22:16:38.0563 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/29 22:16:38.0659 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/29 22:16:38.0730 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/29 22:16:38.0932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/29 22:16:39.0026 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/29 22:16:39.0095 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/29 22:16:39.0195 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/08/29 22:16:39.0315 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/29 22:16:39.0406 ================================================================================
2010/08/29 22:16:39.0406 Scan finished
2010/08/29 22:16:39.0406 ================================================================================
2010/08/29 22:16:39.0415 Detected object count: 1
2010/08/29 22:17:12.0850 Locked file(sptd) - User select action: Skip
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 29th, 2010, 10:24 pm

Ok I split the three things you wanted into three seperate posts. And as an update, it seems as though the problem I've been having has gone away. I've only tested the site a few times, and I no longer recieve pop-ups. Its possible its just coincidence, but I think we may have solved the problem, or at least are on the right track :).
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby Cypher » August 30th, 2010, 5:28 am

Hi hesserman101.
it seems as though the problem I've been having has gone away.

Please stay with me we still have work to do.

Re-run OTM
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    avv8apqj
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "secureapp70700.exe"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "iexplore.exe"=-
    
    :Files
    C:\Windows\system32\drivers\avv8apqj.sys
    C:\windows\iexplore.exe
    C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe and select " Run as administrator " to run it, follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next right click on TDSSKiller.exe and select " Run as administrator " to run it
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.


Logs/Information to Post in your Next Reply

  • OTM log.
  • Malwarebytes log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 30th, 2010, 5:26 pm

Ok so I have a few questions before I post the next few requests. After I ran the tdsskiller.exe, and selected to cure(delete in my version) then reboot, the computer immediately blue-screened, and then rebooted. As it was rebooting it tried to fix what went wrong, and then put me back at the normal login page. When I logged back in, all the files we had previously put on the desktop were gone. I can no longer locate the Malwarebytes log or the RSIT log.txt. I hope I didn't mess up somewhere along the instructions?

Edit: I've also n oticed that the problems I was having before are back.
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby Cypher » August 31st, 2010, 6:00 am

Hi hesserman101
When I logged back in, all the files we had previously put on the desktop were gone. I can no longer locate the Malwarebytes log or the RSIT log.txt. I hope I didn't mess up somewhere along the instructions?

Run RSIT again and post a new log please.
See if you can find the last Malwarebytes log, launch Malwarebytes and click on logs.
If MBAM ran successfully the log should be there post it in you're next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 31st, 2010, 7:20 am

The programs Malwarebytes and RSIT are no longer on my computer. That last step removed every item we had been working with. Would you like me to re-download those programs and get the logs again?
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby Cypher » August 31st, 2010, 7:52 am

Yes download MBAM then run it again, then download and run RSIT again and post both logs.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 31st, 2010, 5:26 pm

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named avv8apqj was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avv8apqj deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\secureapp70700.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\iexplore.exe deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\drivers\avv8apqj.sys not found.
File/Folder C:\windows\iexplore.exe not found.
File/Folder C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon
->Temp folder emptied: 1853150 bytes
->Temporary Internet Files folder emptied: 48009290 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 937 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 65988 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08302010_162322

Files moved on Reboot...
File C:\Users\Jon\AppData\Local\Temp\~DF8D6D.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF8D7A.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF8E63.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF8E6F.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF91D9.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF91EC.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF922A.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF9244.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF93E8.tmp not found!
File C:\Users\Jon\AppData\Local\Temp\~DF94A6.tmp not found!
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LLODMUYB\viewtopic[1].php moved successfully.
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


2010/08/30 17:02:08.0569 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/30 17:02:08.0569 ================================================================================
2010/08/30 17:02:08.0569 SystemInfo:
2010/08/30 17:02:08.0569
2010/08/30 17:02:08.0569 OS Version: 6.0.6002 ServicePack: 2.0
2010/08/30 17:02:08.0569 Product type: Workstation
2010/08/30 17:02:08.0569 ComputerName: JON-PC
2010/08/30 17:02:08.0570 UserName: Jon
2010/08/30 17:02:08.0570 Windows directory: C:\Windows
2010/08/30 17:02:08.0570 System windows directory: C:\Windows
2010/08/30 17:02:08.0570 Processor architecture: Intel x86
2010/08/30 17:02:08.0570 Number of processors: 2
2010/08/30 17:02:08.0570 Page size: 0x1000
2010/08/30 17:02:08.0570 Boot type: Normal boot
2010/08/30 17:02:08.0570 ================================================================================
2010/08/30 17:02:13.0710 Initialize success
2010/08/30 17:02:27.0812 ================================================================================
2010/08/30 17:02:27.0812 Scan started
2010/08/30 17:02:27.0812 Mode: Manual;
2010/08/30 17:02:27.0812 ================================================================================
2010/08/30 17:02:28.0628 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/08/30 17:02:29.0050 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/30 17:02:29.0596 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/30 17:02:30.0026 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/30 17:02:30.0087 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/30 17:02:30.0254 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/08/30 17:02:30.0392 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/30 17:02:30.0630 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/30 17:02:30.0720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/30 17:02:30.0777 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/30 17:02:30.0850 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/30 17:02:30.0935 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/30 17:02:30.0965 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/30 17:02:31.0083 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/30 17:02:31.0197 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/30 17:02:31.0555 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/30 17:02:31.0657 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/08/30 17:02:31.0846 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/30 17:02:32.0205 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/30 17:02:32.0499 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/30 17:02:32.0606 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/30 17:02:32.0655 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/30 17:02:32.0683 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/30 17:02:32.0766 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/30 17:02:32.0826 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/30 17:02:32.0865 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/30 17:02:32.0909 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/30 17:02:32.0980 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/30 17:02:33.0037 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/30 17:02:33.0086 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/30 17:02:33.0230 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/08/30 17:02:33.0596 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/30 17:02:33.0745 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/08/30 17:02:33.0811 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/08/30 17:02:33.0882 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/30 17:02:33.0949 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/30 17:02:34.0014 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/30 17:02:34.0089 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\Windows\system32\drivers\cfwids.sys
2010/08/30 17:02:34.0144 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/30 17:02:34.0224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/08/30 17:02:34.0384 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/30 17:02:34.0456 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/30 17:02:34.0526 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/30 17:02:34.0568 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/30 17:02:34.0606 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/30 17:02:34.0927 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/08/30 17:02:35.0151 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/08/30 17:02:35.0474 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/30 17:02:35.0670 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/30 17:02:35.0795 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/08/30 17:02:35.0837 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/30 17:02:35.0905 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/08/30 17:02:35.0981 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/30 17:02:36.0065 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2010/08/30 17:02:36.0106 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/30 17:02:36.0206 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/08/30 17:02:36.0307 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/08/30 17:02:36.0408 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/30 17:02:36.0483 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/30 17:02:36.0509 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/30 17:02:36.0616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/30 17:02:36.0912 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/08/30 17:02:37.0272 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/30 17:02:37.0391 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/30 17:02:37.0459 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/30 17:02:37.0600 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/30 17:02:37.0649 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/30 17:02:37.0704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/30 17:02:37.0757 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/30 17:02:37.0814 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/30 17:02:37.0966 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/08/30 17:02:38.0475 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/30 17:02:38.0779 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/30 17:02:38.0865 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2010/08/30 17:02:39.0066 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/30 17:02:39.0155 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/30 17:02:39.0282 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/30 17:02:39.0425 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/30 17:02:39.0515 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/30 17:02:39.0679 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/30 17:02:39.0717 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/30 17:02:39.0806 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/30 17:02:39.0862 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/30 17:02:39.0935 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/30 17:02:40.0055 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/30 17:02:40.0157 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/30 17:02:40.0198 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/30 17:02:40.0281 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/30 17:02:40.0681 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/30 17:02:41.0230 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/30 17:02:41.0685 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/30 17:02:42.0153 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/30 17:02:42.0331 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/30 17:02:42.0676 LTower (cb02c9626546fb1414795c6999d35a3f) C:\Windows\system32\Drivers\LTower.sys
2010/08/30 17:02:42.0977 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/30 17:02:43.0440 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/30 17:02:43.0683 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/30 17:02:43.0893 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\Windows\system32\drivers\mfeapfk.sys
2010/08/30 17:02:44.0060 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\Windows\system32\drivers\mfeavfk.sys
2010/08/30 17:02:44.0646 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\Windows\system32\drivers\mfebopk.sys
2010/08/30 17:02:44.0835 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\Windows\system32\drivers\mfefirek.sys
2010/08/30 17:02:45.0177 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\Windows\system32\drivers\mfehidk.sys
2010/08/30 17:02:45.0296 mfenlfk (738ea065c00112c46a64ecf7f6d81902) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/08/30 17:02:45.0533 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\Windows\system32\drivers\mferkdet.sys
2010/08/30 17:02:45.0651 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
2010/08/30 17:02:45.0684 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2010/08/30 17:02:45.0748 mfewfpk (53ed75f57e87831d3651ff32cb3d5648) C:\Windows\system32\drivers\mfewfpk.sys
2010/08/30 17:02:45.0977 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/30 17:02:46.0138 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/30 17:02:46.0453 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/30 17:02:46.0587 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/30 17:02:46.0670 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/30 17:02:46.0738 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
2010/08/30 17:02:46.0814 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/30 17:02:47.0227 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/30 17:02:47.0410 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/30 17:02:47.0547 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/30 17:02:47.0661 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/30 17:02:47.0694 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/30 17:02:47.0713 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/30 17:02:47.0752 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/30 17:02:47.0797 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/30 17:02:47.0980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/30 17:02:48.0137 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/30 17:02:48.0233 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/30 17:02:48.0263 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/30 17:02:48.0314 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/30 17:02:48.0417 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/08/30 17:02:48.0688 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/30 17:02:49.0220 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/30 17:02:49.0284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/08/30 17:02:49.0332 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/30 17:02:49.0517 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/08/30 17:02:49.0794 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/30 17:02:50.0034 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/30 17:02:50.0131 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/30 17:02:50.0167 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/30 17:02:50.0235 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/30 17:02:50.0385 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/30 17:02:51.0372 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/08/30 17:02:51.0725 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/30 17:02:52.0096 nidimk (be4af05c8d9176a65b2854e7a1da752b) C:\Windows\system32\drivers\nidimk.dll
2010/08/30 17:02:52.0683 niorbk (79b4624620cce9cc8decbf5ed7898f2c) C:\Windows\system32\drivers\niorbk.dll
2010/08/30 17:02:53.0315 NIPALK (dda074ee53c37dc5b54e1ba2b414f10a) C:\Windows\system32\drivers\NIPALK.sys
2010/08/30 17:02:53.0719 nipxirmk (e58b22c89cc8d3c7a511f03148a1eab9) C:\Windows\system32\drivers\nipxirmk.dll
2010/08/30 17:02:54.0035 NiViPxiK (bf2e68c70db20888a3d58bfe6a7644e3) C:\Windows\system32\drivers\NiViPxiK.sys
2010/08/30 17:02:54.0172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/08/30 17:02:54.0407 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/30 17:02:54.0673 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/08/30 17:02:54.0777 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/30 17:02:54.0864 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/08/30 17:02:54.0918 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/30 17:02:57.0767 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/30 17:02:58.0614 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/30 17:02:58.0924 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/30 17:02:59.0290 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/30 17:03:00.0178 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/08/30 17:03:00.0669 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/08/30 17:03:00.0805 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/30 17:03:01.0212 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/30 17:03:01.0412 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/08/30 17:03:01.0472 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/30 17:03:01.0572 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/08/30 17:03:01.0692 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/08/30 17:03:01.0771 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/30 17:03:02.0091 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/30 17:03:02.0524 physX32 (4e34a8bdab879ce6a2b5f88b98ebf451) C:\Windows\system32\DRIVERS\physX32.sys
2010/08/30 17:03:02.0874 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/30 17:03:03.0153 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/30 17:03:03.0272 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/30 17:03:03.0728 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/30 17:03:04.0266 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/30 17:03:04.0719 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/30 17:03:04.0837 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/30 17:03:05.0533 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/30 17:03:06.0022 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/30 17:03:06.0404 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/30 17:03:06.0674 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/30 17:03:06.0725 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/30 17:03:06.0865 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/30 17:03:07.0027 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/30 17:03:07.0158 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/30 17:03:07.0199 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/30 17:03:07.0289 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/08/30 17:03:07.0600 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/30 17:03:07.0751 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/30 17:03:07.0882 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/30 17:03:07.0957 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/30 17:03:08.0331 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/30 17:03:08.0404 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/30 17:03:08.0478 SCDEmu (23aa53256ce05b975398b78a33474265) C:\Windows\system32\drivers\SCDEmu.sys
2010/08/30 17:03:08.0609 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/30 17:03:08.0737 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/30 17:03:08.0794 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/30 17:03:08.0848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/30 17:03:08.0881 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/30 17:03:08.0944 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/30 17:03:08.0977 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/30 17:03:09.0017 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/30 17:03:09.0086 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/30 17:03:09.0132 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/30 17:03:09.0176 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/30 17:03:09.0205 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/30 17:03:09.0457 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/08/30 17:03:09.0706 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/30 17:03:10.0008 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/08/30 17:03:10.0008 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/08/30 17:03:10.0014 sptd - detected Locked file (1)
2010/08/30 17:03:10.0189 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/08/30 17:03:10.0638 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/30 17:03:10.0791 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/30 17:03:10.0945 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/08/30 17:03:11.0041 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/30 17:03:11.0095 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/30 17:03:11.0143 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/30 17:03:11.0245 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/30 17:03:11.0301 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/30 17:03:11.0692 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/08/30 17:03:12.0409 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/30 17:03:12.0747 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/30 17:03:12.0966 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/30 17:03:13.0078 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/30 17:03:13.0402 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/30 17:03:13.0740 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/30 17:03:14.0442 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/30 17:03:14.0735 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/30 17:03:15.0275 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/30 17:03:15.0407 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/30 17:03:15.0544 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/30 17:03:15.0700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/30 17:03:15.0921 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/30 17:03:16.0299 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/30 17:03:16.0440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/30 17:03:16.0495 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/30 17:03:16.0548 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/30 17:03:16.0623 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/30 17:03:16.0684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/30 17:03:16.0745 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/30 17:03:16.0809 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/30 17:03:16.0985 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/30 17:03:17.0388 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/30 17:03:17.0708 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/08/30 17:03:18.0047 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/30 17:03:18.0207 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/30 17:03:18.0476 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/30 17:03:18.0605 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/30 17:03:18.0689 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/30 17:03:18.0859 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/30 17:03:19.0033 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/30 17:03:19.0097 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/30 17:03:19.0325 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/08/30 17:03:19.0487 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/08/30 17:03:19.0604 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/30 17:03:19.0732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/30 17:03:19.0772 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/30 17:03:19.0821 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/30 17:03:20.0359 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/30 17:03:20.0730 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/30 17:03:21.0481 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/30 17:03:21.0734 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/30 17:03:21.0820 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/30 17:03:22.0028 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/08/30 17:03:22.0481 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/30 17:03:22.0589 ================================================================================
2010/08/30 17:03:22.0589 Scan finished
2010/08/30 17:03:22.0589 ================================================================================
2010/08/30 17:03:22.0601 Detected object count: 1
2010/08/30 17:07:35.0397 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/08/30 17:07:35.0415 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2010/08/30 17:07:35.0463 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2010/08/30 17:07:35.0463 Locked file(sptd) - User select action: Delete



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4517

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/31/2010 4:53:42 PM
mbam-log-2010-08-31 (16-53-42).txt

Scan type: Quick scan
Objects scanned: 154905
Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
C:\Users\Jon\AppData\Local\Temp\Tld.exe (Trojan.Agent.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Jon\AppData\Roaming\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Jon\AppData\Local\Temp\Tld.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Jon\AppData\Local\Temp\Tlb.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Jon\AppData\Local\Temp\Tlc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Jon\AppData\Local\Temp\Tle.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\Tfupaa.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Jon\AppData\Roaming\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



Logfile of random's system information tool 1.08 (written by random/random)
Run by Jon at 2010-08-31 17:01:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 23 GB (17%) free of 140 GB
Total RAM: 2045 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:23 PM, on 8/31/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jon\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Jon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.55.176.156 www.google.com
O1 - Hosts: 74.55.176.156 google.com
O1 - Hosts: 74.55.176.156 google.com.au
O1 - Hosts: 74.55.176.156 www.google.com.au
O1 - Hosts: 74.55.176.156 google.be
O1 - Hosts: 74.55.176.156 www.google.be
O1 - Hosts: 74.55.176.156 google.com.br
O1 - Hosts: 74.55.176.156 www.google.com.br
O1 - Hosts: 74.55.176.156 google.ca
O1 - Hosts: 74.55.176.156 www.google.ca
O1 - Hosts: 74.55.176.156 google.ch
O1 - Hosts: 74.55.176.156 www.google.ch
O1 - Hosts: 74.55.176.156 google.de
O1 - Hosts: 74.55.176.156 www.google.de
O1 - Hosts: 74.55.176.156 google.dk
O1 - Hosts: 74.55.176.156 www.google.dk
O1 - Hosts: 74.55.176.156 google.fr
O1 - Hosts: 74.55.176.156 www.google.fr
O1 - Hosts: 74.55.176.156 google.ie
O1 - Hosts: 74.55.176.156 www.google.ie
O1 - Hosts: 74.55.176.156 google.it
O1 - Hosts: 74.55.176.156 www.google.it
O1 - Hosts: 74.55.176.156 google.co.jp
O1 - Hosts: 74.55.176.156 www.google.co.jp
O1 - Hosts: 74.55.176.156 google.nl
O1 - Hosts: 74.55.176.156 www.google.nl
O1 - Hosts: 74.55.176.156 google.no
O1 - Hosts: 74.55.176.156 www.google.no
O1 - Hosts: 74.55.176.156 google.co.nz
O1 - Hosts: 74.55.176.156 www.google.co.nz
O1 - Hosts: 74.55.176.156 google.pl
O1 - Hosts: 74.55.176.156 www.google.pl
O1 - Hosts: 74.55.176.156 google.se
O1 - Hosts: 74.55.176.156 www.google.se
O1 - Hosts: 74.55.176.156 google.co.uk
O1 - Hosts: 74.55.176.156 www.google.co.uk
O1 - Hosts: 74.55.176.156 google.co.za
O1 - Hosts: 74.55.176.156 www.google.co.za
O1 - Hosts: 74.55.176.156 www.google-analytics.com
O1 - Hosts: 74.55.176.156 www.bing.com
O1 - Hosts: 74.55.176.156 search.yahoo.com
O1 - Hosts: 74.55.176.156 www.search.yahoo.com
O1 - Hosts: 74.55.176.156 uk.search.yahoo.com
O1 - Hosts: 74.55.176.156 ca.search.yahoo.com
O1 - Hosts: 74.55.176.156 de.search.yahoo.com
O1 - Hosts: 74.55.176.156 fr.search.yahoo.com
O1 - Hosts: 74.55.176.156 au.search.yahoo.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.55.176.156 www.google.com
O1 - Hosts: 74.55.176.156 google.com
O1 - Hosts: 74.55.176.156 google.com.au
O1 - Hosts: 74.55.176.156 www.google.com.au
O1 - Hosts: 74.55.176.156 google.be
O1 - Hosts: 74.55.176.156 www.google.be
O1 - Hosts: 74.55.176.156 google.com.br
O1 - Hosts: 74.55.176.156 www.google.com.br
O1 - Hosts: 74.55.176.156 google.ca
O1 - Hosts: 74.55.176.156 www.google.ca
O1 - Hosts: 74.55.176.156 google.ch
O1 - Hosts: 74.55.176.156 www.google.ch
O1 - Hosts: 74.55.176.156 google.de
O1 - Hosts: 74.55.176.156 www.google.de
O1 - Hosts: 74.55.176.156 google.dk
O1 - Hosts: 74.55.176.156 www.google.dk
O1 - Hosts: 74.55.176.156 google.fr
O1 - Hosts: 74.55.176.156 www.google.fr
O1 - Hosts: 74.55.176.156 google.ie
O1 - Hosts: 74.55.176.156 www.google.ie
O1 - Hosts: 74.55.176.156 google.it
O1 - Hosts: 74.55.176.156 www.google.it
O1 - Hosts: 74.55.176.156 google.co.jp
O1 - Hosts: 74.55.176.156 www.google.co.jp
O1 - Hosts: 74.55.176.156 google.nl
O1 - Hosts: 74.55.176.156 www.google.nl
O1 - Hosts: 74.55.176.156 google.no
O1 - Hosts: 74.55.176.156 www.google.no
O1 - Hosts: 74.55.176.156 google.co.nz
O1 - Hosts: 74.55.176.156 www.google.co.nz
O1 - Hosts: 74.55.176.156 google.pl
O1 - Hosts: 74.55.176.156 www.google.pl
O1 - Hosts: 74.55.176.156 google.se
O1 - Hosts: 74.55.176.156 www.google.se
O1 - Hosts: 74.55.176.156 google.co.uk
O1 - Hosts: 74.55.176.156 www.google.co.uk
O1 - Hosts: 74.55.176.156 google.co.za
O1 - Hosts: 74.55.176.156 www.google.co.za
O1 - Hosts: 74.55.176.156 www.google-analytics.com
O1 - Hosts: 74.55.176.156 www.bing.com
O1 - Hosts: 74.55.176.156 search.yahoo.com
O1 - Hosts: 74.55.176.156 www.search.yahoo.com
O1 - Hosts: 74.55.176.156 uk.search.yahoo.com
O1 - Hosts: 74.55.176.156 ca.search.yahoo.com
O1 - Hosts: 74.55.176.156 de.search.yahoo.com
O1 - Hosts: 74.55.176.156 fr.search.yahoo.com
O1 - Hosts: 74.55.176.156 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100711101147.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [secureapp70700.exe] C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Folding@HomeCPU\1\Fah.exe
O23 - Service: Folding@home-CPU-[2] - Unknown owner - C:\Folding@HomeCPU\2\Fah.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 16717 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{CABDDF5B-D45B-4464-B6DE-DCAE3C3FFECF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100711101147.dll [2010-05-31 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-08-04 228256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1029416]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-12-03 36864]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [2007-07-18 775952]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"Turbine Download Manager Tray Icon"=C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-01 405504]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-22 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2010-07-09 261736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"secureapp70700.exe"=C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Users\Jon\AppData\Roaming\zzangohj.exe"="C:\Users\Jon\AppData\Roaming\zzangohj.exe:*:Enabled:4fjhjkdjgkg"
"iexplore.exe"="C:\windows\iexplore.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-31 16:39:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-31 16:39:04 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-30 17:02:08 ----A---- C:\TDSSKiller.2.4.1.3_30.08.2010_17.02.08_log.txt
2010-08-30 16:35:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-29 21:57:50 ----D---- C:\_OTM
2010-08-29 21:52:58 ----D---- C:\Program Files\ERUNT
2010-08-28 12:03:35 ----D---- C:\rsit
2010-08-27 16:17:58 ----D---- C:\MGADiagToolOutput
2010-08-23 21:42:14 ----D---- C:\Program Files\Trend Micro
2010-08-20 15:56:07 ----D---- C:\Windows\system32\WindowsPowerShell
2010-08-20 15:52:29 ----D---- C:\Program Files\Microsoft ATS
2010-08-16 12:13:39 ----D---- C:\Program Files\iPod
2010-08-11 22:45:05 ----D---- C:\ProgramData\NVIDIA Corporation
2010-08-11 22:44:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-11 22:40:51 ----A---- C:\Windows\system32\OpenCL.dll
2010-08-11 22:40:51 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-08-11 22:40:51 ----A---- C:\Windows\system32\dpinst.exe
2010-08-11 22:40:50 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-08-11 22:40:48 ----A---- C:\Windows\system32\nvoglv32.dll
2010-08-11 22:40:48 ----A---- C:\Windows\system32\nvcuvid.dll
2010-08-11 22:40:47 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-08-11 22:40:47 ----A---- C:\Windows\system32\nvcuda.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcompiler.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcod1922.dll
2010-08-11 22:40:45 ----A---- C:\Windows\system32\nvcod.dll
2010-08-11 21:41:23 ----D---- C:\Program Files\StarCraft II
2010-08-11 18:41:07 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 18:41:04 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 18:41:01 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 18:41:00 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 18:41:00 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 18:40:58 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 18:40:57 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 18:40:56 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 18:40:55 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 18:40:55 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\occache.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 18:40:54 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 18:40:53 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 18:40:53 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 18:40:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 18:40:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 18:40:44 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 18:40:41 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 18:40:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 18:40:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 18:40:20 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 18:40:16 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 18:40:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 18:40:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 16:48:32 ----D---- C:\ProgramData\Hitman Pro
2010-08-11 16:48:31 ----D---- C:\Program Files\Hitman Pro 3.5
2010-08-09 21:06:12 ----A---- C:\Windows\ntbtlog.txt
2010-08-09 20:29:15 ----SHD---- C:\ProgramData\MSSPES
2010-08-09 20:26:46 ----D---- C:\Users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1
2010-08-08 00:18:41 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-31 17:02:21 ----D---- C:\Windows\Temp
2010-08-31 16:56:58 ----D---- C:\Program Files\McAfee
2010-08-31 16:56:32 ----D---- C:\Windows\system32\drivers
2010-08-31 16:53:56 ----D---- C:\Windows\Setup
2010-08-31 16:53:41 ----D---- C:\Windows\Tasks
2010-08-31 16:53:41 ----D---- C:\Windows
2010-08-31 16:18:41 ----D---- C:\Windows\system32\Tasks
2010-08-30 21:12:24 ----D---- C:\Windows\system32\config
2010-08-30 21:12:16 ----SHD---- C:\Windows\Installer
2010-08-30 21:12:16 ----D---- C:\Windows\system32\spool
2010-08-30 21:12:16 ----D---- C:\Windows\system32\Msdtc
2010-08-30 21:12:16 ----D---- C:\Windows\system32\drivers\etc
2010-08-30 21:12:16 ----D---- C:\Windows\system32\CodeIntegrity
2010-08-30 21:12:16 ----D---- C:\Windows\system32\catroot2
2010-08-30 21:12:16 ----D---- C:\Users\Jon\AppData\Roaming\BitTorrent
2010-08-30 21:12:09 ----D---- C:\Program Files\DNA
2010-08-30 21:12:09 ----D---- C:\Program Files\BitTorrent
2010-08-30 21:12:08 ----D---- C:\Windows\system32\wbem
2010-08-30 21:12:08 ----D---- C:\Windows\registration
2010-08-30 21:11:24 ----D---- C:\Program Files\Viewpoint
2010-08-30 21:11:24 ----D---- C:\Program Files\LimeWire
2010-08-30 17:20:21 ----D---- C:\Windows\System32
2010-08-30 17:20:21 ----D---- C:\Windows\inf
2010-08-30 17:20:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-30 17:13:42 ----D---- C:\Windows\Minidump
2010-08-30 16:49:32 ----D---- C:\Windows\DigitalLocker
2010-08-30 16:35:19 ----RD---- C:\Program Files
2010-08-27 16:08:55 ----D---- C:\ProgramData\Viewpoint
2010-08-27 16:07:34 ----D---- C:\Program Files\Java
2010-08-27 16:05:31 ----SHD---- C:\System Volume Information
2010-08-27 16:02:09 ----D---- C:\Program Files\Common Files
2010-08-23 16:54:04 ----D---- C:\Windows\rescache
2010-08-20 16:18:53 ----RSD---- C:\Windows\assembly
2010-08-20 16:18:53 ----D---- C:\Windows\Microsoft.NET
2010-08-20 16:04:58 ----D---- C:\Windows\AppPatch
2010-08-20 15:56:57 ----SD---- C:\Windows\Downloaded Program Files
2010-08-20 15:56:14 ----D---- C:\Windows\winsxs
2010-08-20 15:55:56 ----D---- C:\Windows\system32\catroot
2010-08-17 23:07:34 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-16 12:14:41 ----D---- C:\Program Files\iTunes
2010-08-16 12:13:37 ----D---- C:\Program Files\Common Files\Apple
2010-08-12 09:15:17 ----D---- C:\Program Files\Common Files\Adobe
2010-08-12 09:15:12 ----D---- C:\ProgramData\Adobe
2010-08-12 09:15:05 ----D---- C:\Program Files\Adobe
2010-08-12 03:23:44 ----D---- C:\Windows\system32\migration
2010-08-12 03:23:44 ----D---- C:\Program Files\Internet Explorer
2010-08-12 03:23:43 ----D---- C:\Program Files\Movie Maker
2010-08-12 03:07:25 ----D---- C:\Program Files\Microsoft Works
2010-08-12 03:05:37 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 03:02:10 ----D---- C:\Program Files\Windows Mail
2010-08-11 23:06:00 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-11 22:53:32 ----D---- C:\ProgramData\NVIDIA
2010-08-11 22:45:40 ----D---- C:\Program Files\AGEIA Technologies
2010-08-11 22:45:05 ----HD---- C:\ProgramData
2010-08-11 22:40:37 ----D---- C:\NVIDIA
2010-08-11 22:21:23 ----D---- C:\Program Files\SystemRequirementsLab
2010-08-11 17:02:44 ----D---- C:\Users\Jon\AppData\Roaming\U3
2010-08-11 16:58:36 ----D---- C:\Windows\Prefetch
2010-08-11 16:20:54 ----AD---- C:\ProgramData\TEMP
2010-08-09 21:42:10 ----SD---- C:\Users\Jon\AppData\Roaming\Microsoft
2010-08-03 14:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-19 277784]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-05-31 385880]
R0 NIPALK;NIPALK; C:\Windows\system32\drivers\NIPALK.sys [2003-05-12 455680]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-12 717296]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R2 nidimk;nidimk; C:\Windows\system32\drivers\nidimk.dll [2003-04-23 107102]
R2 nipxirmk;nipxirmk; C:\Windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-17 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-05-31 55456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-05-31 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-05-31 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-05-31 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 niorbk;niorbk; C:\Windows\system32\drivers\niorbk.dll [2003-04-17 28254]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-09 11008040]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32; C:\Windows\system32\DRIVERS\physX32.sys [2007-09-13 120320]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 193456]
S3 a9oevs0g;a9oevs0g; C:\Windows\system32\drivers\a9oevs0g.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-03-12 27672]
S3 LTower;LEGO USB Tower Driver; C:\Windows\System32\Drivers\LTower.sys [2004-01-22 39936]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NiViPxiK;NiViPxiK; C:\Windows\system32\drivers\NiViPxiK.sys [2003-06-24 17920]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-01 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 Folding@home-CPU-[1];Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe [2009-11-13 422400]
R2 Folding@home-CPU-[2];Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe [2009-11-13 422400]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-14 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]
R2 nipxirmu;nipxirmu; C:\Windows\system32\nipalsm.exe [2003-05-12 20480]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-01 102400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 McProxy;McAfee Proxy Service; C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe [2009-07-08 359952]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-11-08 16680]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » August 31st, 2010, 5:30 pm

Ok I posted all four files in the post above. The problems my computer were having are still around. I feel like everything was going good untill we ran the TDSSKiller.exe, but of course I'm no expert. Are we on the right track? Or did I make a mistake somewhere along the line?
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby Cypher » September 1st, 2010, 5:06 am

Hi hesserman101.
It looks like you're PC has been restored to the state it was in before we started.
So we start over again but this time take a different approach.

  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.

We need to disable McAfee Security Center and its components temporarily as it will interfere with the fix.

  • Open McAfee Security Center.
  • Click on Home on the left pane.
  • Beside Computer & Files, click on the arrow button.
  • Next, click on the arrow button beside Configure at the middle right (NOT the bottom one).
  • You will come to a new page. Please check (click) Off for all the protections. Remember to scroll down.
  • You will be prompted, select Never and just click OK.
  • Note: Don't forget to re-enable it after the fix.

Here is an illustration to assist you:
Image

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper



    Logs/Information to Post in your Next Reply

    • ComboFix log.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Remains of Malware causing trouble, Can't solve problem

Unread postby hesserman101 » September 1st, 2010, 7:05 am

ComboFix 10-08-31.02 - Jon 09/01/2010 6:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1166 [GMT -4:00]
Running from: c:\users\Jon\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\zwunzi143.xml
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Jon\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 20:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 20:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 20:35 . 2010-08-31 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 01:57 . 2010-08-30 01:57 -------- d-----w- C:\_OTM
2010-08-30 01:52 . 2010-09-01 10:28 -------- d-----w- c:\program files\ERUNT
2010-08-28 16:03 . 2010-08-28 16:04 -------- d-----w- C:\rsit
2010-08-27 20:17 . 2010-08-27 20:18 -------- d-----w- C:\MGADiagToolOutput
2010-08-24 01:42 . 2010-08-31 21:01 -------- d-----w- c:\program files\Trend Micro
2010-08-24 01:42 . 2010-08-24 01:42 388096 ----a-r- c:\users\Jon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 20:03 . 2010-08-20 20:03 -------- d-----w- c:\users\Jon\AppData\Local\ElevatedDiagnostics
2010-08-20 19:52 . 2010-08-20 19:56 -------- d-----w- c:\program files\Microsoft ATS
2010-08-16 16:13 . 2010-08-16 16:13 -------- d-----w- c:\program files\iPod
2010-08-16 16:08 . 2010-08-16 16:08 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 03:06 . 2010-08-12 03:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 02:45 . 2010-08-12 02:45 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-12 02:44 . 2010-08-12 02:47 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 02:40 . 2010-07-09 22:37 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-08-12 02:40 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-08-12 02:40 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-08-12 02:40 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-08-12 02:40 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-08-12 02:40 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-08-12 02:40 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-08-12 02:40 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-08-12 02:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-08-12 02:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-08-12 02:40 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-08-12 01:41 . 2010-08-18 03:09 -------- d-----w- c:\program files\StarCraft II
2010-08-11 22:41 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 22:41 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 20:48 . 2010-08-11 20:48 -------- d-----w- c:\programdata\Hitman Pro
2010-08-11 20:48 . 2010-08-11 20:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-10 01:14 . 2010-08-10 01:14 -------- d-----w- c:\users\Jon\Program Files
2010-08-10 01:01 . 2010-08-10 01:01 -------- d-----w- c:\users\Jon\AppData\Local\Threat Expert
2010-08-10 00:29 . 2010-08-10 00:29 -------- d-sh--w- c:\programdata\MSSPES
2010-08-10 00:28 . 2010-08-10 00:28 -------- d-----w- c:\users\Jon\AppData\Local\fnqnyqtmc
2010-08-10 00:26 . 2010-08-31 01:12 -------- d-----w- c:\users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 10:42 . 2008-08-01 16:40 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-31 21:21 . 2008-10-27 18:56 36725 ----a-w- c:\programdata\nvModes.dat
2010-08-31 20:56 . 2008-08-01 22:02 -------- d-----w- c:\program files\McAfee
2010-08-31 01:12 . 2008-09-19 21:38 -------- d-----w- c:\users\Jon\AppData\Roaming\BitTorrent
2010-08-31 01:12 . 2008-09-19 21:36 -------- d-----w- c:\program files\DNA
2010-08-31 01:12 . 2008-09-19 21:36 -------- d-----w- c:\program files\BitTorrent
2010-08-31 01:11 . 2008-08-13 01:16 -------- d-----w- c:\program files\Viewpoint
2010-08-31 01:11 . 2008-08-09 05:13 -------- d-----w- c:\program files\LimeWire
2010-08-27 20:08 . 2008-08-13 01:17 -------- d-----w- c:\programdata\Viewpoint
2010-08-27 20:07 . 2008-08-01 21:51 -------- d-----w- c:\program files\Java
2010-08-18 03:07 . 2008-11-30 00:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-16 16:14 . 2009-09-10 21:14 -------- d-----w- c:\program files\iTunes
2010-08-16 16:13 . 2008-08-09 04:25 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 13:15 . 2008-11-22 16:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 07:07 . 2008-08-01 22:06 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 07:05 . 2008-10-06 00:01 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 03:06 . 2009-08-20 01:24 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-12 02:53 . 2008-08-01 22:17 -------- d-----w- c:\programdata\NVIDIA
2010-08-12 02:45 . 2008-08-01 21:59 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-12 02:21 . 2008-10-27 18:49 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-11 21:02 . 2008-08-20 22:17 -------- d-----w- c:\users\Jon\AppData\Roaming\U3
2010-07-09 22:37 . 2010-08-12 02:40 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2008-08-02 00:29 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:37 . 2008-08-02 00:28 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2008-08-02 00:28 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 20:20 . 2010-07-09 20:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:20 . 2010-07-09 20:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 20:20 . 2010-07-09 20:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 20:20 . 2010-07-09 20:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 20:20 . 2010-07-09 20:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:20 . 2010-07-09 20:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:20 . 2010-07-09 20:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 18:03 . 2008-08-02 00:29 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 14:54 . 2010-04-09 01:43 439816 ----a-w- c:\users\Jon\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-30 12:18 . 2008-08-28 00:49 70352 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-11 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 22:40 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 22:40 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 22:40 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 22:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-11 22:40 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:42 . 2008-11-08 17:38 7592 ----a-w- c:\users\Jon\AppData\Local\d3d9caps.dat
2010-06-11 16:15 . 2010-08-11 22:40 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 22:40 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 22:40 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 00:32 . 2010-06-30 12:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-08-01 21:53 . 2008-08-01 21:53 74 --sh--r- c:\windows\CT4CET.bin
2008-08-02 00:33 . 2008-08-02 00:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-22 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,b7,73,30,6c,40,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\Drivers\LTower.sys [2004-01-23 39936]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 83496]
R3 NiViPxiK;NiViPxiK; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-12 717296]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 160720]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 141792]
S2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-04-24 107102]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 312616]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-09-13 120320]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-01 18:32]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-01 18:32]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{CABDDF5B-D45B-4464-B6DE-DCAE3C3FFECF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1b514aph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Jon\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-secureapp70700.exe - c:\users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1\secureapp70700.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 07:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3026006837-3582817978-75404658-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,4a,88,a9,87,2a,ea,89,5a,23,ad,80,1b,3f,b4,66,1f,66,e3,5a,f2,ef,3a,
0b,ff,4c,e9,ba,fb,fb,0f,41,78,5e,23,28,90,d3,2e,8c,b9,94,df,39,31,d8,d1,3c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-3026006837-3582817978-75404658-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,a4,41,0a,68,a0,b6,8b,c1,0e,bb,66,f8,b0,b6,c8,d3,ef,d2,bb,59,
da,82,8a,15,46,16,cc,16,d7,ca,1e,7c,52,b0,c7,8c,9c,3e,53,31,29,b8,70,ef,df,\
"rkeysecu"=hex:3b,75,86,03,b1,a9,69,23,37,a6,03,de,a6,b2,17,3e
.
Completion time: 2010-09-01 07:04:11
ComboFix-quarantined-files.txt 2010-09-01 11:04

Pre-Run: 24,325,050,368 bytes free
Post-Run: 24,348,676,096 bytes free

- - End Of File - - A90821F7DB70D1CCE0E241105FAEB5C8
hesserman101
Regular Member
 
Posts: 27
Joined: August 23rd, 2010, 9:58 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware