Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware infection

Unread postby TrickyMicky » April 9th, 2011, 7:32 pm

After the past couple of days my computer has been going mad. and been doing random shutdowns.

it wont let me do a system restore, "system restore has been disabled my the administrator"

Here's my DDS Logs;

DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 23:45:01.36 on 09/04/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.703.156 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\TEMP\nfcs\setup.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\IoctlSvc.exe
C:\ProgramData\ScanQuery\scanquery117.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Knuxoa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ScanQuery\scanquery.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Temp\winamp.exe
C:\Users\Michael\AppData\Local\Temp\taskmgr.exe
C:\Users\Michael\AppData\Local\Temp\win16.exe
c:\Program Files\Microsoft Silverlight\4.0.60129.0\agcp.exe
C:\Users\Michael\AppData\Local\Temp\Kl6.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Temp\Kl3.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - c:\program files\gamers unite! snag bar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: c:\windows\system32\g67sir.dll: {b1b220c1-a500-99bd-f110-04b53a2c8952} - c:\windows\system32\g67sir.dll
TB: N/A: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [W5E7SH31DG] c:\users\michael\appdata\local\temp\Kl3.exe
uRun: [Lbesahigafekut] rundll32.exe "c:\users\michael\appdata\local\insExi.dll",Startup
uRun: [{88B10A1A-875E-3835-B96D-F54B7DF74FDB}] c:\users\michael\appdata\roaming\etpyn\uvra.exe
uRun: [{6333E559-97EF-45E9-C1CC-9B448CE4D33A}] c:\users\michael\appdata\roaming\xuyki\emnua.exe
uRun: [Lvdmfeefnwg] c:\users\michael\appdata\local\temp\spoolsv.exe
uRun: [Lvdmfeefnb] c:\users\michael\appdata\local\temp\mdm.exe
uRun: [Lvdmfeefnwpc] c:\users\michael\appdata\local\temp\services.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [Mqstc] c:\windows\msmgm.exe
uRun: [Lvdmfeefnvc] c:\users\michael\appdata\local\temp\user.exe
uRun: [LvdmfeefnfQ] c:\users\michael\appdata\local\temp\win16.exe
uRun: [Lvdmfeefnoc] c:\users\michael\appdata\local\temp\debug.exe
uRun: [Mqtw+] c:\windows\nvsvc32.exe
uRun: [Mquwe] c:\windows\sysmgm.exe
uRun: [Mque] c:\windows\user.exe
uRun: [Lvdmfeefntg] c:\users\michael\appdata\local\temp\wininst.exe
uRun: [Mqvpe] c:\windows\winamp.exe
uRun: [Mqrtc] c:\windows\hexdump.exe
uRun: [Lvdmfeefnd] c:\users\michael\appdata\local\temp\avp.exe
uRun: [Lvdmfeefnte] c:\users\michael\appdata\local\temp\msmgm.exe
uRun: [GAGEZ8R8ZB] c:\windows\Knuxoa.exe
uRun: [Mqqsc] c:\windows\drweb.exe
uRun: [Lvdmfeefnwe] c:\users\michael\appdata\local\temp\setup.exe
uRun: [LvdmfeefnzZ] c:\users\michael\appdata\local\temp\sysmgm.exe
uRun: [Lvdmfeefnz9] c:\users\michael\appdata\local\temp\nvsvc32.exe
uRun: [Mqqoc] c:\windows\debug.exe
uRun: [Lvdmfeefnrc] c:\users\michael\appdata\local\temp\winamp.exe
uRun: [Lvdmfeefnxb] c:\users\michael\appdata\local\temp\sysedit.exe
uRun: [{2DFB306D-3052-88DB-F333-0A60E4676CCC}] c:\users\michael\appdata\roaming\maysfo\deyni.exe
uRun: [Mqvre] c:\windows\wininst.exe
uRun: [Lvdmfeefnqg] c:\users\michael\appdata\local\temp\hexdump.exe
uRun: [Lvdmfeefntpf] c:\users\michael\appdata\local\temp\iexplarer.exe
uRun: [LvdmfeefneP] c:\users\michael\appdata\local\temp\avp32.exe
uRun: [Lvdmfeefnsb] c:\users\michael\appdata\local\temp\drweb.exe
uRun: [Lvdmfeefnth] c:\users\michael\appdata\local\temp\svchost.exe
uRun: [LvdmfeefnZP] c:\users\michael\appdata\local\temp\gdi32.exe
uRun: [Lvdmfeefnqe] c:\users\michael\appdata\local\temp\login.exe
uRun: [Mqurb] c:\windows\taskmgr.exe
uRun: [Lvdmfeefnsd] c:\users\michael\appdata\local\temp\taskmgr.exe
uRun: [MqpSc] c:\windows\avp32.exe
uRun: [Mqutc] c:\windows\sysedit.exe
uRun: [Mqutc] c:\windows\sysedit.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SMax4.exe" /tray
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Lvdmfeefnwg] c:\users\michael\appdata\local\temp\spoolsv.exe
mRun: [Lvdmfeefnb] c:\users\michael\appdata\local\temp\mdm.exe
mRun: [Lvdmfeefnwpc] c:\users\michael\appdata\local\temp\services.exe
mRun: [MqrMc] c:\windows\gdi32.exe
mRun: [Mqstc] c:\windows\msmgm.exe
mRun: [Lvdmfeefnvc] c:\users\michael\appdata\local\temp\user.exe
mRun: [LvdmfeefnfQ] c:\users\michael\appdata\local\temp\win16.exe
mRun: [Lvdmfeefnoc] c:\users\michael\appdata\local\temp\debug.exe
mRun: [Mqtw+] c:\windows\nvsvc32.exe
mRun: [Mquwe] c:\windows\sysmgm.exe
mRun: [Mque] c:\windows\user.exe
mRun: [Abatohufajel] rundll32.exe "c:\users\michael\appdata\local\okobejukoze.dll",Startup
mRun: [Lvdmfeefntg] c:\users\michael\appdata\local\temp\wininst.exe
mRun: [Mqvpe] c:\windows\winamp.exe
mRun: [Mqrtc] c:\windows\hexdump.exe
mRun: [Lvdmfeefnd] c:\users\michael\appdata\local\temp\avp.exe
mRun: [Lvdmfeefnte] c:\users\michael\appdata\local\temp\msmgm.exe
mRun: [Mqqsc] c:\windows\drweb.exe
mRun: [Lvdmfeefnwe] c:\users\michael\appdata\local\temp\setup.exe
mRun: [LvdmfeefnzZ] c:\users\michael\appdata\local\temp\sysmgm.exe
mRun: [Lvdmfeefnz9] c:\users\michael\appdata\local\temp\nvsvc32.exe
mRun: [Mqqoc] c:\windows\debug.exe
mRun: [Lvdmfeefnrc] c:\users\michael\appdata\local\temp\winamp.exe
mRun: [Lvdmfeefnxb] c:\users\michael\appdata\local\temp\sysedit.exe
mRun: [Mqvre] c:\windows\wininst.exe
mRun: [Lvdmfeefnqg] c:\users\michael\appdata\local\temp\hexdump.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Lvdmfeefntpf] c:\users\michael\appdata\local\temp\iexplarer.exe
mRun: [LvdmfeefneP] c:\users\michael\appdata\local\temp\avp32.exe
mRun: [Lvdmfeefnsb] c:\users\michael\appdata\local\temp\drweb.exe
mRun: [Lvdmfeefnth] c:\users\michael\appdata\local\temp\svchost.exe
mRun: [LvdmfeefnZP] c:\users\michael\appdata\local\temp\gdi32.exe
mRun: [Lvdmfeefnqe] c:\users\michael\appdata\local\temp\login.exe
mRun: [Mqurb] c:\windows\taskmgr.exe
mRun: [Lvdmfeefnsd] c:\users\michael\appdata\local\temp\taskmgr.exe
mRun: [MqpSc] c:\windows\avp32.exe
mRun: [Mqutc] c:\windows\sysedit.exe
dRun: [W5E7SH31DG] c:\windows\temp\Kl1.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {59EB024F-4AA1-424C-95DE-4054B35D5306} = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
R?2 AMService;AMService;c:\windows\temp\nfcs\setup.exe run --> c:\windows\temp\nfcs\setup.exe run [?]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-9 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-9 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-9 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-4-9 247760]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2011-2-1 36928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== Created Last 30 ================
.
2011-04-09 21:16:34 15968 ---h--w- c:\windows\avp32.exe
2011-04-09 21:16:31 16220 ---h--w- c:\windows\sysedit.exe
2011-04-09 18:32:20 15968 ---h--w- c:\windows\winlogon.exe
2011-04-09 18:32:08 15968 ---h--w- c:\windows\taskmgr.exe
2011-04-09 17:37:49 -------- d-----w- c:\program files\ScanQuery
2011-04-09 17:37:49 -------- d-----w- c:\progra~2\ScanQuery
2011-04-09 17:35:38 -------- d-----w- c:\users\michael\appdata\local\_
2011-04-09 16:55:15 -------- d-----w- c:\program files\CCleaner
2011-04-09 15:47:47 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-09 15:47:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-09 15:47:46 1996752 ----a-w- c:\windows\PCTBDCore.dll
2011-04-09 15:47:46 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-09 14:18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-09 14:18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-09 14:18:50 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-09 14:18:50 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-09 14:17:13 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-09 14:17:13 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-09 14:16:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-09 14:15:22 -------- d-----w- c:\program files\common files\PC Tools
2011-04-09 14:15:19 -------- d-----w- c:\users\michael\appdata\roaming\PC Tools
2011-04-09 14:15:19 -------- d-----w- c:\progra~2\PC Tools
2011-04-09 14:15:18 -------- d-----w- c:\program files\PC Tools Security
2011-04-09 13:40:32 16220 ---h--w- c:\windows\wininst.exe
2011-04-09 13:29:58 -------- d-----w- c:\users\michael\appdata\roaming\Tyviho
2011-04-09 13:29:58 -------- d-----w- c:\users\michael\appdata\roaming\Maysfo
2011-04-09 13:23:00 15968 ---h--w- c:\windows\debug.exe
2011-04-09 12:04:50 15968 ---h--w- c:\windows\drweb.exe
2011-04-09 11:54:10 15968 ---h--w- c:\windows\hexdump.exe
2011-04-09 11:54:09 15968 ---h--w- c:\windows\winamp.exe
2011-04-09 11:49:31 135168 --sha-r- c:\windows\system32\wshextf.dll
2011-04-09 11:49:00 0 ----a-w- c:\users\michael\appdata\local\Wzexadomipusovom.bin
2011-04-09 11:48:56 -------- d-----w- c:\users\michael\appdata\local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}
2011-04-09 11:48:06 15968 ---h--w- c:\windows\gdi32.exe
2011-04-09 11:48:05 15968 ---h--w- c:\windows\user.exe
2011-04-09 11:48:03 16220 ---h--w- c:\windows\nvsvc32.exe
2011-04-09 11:47:59 15968 ---h--w- c:\windows\msmgm.exe
2011-04-09 11:47:42 50000 ----a-w- c:\windows\system32\ryvrilo.dll
2011-04-09 11:47:42 50000 ----a-w- c:\windows\system32\g67sir.dll
2011-04-09 11:47:31 -------- d-----w- c:\users\michael\appdata\roaming\Xuyki
2011-04-09 11:47:31 -------- d-----w- c:\users\michael\appdata\roaming\Xiimyq
2011-04-09 11:47:29 -------- d-----w- c:\users\michael\appdata\roaming\Ycoz
2011-04-09 11:47:28 -------- d-----w- c:\users\michael\appdata\roaming\Etpyn
2011-04-09 11:47:15 161792 ----a-w- c:\windows\Knuxoa.exe
2011-04-09 02:59:48 344064 --sha-w- c:\users\michael\appdata\local\jcn.exe
2011-04-09 02:59:47 344064 --sha-w- c:\users\michael\appdata\local\ftr.exe
2011-04-05 16:37:11 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-04-05 16:37:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 16:37:03 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-05 16:37:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 16:37:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 22:54:06 -------- d-----w- c:\program files\Facebook FriendAdder
2011-03-31 00:43:04 -------- d-----w- c:\users\michael\appdata\local\jagexlauncher
2011-03-30 23:41:24 -------- d-----w- c:\windows\.jagex_cache_32
2011-03-28 21:18:54 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-03-26 20:57:32 -------- d-----w- c:\users\michael\appdata\roaming\SynthMaker
2011-03-26 20:54:54 -------- d-----w- c:\users\michael\appdata\roaming\Acoustica
2011-03-26 20:54:53 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-26 20:53:33 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-03-26 20:50:34 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-03-26 20:50:34 -------- d-----w- c:\progra~2\Acoustica
2011-03-25 23:03:01 -------- d-----w- c:\users\michael\appdata\local\Ahead
2011-03-25 20:32:24 -------- d-----w- c:\program files\Nero
2011-03-18 19:11:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-18 19:09:48 -------- d-----w- c:\program files\Microsoft Expression
2011-03-18 19:09:41 -------- d-----w- c:\program files\WPF Toolkit
2011-03-18 18:55:33 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-18 18:55:33 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-18 18:55:30 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-03-18 18:55:30 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-18 18:55:30 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-18 18:55:28 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-03-18 18:53:47 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 18:53:45 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-18 18:53:43 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-18 18:52:05 -------- d-----w- c:\windows\system32\xlive
2011-03-18 18:52:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-18 18:50:39 -------- d-----w- c:\program files\Microsoft XNA
2011-03-18 18:47:37 100512 ----a-w- c:\progra~2\microsoft\vpdexpress\10.0\1033\ResourceCache.dll
2011-03-18 18:43:20 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-03-18 18:40:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-03-18 18:38:23 -------- d-----w- c:\program files\Microsoft XDE
2011-03-18 18:38:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-18 18:25:43 -------- d-----w- c:\windows\PCHEALTH
2011-03-15 00:03:29 -------- d-----w- c:\windows\system32\appmgmt
2011-03-13 15:48:26 -------- d-----w- c:\users\michael\appdata\local\Thunderbird
2011-03-11 13:49:18 -------- d-----w- c:\program files\Datel
2011-03-11 12:25:39 -------- d-----w- c:\progra~2\vsosdk
2011-03-11 11:02:30 87608 ----a-w- c:\users\michael\appdata\roaming\inst.exe
2011-03-11 11:02:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-03-11 11:02:30 47360 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys
2011-03-11 10:49:52 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-03-11 10:49:52 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-03-11 10:49:52 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-03-11 10:49:52 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-03-11 10:49:52 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-03-11 01:15:08 -------- d-----w- c:\progra~2\Nero
2011-03-11 01:14:20 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2011-03-11 01:12:30 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-03-11 01:12:30 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-03-11 01:12:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-03-11 01:12:30 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-03-11 01:12:30 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-03-11 01:12:30 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-03-11 01:12:29 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-03-11 01:12:29 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-03-11 00:45:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-11 00:45:32 -------- d-----w- c:\program files\ffdshow
2011-03-11 00:41:51 -------- d-----w- c:\program files\TVersity Codec Pack
2011-03-11 00:41:40 -------- d-----w- c:\progra~2\TVersity
.
==================== Find3M ====================
.
2011-01-29 16:03:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Maxtor_6K040L0 rev.NAR61HA0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85841439]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x858477d0]; MOV EAX, [0x8584784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8288652F] -> \Device\Harddisk0\DR0[0x854D7610]
3 CLASSPNP[0x871A859E] -> ntkrnlpa!IofCallDriver[0x8288652F] -> [0x854D7E40]
5 PCTCore[0x8324C099] -> ntkrnlpa!IofCallDriver[0x8288652F] -> [0x8520B918]
7 ACPI[0x82FAC3D4] -> ntkrnlpa!IofCallDriver[0x8288652F] -> \IdeDeviceP0T0L0-0[0x84589610]
\Driver\atapi[0x854D7210] -> IRP_MJ_CREATE -> 0x85841439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskMaxtor_6K040L0__________________________NAR61HA0#5&19606f25&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 80293246 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:47:50.52 ===============


And heres my Attach;

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2011 23:22:12
System Uptime: 09/04/2011 22:53:18 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K8V-MX
Processor: AMD Sempron(tm) Processor 2800+ | Socket 754 | 1600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 13.895 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Ask Toolbar
Browser Defender 3.0
CCleaner
Download Updater (AOL LLC)
ffdshow [rev 3154] [2009-12-09]
Foxit Reader
Gamers Unite! Snag Bar
GIMP 2.6.11
Google Chrome
Java Auto Updater
Java(TM) 6 Update 22
JDownloader
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Blend SDK for Windows Phone 7
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2010 Express for Windows Phone - ENU
Microsoft Windows Phone 7 Developer Resources
Microsoft Windows Phone Developer Tools - ENU
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Mozilla Thunderbird (3.1.9)
MSVCRT Redists
Nero 7 Premium
neroxml
ScanQuery 1.0 build 117 powered by FIRST SEARCHBAR
SoundMAX
Spyware Doctor 8.0
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
Vegas Pro 10.0
Windows Phone 7 Add-in for Visual Studio 2010 - ENU
Windows Phone Emulator - ENU
WinPcap 4.1.1
WinZip 15.0
WPF Toolkit February 2010 (Version 3.5.50211.1)
XPort 360
.
==== Event Viewer Messages From Past Week ========
.
09/04/2011 23:24:14, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
09/04/2011 22:53:28, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
09/04/2011 22:47:34, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09/04/2011 22:47:23, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
09/04/2011 22:47:23, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
09/04/2011 21:53:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
09/04/2011 21:53:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
09/04/2011 21:52:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
09/04/2011 21:52:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/04/2011 21:52:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/04/2011 21:52:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09/04/2011 21:52:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82a41f3e, 0x8490b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040911-24921-01.
09/04/2011 21:52:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vmm Wanarpv6
09/04/2011 21:46:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x8289f92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040911-35500-01.
09/04/2011 19:46:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vmm vwififlt Wanarpv6 WfpLwf
09/04/2011 19:46:18, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
09/04/2011 19:46:18, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/04/2011 19:46:18, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/04/2011 19:46:18, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/04/2011 19:46:18, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/04/2011 19:46:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/04/2011 19:46:17, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/04/2011 19:46:17, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
09/04/2011 19:46:17, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/04/2011 19:46:17, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/04/2011 19:20:21, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 18:50:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 18:48:23, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 18:24:45, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09/04/2011 17:56:13, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
09/04/2011 17:12:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 17:11:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 17:10:34, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:38:07, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 15:43:08, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
09/04/2011 15:42:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
09/04/2011 15:42:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NMIndexingService service to connect.
09/04/2011 15:42:26, Error: Service Control Manager [7000] - The NMIndexingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 15:39:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
09/04/2011 15:31:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
09/04/2011 15:31:00, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 15:29:56, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
09/04/2011 15:18:41, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 15:16:25, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
09/04/2011 12:34:12, Error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
09/04/2011 04:12:17, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
05/04/2011 17:36:38, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
05/04/2011 17:24:40, Error: Service Control Manager [7034] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 17:24:36, Error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 17:24:33, Error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


Thanks.
Michael.
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm
Advertisement
Register to Remove

Re: Malware infection

Unread postby Carolyn » April 10th, 2011, 10:00 am

Hello Michael,

I'm reviewing your logs and will post back shortly.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby Carolyn » April 10th, 2011, 10:41 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

=================================

You have a Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

=================================

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

=================================

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save

=================================

Disable Spyware Doctor
  • Open Spyware Doctor
  • Click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • Note: Please do not re-enable until i tell you to do so.


If your version of Spyware Doctor doesn't work with the instruction above, proceed as follows:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck "Run at Windows startup".
  • Click Apply and Exit Spyware Doctor.
  • From within Spyware Doctor, click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • (When we are done, you can reenable Spyware Doctor)

=================================

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

=================================

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


=================================

Please post the following in your next reply:
  • The TDSSKiller log
  • The ComboFix log
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 10th, 2011, 1:03 pm

can i do all this in safe mode? as of today if im running normal mode i get load of pop up boxes called "blank window2" And i cant open everything. heres the log of TDSS killer.

TDSS killer Log;

2011/04/10 17:38:16.0224 0240 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 17:38:16.0473 0240 ================================================================================
2011/04/10 17:38:16.0473 0240 SystemInfo:
2011/04/10 17:38:16.0473 0240
2011/04/10 17:38:16.0474 0240 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/10 17:38:16.0474 0240 Product type: Workstation
2011/04/10 17:38:16.0474 0240 ComputerName: MICHAEL-PC
2011/04/10 17:38:16.0474 0240 UserName: Michael
2011/04/10 17:38:16.0474 0240 Windows directory: C:\Windows
2011/04/10 17:38:16.0474 0240 System windows directory: C:\Windows
2011/04/10 17:38:16.0474 0240 Processor architecture: Intel x86
2011/04/10 17:38:16.0474 0240 Number of processors: 1
2011/04/10 17:38:16.0474 0240 Page size: 0x1000
2011/04/10 17:38:16.0474 0240 Boot type: Safe boot with network
2011/04/10 17:38:16.0474 0240 ================================================================================
2011/04/10 17:38:16.0874 0240 Initialize success
2011/04/10 17:38:36.0672 0256 ================================================================================
2011/04/10 17:38:36.0673 0256 Scan started
2011/04/10 17:38:36.0673 0256 Mode: Manual;
2011/04/10 17:38:36.0673 0256 ================================================================================
2011/04/10 17:38:39.0494 0256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/10 17:38:39.0868 0256 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/10 17:38:40.0169 0256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/10 17:38:40.0439 0256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/10 17:38:40.0715 0256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
2011/04/10 17:38:40.0936 0256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
2011/04/10 17:38:41.0219 0256 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\Windows\system32\drivers\aeaudio.sys
2011/04/10 17:38:41.0482 0256 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/04/10 17:38:41.0747 0256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/10 17:38:41.0969 0256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
2011/04/10 17:38:42.0249 0256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/10 17:38:42.0476 0256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/10 17:38:42.0679 0256 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/10 17:38:42.0886 0256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/10 17:38:43.0099 0256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
2011/04/10 17:38:43.0326 0256 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/10 17:38:43.0583 0256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
2011/04/10 17:38:43.0810 0256 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/10 17:38:44.0073 0256 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/10 17:38:44.0389 0256 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
2011/04/10 17:38:44.0584 0256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
2011/04/10 17:38:44.0859 0256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/10 17:38:45.0039 0256 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/10 17:38:45.0399 0256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
2011/04/10 17:38:45.0672 0256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/10 17:38:45.0989 0256 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/10 17:38:46.0261 0256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/10 17:38:46.0467 0256 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/10 17:38:46.0655 0256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
2011/04/10 17:38:46.0831 0256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
2011/04/10 17:38:47.0036 0256 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2011/04/10 17:38:47.0120 0256 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2011/04/10 17:38:47.0368 0256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/10 17:38:47.0591 0256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/10 17:38:47.0797 0256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/10 17:38:48.0038 0256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/10 17:38:48.0253 0256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
2011/04/10 17:38:48.0509 0256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/10 17:38:48.0704 0256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/10 17:38:48.0945 0256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
2011/04/10 17:38:49.0169 0256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/10 17:38:49.0429 0256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
2011/04/10 17:38:49.0618 0256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/10 17:38:49.0831 0256 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/10 17:38:50.0057 0256 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
2011/04/10 17:38:50.0258 0256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/10 17:38:50.0512 0256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
2011/04/10 17:38:50.0847 0256 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/04/10 17:38:51.0161 0256 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/10 17:38:51.0381 0256 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/10 17:38:51.0630 0256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
2011/04/10 17:38:51.0839 0256 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
2011/04/10 17:38:52.0109 0256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/10 17:38:52.0352 0256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/10 17:38:52.0710 0256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
2011/04/10 17:38:53.0077 0256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
2011/04/10 17:38:53.0280 0256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/10 17:38:53.0569 0256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/10 17:38:53.0784 0256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/10 17:38:54.0044 0256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/10 17:38:54.0322 0256 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
2011/04/10 17:38:54.0557 0256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/10 17:38:54.0778 0256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/10 17:38:54.0962 0256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/10 17:38:55.0156 0256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/10 17:38:55.0404 0256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/10 17:38:55.0602 0256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/10 17:38:55.0835 0256 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/10 17:38:56.0103 0256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/10 17:38:56.0358 0256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/10 17:38:56.0542 0256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/10 17:38:56.0726 0256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
2011/04/10 17:38:56.0942 0256 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
2011/04/10 17:38:57.0168 0256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
2011/04/10 17:38:57.0394 0256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/10 17:38:57.0658 0256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/10 17:38:57.0871 0256 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/10 17:38:58.0101 0256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/10 17:38:58.0314 0256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/10 17:38:58.0530 0256 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/10 17:38:58.0780 0256 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
2011/04/10 17:38:59.0060 0256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/10 17:38:59.0318 0256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
2011/04/10 17:38:59.0541 0256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/10 17:38:59.0808 0256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/10 17:39:00.0021 0256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/10 17:39:00.0255 0256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/10 17:39:00.0456 0256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/10 17:39:00.0681 0256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/10 17:39:00.0934 0256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/10 17:39:01.0192 0256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/04/10 17:39:01.0477 0256 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/10 17:39:01.0741 0256 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/10 17:39:02.0040 0256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/10 17:39:02.0320 0256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/10 17:39:02.0536 0256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/10 17:39:02.0795 0256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
2011/04/10 17:39:03.0000 0256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/10 17:39:03.0214 0256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/10 17:39:03.0465 0256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
2011/04/10 17:39:03.0670 0256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
2011/04/10 17:39:03.0916 0256 MidiSyn (63c34814492aa65fc517b002de77b191) C:\Windows\system32\drivers\MidiSyn.sys
2011/04/10 17:39:04.0132 0256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/10 17:39:04.0338 0256 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/10 17:39:04.0544 0256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/10 17:39:04.0772 0256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/10 17:39:04.0976 0256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/10 17:39:05.0212 0256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/10 17:39:05.0455 0256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/10 17:39:05.0671 0256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/10 17:39:05.0879 0256 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/10 17:39:06.0070 0256 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/10 17:39:06.0291 0256 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/10 17:39:06.0536 0256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/10 17:39:06.0765 0256 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/10 17:39:07.0084 0256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/10 17:39:07.0291 0256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/10 17:39:07.0496 0256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/10 17:39:07.0759 0256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/10 17:39:07.0968 0256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/10 17:39:08.0194 0256 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/10 17:39:08.0417 0256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/10 17:39:08.0691 0256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/10 17:39:08.0917 0256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/10 17:39:09.0114 0256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
2011/04/10 17:39:09.0428 0256 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/10 17:39:09.0679 0256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/10 17:39:09.0956 0256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/10 17:39:10.0222 0256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/10 17:39:10.0414 0256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/10 17:39:10.0641 0256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/10 17:39:10.0864 0256 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/10 17:39:11.0079 0256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/10 17:39:11.0327 0256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/10 17:39:11.0552 0256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/10 17:39:12.0141 0256 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
2011/04/10 17:39:12.0442 0256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
2011/04/10 17:39:12.0707 0256 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/04/10 17:39:12.0900 0256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/10 17:39:13.0173 0256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/10 17:39:13.0444 0256 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/10 17:39:13.0711 0256 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/10 17:39:13.0941 0256 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/10 17:39:14.0160 0256 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/10 17:39:14.0380 0256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/10 17:39:14.0574 0256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/10 17:39:14.0850 0256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/10 17:39:15.0067 0256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/10 17:39:15.0291 0256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/10 17:39:15.0592 0256 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/10 17:39:15.0810 0256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/10 17:39:16.0000 0256 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
2011/04/10 17:39:16.0240 0256 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/10 17:39:16.0473 0256 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/04/10 17:39:16.0744 0256 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/04/10 17:39:16.0994 0256 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/04/10 17:39:17.0418 0256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/10 17:39:17.0681 0256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/10 17:39:18.0092 0256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/10 17:39:18.0315 0256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
2011/04/10 17:39:18.0579 0256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/10 17:39:18.0804 0256 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys
2011/04/10 17:39:19.0058 0256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
2011/04/10 17:39:19.0318 0256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
2011/04/10 17:39:19.0512 0256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/10 17:39:19.0712 0256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/10 17:39:19.0927 0256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/10 17:39:20.0201 0256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/10 17:39:20.0439 0256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/10 17:39:20.0732 0256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/10 17:39:20.0945 0256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/10 17:39:21.0161 0256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/10 17:39:21.0397 0256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/10 17:39:21.0602 0256 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/04/10 17:39:21.0833 0256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/10 17:39:22.0076 0256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/10 17:39:22.0296 0256 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/10 17:39:22.0600 0256 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/10 17:39:22.0974 0256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/10 17:39:23.0242 0256 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/10 17:39:23.0545 0256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/10 17:39:23.0778 0256 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/04/10 17:39:24.0012 0256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/10 17:39:24.0292 0256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/10 17:39:24.0633 0256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/10 17:39:24.0892 0256 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\Windows\system32\drivers\senfilt.sys
2011/04/10 17:39:25.0147 0256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/10 17:39:25.0340 0256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/10 17:39:25.0710 0256 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
2011/04/10 17:39:26.0150 0256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/04/10 17:39:26.0506 0256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/10 17:39:26.0811 0256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/10 17:39:27.0056 0256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
2011/04/10 17:39:27.0483 0256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
2011/04/10 17:39:27.0743 0256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
2011/04/10 17:39:28.0195 0256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/10 17:39:28.0492 0256 smwdm (93560891704bbf5ff11e8d16c41698e5) C:\Windows\system32\drivers\smwdm.sys
2011/04/10 17:39:28.0810 0256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/10 17:39:29.0052 0256 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/04/10 17:39:29.0296 0256 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/10 17:39:29.0500 0256 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/10 17:39:29.0765 0256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
2011/04/10 17:39:29.0998 0256 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/10 17:39:30.0215 0256 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/04/10 17:39:30.0430 0256 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/10 17:39:30.0645 0256 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
2011/04/10 17:39:31.0024 0256 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/10 17:39:31.0315 0256 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/10 17:39:31.0576 0256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/10 17:39:31.0804 0256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/10 17:39:31.0997 0256 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/10 17:39:32.0184 0256 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/10 17:39:32.0380 0256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/10 17:39:32.0587 0256 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
2011/04/10 17:39:32.0900 0256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/10 17:39:33.0115 0256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/10 17:39:33.0495 0256 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
2011/04/10 17:39:33.0789 0256 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
2011/04/10 17:39:34.0003 0256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/10 17:39:34.0255 0256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
2011/04/10 17:39:34.0475 0256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/10 17:39:34.0975 0256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/10 17:39:35.0429 0256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/10 17:39:35.0832 0256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
2011/04/10 17:39:36.0250 0256 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/10 17:39:36.0676 0256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/10 17:39:37.0109 0256 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/10 17:39:37.0430 0256 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/10 17:39:37.0757 0256 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/04/10 17:39:38.0170 0256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
2011/04/10 17:39:38.0491 0256 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/10 17:39:38.0884 0256 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/10 17:39:39.0218 0256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/10 17:39:39.0599 0256 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/10 17:39:39.0833 0256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/10 17:39:40.0278 0256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/10 17:39:40.0555 0256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/10 17:39:40.0856 0256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
2011/04/10 17:39:41.0103 0256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/10 17:39:41.0328 0256 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/04/10 17:39:41.0589 0256 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/10 17:39:41.0785 0256 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
2011/04/10 17:39:41.0992 0256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/10 17:39:42.0268 0256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/10 17:39:42.0521 0256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/10 17:39:42.0791 0256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
2011/04/10 17:39:43.0071 0256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/10 17:39:43.0317 0256 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/10 17:39:43.0541 0256 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/10 17:39:43.0828 0256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
2011/04/10 17:39:44.0107 0256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 17:39:44.0166 0256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 17:39:44.0448 0256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
2011/04/10 17:39:44.0959 0256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/10 17:39:45.0344 0256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/10 17:39:45.0548 0256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/10 17:39:45.0929 0256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/10 17:39:46.0209 0256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/10 17:39:46.0462 0256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/10 17:39:46.0747 0256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/10 17:39:47.0020 0256 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2011/04/10 17:39:47.0229 0256 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/10 17:39:47.0239 0256 ================================================================================
2011/04/10 17:39:47.0239 0256 Scan finished
2011/04/10 17:39:47.0239 0256 ================================================================================
2011/04/10 17:39:47.0296 1488 Detected object count: 1
2011/04/10 17:40:20.0425 1488 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/10 17:40:20.0452 1488 \HardDisk0 - ok
2011/04/10 17:40:20.0468 1488 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/10 17:40:27.0830 1480 Deinitialize success

Ill download Combifix now and post the log

Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby TrickyMicky » April 10th, 2011, 1:41 pm

Seems like its getting better after running ComboFix, it now lets me boot in normal mode.

Heres the ComboFix log;

ComboFix 11-04-09.01 - Michael 10/04/2011 18:07:50.1.1 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.703.412 [GMT 1:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ScanQuery
c:\program files\ScanQuery\scanquery.dll
c:\program files\ScanQuery\scanquery.exe
c:\program files\ScanQuery\uninstall.exe
c:\programdata\g0bl07OX.exe_
c:\programdata\ScanQuery
c:\programdata\ScanQuery\scanquery117.exe
c:\users\Michael\AppData\Local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}
c:\users\Michael\AppData\Local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}\chrome.manifest
c:\users\Michael\AppData\Local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}\chrome\content\_cfg.js
c:\users\Michael\AppData\Local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}\chrome\content\overlay.xul
c:\users\Michael\AppData\Local\{9F925008-3199-4DEF-8FF6-C71839F7CEC7}\install.rdf
c:\users\Michael\AppData\Local\ftr.exe
c:\users\Michael\AppData\Local\insExi.dll
c:\users\Michael\AppData\Local\jcn.exe
c:\users\Michael\AppData\Local\okobejukoze.dll
c:\users\Michael\AppData\Roaming\Etpyn
c:\users\Michael\AppData\Roaming\Etpyn\uvra .exe
c:\users\Michael\AppData\Roaming\Etpyn\uvra.exe
c:\users\Michael\AppData\Roaming\inst.exe
c:\users\Michael\AppData\Roaming\Maysfo
c:\users\Michael\AppData\Roaming\Maysfo\deyni .exe
c:\users\Michael\AppData\Roaming\Maysfo\deyni.exe
c:\users\Michael\AppData\Roaming\Tyviho
c:\users\Michael\AppData\Roaming\Tyviho\ohede.dun
c:\users\Michael\AppData\Roaming\Tyviho\ohede.tmp
c:\users\Michael\AppData\Roaming\Xuyki
c:\users\Michael\AppData\Roaming\Xuyki\emnua .exe
c:\users\Michael\AppData\Roaming\Xuyki\emnua.exe
c:\windows\$xntuninstall643$
c:\windows\$xntuninstall643$\apUninstall.exe
c:\windows\$xntuninstall643$\mbdwt.dll
c:\windows\$xntuninstall643$\xgoir.dll
c:\windows\$xntuninstall643$\zrpt.xml
c:\windows\avp32.exe
c:\windows\debug .exe
c:\windows\debug.exe
c:\windows\drweb .exe
c:\windows\drweb.exe
c:\windows\gdi32 .exe
c:\windows\gdi32.exe
c:\windows\hexdump.exe
c:\windows\iexplarer.exe
c:\windows\msmgm .exe
c:\windows\msmgm.exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32.exe
c:\windows\sysedit.exe
c:\windows\system32\g67sir.dll
c:\windows\system32\ryvrilo.dll
c:\windows\taskmgr.exe
c:\windows\user .exe
c:\windows\user .exe
c:\windows\user.exe
c:\windows\winamp .exe
c:\windows\winamp .exe
c:\windows\winamp.exe
c:\windows\wininst .exe
c:\windows\wininst.exe
c:\windows\winlogon.exe
c:\windows\XSxS
C:\winntse.bin
c:\winntse.bin\config.bin
c:\winntse.bin\winntse.bin .exe
c:\winntse.bin\winntse.bin.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ScanQuery Service
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 17:17 . 2011-04-10 17:22 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-04-10 17:17 . 2011-04-10 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 00:19 . 2011-04-10 01:43 73228 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 01:39 73228 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 01:37 73224 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 01:24 73232 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 00:41 73228 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 00:39 73224 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 00:31 73228 ----a-w- c:\windows\iexplarer .exe
2011-04-10 00:19 . 2011-04-10 00:19 16220 ---ha-w- c:\windows\iexplarer .exe
2011-04-10 00:14 . 2011-04-10 00:14 146434 ----a-w- c:\programdata\g0bl07OX.exe
2011-04-09 21:16 . 2011-04-09 23:37 73220 ----a-w- c:\windows\avp32 .exe
2011-04-09 21:16 . 2011-04-09 21:16 15968 ---ha-w- c:\windows\avp32 .exe
2011-04-09 21:16 . 2011-04-09 21:16 16220 ---ha-w- c:\windows\sysedit .exe
2011-04-09 18:32 . 2011-04-10 01:55 73224 ----a-w- c:\windows\taskmgr .exe
2011-04-09 18:32 . 2011-04-09 18:43 15968 ---ha-w- c:\windows\taskmgr .exe
2011-04-09 17:35 . 2011-04-09 17:35 -------- d-----w- c:\users\Michael\AppData\Local\_
2011-04-09 16:55 . 2011-04-09 16:55 -------- d-----w- c:\program files\CCleaner
2011-04-09 15:47 . 2010-12-03 14:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-09 15:47 . 2010-12-03 14:34 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-09 15:47 . 2010-12-09 09:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
2011-04-09 15:47 . 2010-12-03 14:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-09 14:18 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-09 14:18 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-09 14:18 . 2010-11-17 09:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-09 14:18 . 2010-11-17 09:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-09 14:17 . 2010-11-25 09:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-09 14:17 . 2010-11-25 09:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-09 14:16 . 2010-11-25 09:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-09 14:15 . 2011-04-09 14:22 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-09 14:15 . 2011-04-09 14:16 -------- d-----w- c:\programdata\PC Tools
2011-04-09 14:15 . 2011-04-09 14:15 -------- d-----w- c:\users\Michael\AppData\Roaming\PC Tools
2011-04-09 14:15 . 2011-04-10 17:19 -------- d-----w- c:\program files\PC Tools Security
2011-04-09 13:40 . 2011-04-10 01:54 73224 ----a-w- c:\windows\wininst .exe
2011-04-09 13:40 . 2011-04-09 18:32 16220 ---ha-w- c:\windows\wininst .exe
2011-04-09 13:29 . 2011-04-09 13:29 177664 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuso.exe
2011-04-09 13:23 . 2011-04-10 01:53 73224 ----a-w- c:\windows\debug .exe
2011-04-09 13:23 . 2011-04-09 13:23 15968 ---ha-w- c:\windows\debug .exe
2011-04-09 12:04 . 2011-04-10 01:53 73224 ----a-w- c:\windows\drweb .exe
2011-04-09 12:04 . 2011-04-09 12:04 15968 ---ha-w- c:\windows\drweb .exe
2011-04-09 11:54 . 2011-04-09 11:54 15968 ---ha-w- c:\windows\hexdump .exe
2011-04-09 11:54 . 2011-04-09 13:40 15968 ---ha-w- c:\windows\winamp .exe
2011-04-09 11:49 . 2011-04-09 11:49 135168 --sha-r- c:\windows\system32\wshextf.dll
2011-04-09 11:49 . 2011-04-10 01:39 0 ----a-w- c:\users\Michael\AppData\Local\Wzexadomipusovom.bin
2011-04-09 11:48 . 2011-04-10 16:21 73228 ----a-w- c:\windows\gdi32 .exe
2011-04-09 11:48 . 2011-04-10 01:52 73224 ----a-w- c:\windows\gdi32 .exe
2011-04-09 11:48 . 2011-04-09 23:37 73220 ----a-w- c:\windows\gdi32 .exe
2011-04-09 11:48 . 2011-04-09 18:43 15968 ---ha-w- c:\windows\gdi32 .exe
2011-04-09 11:48 . 2011-04-10 01:53 73224 ----a-w- c:\windows\user .exe
2011-04-09 11:48 . 2011-04-09 22:24 15968 ---ha-w- c:\windows\user .exe
2011-04-09 11:48 . 2011-04-10 17:21 73224 ----a-w- c:\windows\nvsvc32 .exe
2011-04-09 11:48 . 2011-04-10 01:53 73224 ----a-w- c:\windows\nvsvc32 .exe
2011-04-09 11:48 . 2011-04-09 18:43 16220 ---ha-w- c:\windows\nvsvc32 .exe
2011-04-09 11:47 . 2011-04-10 01:53 73224 ----a-w- c:\windows\msmgm .exe
2011-04-09 11:47 . 2011-04-09 13:40 15968 ---ha-w- c:\windows\msmgm .exe
2011-04-09 11:47 . 2011-04-09 22:40 -------- d-----w- c:\users\Michael\AppData\Roaming\Xiimyq
2011-04-09 11:47 . 2011-04-09 12:50 -------- d-----w- c:\users\Michael\AppData\Roaming\Ycoz
2011-04-09 11:47 . 2011-04-10 01:51 73224 ----a-w- c:\windows\Knuxoa.exe
2011-04-09 11:47 . 2011-04-09 11:46 161792 ----a-w- c:\windows\Knuxoa .exe
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-04-05 16:37 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 16:37 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 22:54 . 2011-04-09 17:14 -------- d-----w- c:\program files\Facebook FriendAdder
2011-03-31 00:43 . 2011-03-31 00:43 -------- d-----w- c:\users\Michael\AppData\Local\jagexlauncher
2011-03-30 23:41 . 2011-04-03 22:38 -------- d-----w- c:\windows\.jagex_cache_32
2011-03-28 21:18 . 2011-03-28 21:19 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-03-26 20:57 . 2011-03-26 20:57 -------- d-----w- c:\users\Michael\AppData\Roaming\SynthMaker
2011-03-26 20:54 . 2011-03-26 20:54 -------- d-----w- c:\users\Michael\AppData\Roaming\Acoustica
2011-03-26 20:54 . 2009-12-14 15:25 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-26 20:53 . 2011-03-26 20:53 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-03-26 20:50 . 2011-03-26 20:57 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-03-26 20:50 . 2011-03-26 20:50 -------- d-----w- c:\programdata\Acoustica
2011-03-25 23:03 . 2011-03-27 00:40 -------- d-----w- c:\users\Michael\AppData\Local\Ahead
2011-03-25 20:37 . 2011-03-25 20:37 -------- d-----w- c:\users\Michael\AppData\Roaming\Ahead
2011-03-25 20:36 . 2011-03-25 20:36 -------- d-----w- c:\programdata\Ahead
2011-03-25 20:32 . 2011-03-25 20:34 -------- d-----w- c:\program files\Common Files\Ahead
2011-03-25 20:32 . 2011-03-25 20:32 -------- d-----w- c:\program files\Nero
2011-03-18 19:11 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-18 19:09 . 2011-03-18 19:10 -------- d-----w- c:\program files\Microsoft Expression
2011-03-18 19:09 . 2011-03-18 19:09 -------- d-----w- c:\program files\WPF Toolkit
2011-03-18 18:55 . 2010-02-04 10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-18 18:55 . 2010-02-04 10:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-18 18:55 . 2010-02-04 10:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-18 18:55 . 2010-02-04 10:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-18 18:55 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-03-18 18:55 . 2007-03-12 16:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-03-18 18:53 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 18:53 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-18 18:53 . 2007-04-04 18:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-18 18:52 . 2011-03-18 18:52 -------- d-----w- c:\windows\system32\xlive
2011-03-18 18:52 . 2011-03-18 18:52 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-18 18:50 . 2011-03-18 18:50 -------- d-----w- c:\program files\Microsoft XNA
2011-03-18 18:47 . 2011-03-18 19:06 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2011-03-18 18:43 . 2011-03-18 18:43 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-03-18 18:40 . 2011-03-18 18:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-03-18 18:40 . 2011-03-18 19:08 -------- d-----w- c:\program files\Microsoft SDKs
2011-03-18 18:38 . 2011-03-18 18:38 -------- d-----w- c:\program files\Microsoft XDE
2011-03-18 18:38 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-18 18:30 . 2011-03-18 18:43 -------- d-----w- c:\program files\Microsoft.NET
2011-03-18 18:25 . 2011-03-18 18:25 -------- d-----w- c:\windows\PCHEALTH
2011-03-13 15:48 . 2011-03-13 15:48 -------- d-----w- c:\users\Michael\AppData\Roaming\Thunderbird
2011-03-13 15:48 . 2011-03-13 15:48 -------- d-----w- c:\users\Michael\AppData\Local\Thunderbird
2011-03-13 15:47 . 2011-03-13 15:47 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 00:05 . 2011-03-11 11:02 47360 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2011-03-11 11:05 . 2011-03-11 11:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-21 06:06 . 2011-01-31 23:46 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2011-01-29 16:03 . 2011-01-29 16:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 10:39 . 2011-01-27 23:40 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05A39C2D-28F4-4ECA-95A5-98D0AE184D72}\mpengine.dll
.
Code: Select all
<pre>
c:\program files\Analog Devices\SoundMAX\SMax4    .exe
c:\program files\Analog Devices\SoundMAX\SMax4   .exe
c:\program files\Analog Devices\SoundMAX\SMax4  .exe
c:\program files\Analog Devices\SoundMAX\SMax4 .exe
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\PC Tools Security\pctsGui .exe
c:\program files\PC Tools Security\BDT\FGuard .exe
c:\windows\avp32  .exe
c:\windows\avp32 .exe
c:\windows\debug   .exe
c:\windows\debug .exe
c:\windows\drweb   .exe
c:\windows\drweb .exe
c:\windows\gdi32     .exe
c:\windows\gdi32    .exe
c:\windows\gdi32  .exe
c:\windows\gdi32 .exe
c:\windows\hexdump .exe
c:\windows\iexplarer        .exe
c:\windows\iexplarer       .exe
c:\windows\iexplarer      .exe
c:\windows\iexplarer     .exe
c:\windows\iexplarer    .exe
c:\windows\iexplarer   .exe
c:\windows\iexplarer  .exe
c:\windows\iexplarer .exe
c:\windows\Knuxoa .exe
c:\windows\msmgm   .exe
c:\windows\msmgm .exe
c:\windows\nvsvc32       .exe
c:\windows\nvsvc32    .exe
c:\windows\nvsvc32 .exe
c:\windows\sysedit .exe
c:\windows\taskmgr  .exe
c:\windows\taskmgr .exe
c:\windows\user    .exe
c:\windows\user .exe
c:\windows\winamp   .exe
c:\windows\wininst   .exe
c:\windows\wininst .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files\Gamers Unite! Snag Bar\Helper.dll" [2011-03-28 357376]
.
[HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-03-28 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Google Update"="c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-04-10 73224]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2011-04-10 73224]
"Lbesahigafekut"="c:\users\Michael\AppData\Local\insExi.dll" [N/A]
"{88B10A1A-875E-3835-B96D-F54B7DF74FDB}"="c:\users\Michael\AppData\Roaming\Etpyn\uvra.exe" [N/A]
"{6333E559-97EF-45E9-C1CC-9B448CE4D33A}"="c:\users\Michael\AppData\Roaming\Xuyki\emnua.exe" [N/A]
"MqrMc"="c:\windows\gdi32.exe" [N/A]
"Mqstc"="c:\windows\msmgm.exe" [N/A]
"Mqtw+"="c:\windows\nvsvc32.exe" [N/A]
"Mquwe"="c:\windows\sysmgm.exe" [N/A]
"Mque"="c:\windows\user.exe" [N/A]
"Mqvpe"="c:\windows\winamp.exe" [N/A]
"Mqrtc"="c:\windows\hexdump.exe" [N/A]
"GAGEZ8R8ZB"="c:\windows\Knuxoa.exe" [2011-04-10 73224]
"Mqqsc"="c:\windows\drweb.exe" [N/A]
"Mqqoc"="c:\windows\debug.exe" [N/A]
"{2DFB306D-3052-88DB-F333-0A60E4676CCC}"="c:\users\Michael\AppData\Roaming\Maysfo\deyni.exe" [N/A]
"Mqvre"="c:\windows\wininst.exe" [N/A]
"Mqurb"="c:\windows\taskmgr.exe" [N/A]
"2B5BEEEC4E692BCD"="c:\winntse.bin\winntse.bin.exe" [N/A]
"MqpSc"="c:\windows\avp32.exe" [N/A]
"Mqutc"="c:\windows\sysedit.exe" [N/A]
"Mqruqc"="c:\windows\iexplarer.exe" [N/A]
"Mqtwpc"="c:\windows\nvsvc32 .exe" [N/A]
"MquaK"="c:\windows\user .exe" [N/A]
"Mqst0"="c:\windows\msmgm .exe" [N/A]
"Mqvp3"="c:\windows\winamp .exe" [N/A]
"MqrMj"="c:\windows\gdi32 .exe" [N/A]
"Mqqs0"="c:\windows\drweb .exe" [N/A]
"Mqqo0"="c:\windows\debug .exe" [N/A]
"MqvrJc"="c:\windows\wininst .exe" [N/A]
"MqtwpK"="c:\windows\nvsvc32 .exe" [N/A]
"Mqua0"="c:\windows\user .exe" [N/A]
"Mqtwpj"="c:\windows\nvsvc32 .exe" [N/A]
"Mqtwpgc"="c:\windows\nvsvc32 .exe" [N/A]
"MqtwpgK"="c:\windows\nvsvc32 .exe" [2011-04-09 16220]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-09 73220]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2011-04-09 73220]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2011-04-09 73220]
"MqrMc"="c:\windows\gdi32.exe" [N/A]
"Mqstc"="c:\windows\msmgm.exe" [N/A]
"Mqtw+"="c:\windows\nvsvc32.exe" [N/A]
"Mquwe"="c:\windows\sysmgm.exe" [N/A]
"Mque"="c:\windows\user.exe" [N/A]
"Abatohufajel"="c:\users\Michael\AppData\Local\okobejukoze.dll" [N/A]
"Mqvpe"="c:\windows\winamp.exe" [N/A]
"Mqrtc"="c:\windows\hexdump.exe" [N/A]
"Mqqsc"="c:\windows\drweb.exe" [N/A]
"Mqqoc"="c:\windows\debug.exe" [N/A]
"Mqvre"="c:\windows\wininst.exe" [N/A]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-04-09 73220]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-09 73220]
"Mqurb"="c:\windows\taskmgr.exe" [N/A]
"MqpSc"="c:\windows\avp32.exe" [N/A]
"Mqutc"="c:\windows\sysedit.exe" [N/A]
"Mqruqc"="c:\windows\iexplarer.exe" [N/A]
"MqruqK"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruq0"="c:\windows\iexplarer .exe" [2011-04-10 73224]
"Mqruqj"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruqgc"="c:\windows\iexplarer .exe" [2011-04-10 73232]
"MqruqgK"="c:\windows\iexplarer .exe" [2011-04-10 73224]
"Mqruqg0"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruqgj"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqtwpc"="c:\windows\nvsvc32 .exe" [N/A]
"MquaK"="c:\windows\user .exe" [N/A]
"Mqst0"="c:\windows\msmgm .exe" [N/A]
"Mqvp3"="c:\windows\winamp .exe" [N/A]
"MqrMj"="c:\windows\gdi32 .exe" [N/A]
"Mqqs0"="c:\windows\drweb .exe" [N/A]
"Mqqo0"="c:\windows\debug .exe" [N/A]
"MqvrJc"="c:\windows\wininst .exe" [N/A]
"MqtwpK"="c:\windows\nvsvc32 .exe" [N/A]
"Mqua0"="c:\windows\user .exe" [N/A]
"Mqtwp0"="c:\windows\nvsvc32 .exe" [2011-04-10 73224]
"bipro"="c:\windows\$XNTUninstall643$\mbdwt.dll" [N/A]
"Mqtwpj"="c:\windows\nvsvc32 .exe" [N/A]
"Mqtwpgc"="c:\windows\nvsvc32 .exe" [N/A]
"MqtwpgK"="c:\windows\nvsvc32 .exe" [2011-04-09 16220]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MqruqK"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruq0"="c:\windows\iexplarer .exe" [2011-04-10 73224]
"Mqruqj"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruqgc"="c:\windows\iexplarer .exe" [2011-04-10 73232]
"MqruqgK"="c:\windows\iexplarer .exe" [2011-04-10 73224]
"Mqruqg0"="c:\windows\iexplarer .exe" [2011-04-10 73228]
"Mqruqgj"="c:\windows\iexplarer .exe" [2011-04-10 73228]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nuso.exe [2011-4-9 177664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
"NoFolderOptions"= 1 (0x1)
.
R2 AMService;AMService;c:\windows\TEMP\nfcs\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-02-21 36928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2010-12-09 247760]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\At1.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At10.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At100.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At101.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At102.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At103.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At104.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At105.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At106.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At107.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At108.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At109.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At11.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At110.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At111.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At112.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At113.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At114.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At115.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At116.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At117.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At118.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At119.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At12.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At120.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At121.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At122.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At123.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At124.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At125.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At126.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At127.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At128.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At129.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At13.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At130.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At131.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At132.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At133.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At134.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At135.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At136.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At137.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At138.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At139.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At14.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At140.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At141.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At142.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At143.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At144.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At145.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At146.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At147.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At148.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At149.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At15.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At150.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At151.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At152.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At153.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At154.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At155.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At156.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At157.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At158.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At159.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At16.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At160.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At161.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At162.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At163.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At164.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At165.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At166.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At167.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At168.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At169.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At17.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At170.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At171.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At172.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At173.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At174.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At175.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At176.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At177.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At178.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At179.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At18.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At180.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At181.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At182.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At183.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At184.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At185.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At186.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At187.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At188.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At189.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At19.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At190.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At191.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At192.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At193.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At194.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At195.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At196.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At197.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At198.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At199.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At2.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At20.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At200.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At201.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At202.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At203.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At204.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At205.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At206.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At207.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At208.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At209.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At21.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At210.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At211.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At22.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At23.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At24.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At25.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At26.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At27.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At28.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At29.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At3.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At30.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At31.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At32.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At33.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At34.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At35.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At36.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At37.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At38.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At39.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At4.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At40.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At41.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At42.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At43.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At44.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At45.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At46.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At47.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At48.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At49.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At5.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At50.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At51.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At52.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At53.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At54.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At55.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At56.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At57.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At58.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At59.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At6.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At60.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At61.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At62.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At63.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At64.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At65.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At66.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At67.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At68.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At69.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At7.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At70.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At71.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At72.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At73.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At74.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At75.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At76.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At77.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At78.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At79.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At8.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At80.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At81.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At82.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At83.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At84.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At85.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At86.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At87.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At88.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At89.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At9.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At90.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At91.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At92.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At93.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At94.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At95.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At96.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At97.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At98.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-10 c:\windows\Tasks\At99.job
- c:\programdata\g0bl07OX.exe [2011-04-10 00:14]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154023256-886027652-3174485243-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15 01:51]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154023256-886027652-3174485243-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15 01:51]
.
2011-04-10 c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
- c:\windows\Knuxoa .exe [2011-04-09 11:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.malwareremoval.com/forum/vie ... 34&start=0
TCP: {59EB024F-4AA1-424C-95DE-4054B35D5306} = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C348BB9A-995C-404A-8185-76325B4BED9F} - c:\windows\$XNTUninstall643$\mbdwt.dll
BHO-{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - c:\windows\$XNTUninstall643$\xgoir.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe
AddRemove-ScanQuery - c:\program files\ScanQuery\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(600)
c:\program files\PC Tools Security\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\PC Tools Security\pctsGui .exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-04-10 18:33:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 17:33
.
Pre-Run: 14,918,262,784 bytes free
Post-Run: 21,998,559,232 bytes free
.
- - End Of File - - 270862604F5AD1F56A4414E741270820


Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby Carolyn » April 11th, 2011, 3:02 pm

Run a custom CFScript
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
KillAll::

RenV::
c:\program files\Analog Devices\SoundMAX\SMax4    .exe
c:\program files\Analog Devices\SoundMAX\SMax4   .exe
c:\program files\Analog Devices\SoundMAX\SMax4  .exe
c:\program files\Analog Devices\SoundMAX\SMax4 .exe
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\PC Tools Security\pctsGui .exe
c:\program files\PC Tools Security\BDT\FGuard .exe
c:\windows\avp32  .exe
c:\windows\avp32 .exe
c:\windows\debug   .exe
c:\windows\debug .exe
c:\windows\drweb   .exe
c:\windows\drweb .exe
c:\windows\gdi32     .exe
c:\windows\gdi32    .exe
c:\windows\gdi32  .exe
c:\windows\gdi32 .exe
c:\windows\hexdump .exe
c:\windows\iexplarer        .exe
c:\windows\iexplarer       .exe
c:\windows\iexplarer      .exe
c:\windows\iexplarer     .exe
c:\windows\iexplarer    .exe
c:\windows\iexplarer   .exe
c:\windows\iexplarer  .exe
c:\windows\iexplarer .exe
c:\windows\Knuxoa .exe
c:\windows\msmgm   .exe
c:\windows\msmgm .exe
c:\windows\nvsvc32       .exe
c:\windows\nvsvc32    .exe
c:\windows\nvsvc32 .exe
c:\windows\sysedit .exe
c:\windows\taskmgr  .exe
c:\windows\taskmgr .exe
c:\windows\user    .exe
c:\windows\user .exe
c:\windows\winamp   .exe
c:\windows\wininst   .exe
c:\windows\wininst .exe

AtJob::

File::
c:\programdata\g0bl07OX.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuso.exe
c:\users\Michael\AppData\Local\Wzexadomipusovom.bin
c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

DirLook::
c:\users\Michael\AppData\Local\_

Folder::
c:\users\Michael\AppData\Roaming\Xiimyq
c:\users\Michael\AppData\Roaming\Ycoz

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lbesahigafekut"=-
"{88B10A1A-875E-3835-B96D-F54B7DF74FDB}"=-
"{6333E559-97EF-45E9-C1CC-9B448CE4D33A}"=-
"MqrMc"=-
"Mqstc"=-
"Mqtw+"=-
"Mquwe"=-
"Mque"=-
"Mqvpe"=-
"Mqrtc"=-
"GAGEZ8R8ZB"=-
"Mqqsc"=-
"Mqqoc"=-
"{2DFB306D-3052-88DB-F333-0A60E4676CCC}"=-
"Mqvre"=-
"Mqurb"=-
"2B5BEEEC4E692BCD"=-
"MqpSc"=-
"Mqutc"=-
"Mqruqc"=-
"Mqtwpc"=-
"MquaK"=-
"Mqst0"=-
"Mqvp3"=-
"MqrMj"=-
"Mqqs0"=-
"Mqqo0"=-
"MqvrJc"=-
"MqtwpK"=-
"Mqua0"=-
"Mqtwpj"=-
"Mqtwpgc"=-
"MqtwpgK"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MqrMc"=-
"Mqstc"=-
"Mqtw+"=-
"Mquwe"=-
"Mque"=-
"Abatohufajel"=-
"Mqvpe"=-
"Mqrtc"=-
"Mqqsc"=-
"Mqqoc"=-
"Mqvre"=-
"Mqurb"=-
"MqpSc"=-
"Mqutc"=-
"Mqruqc"=-
"MqruqK"=-
"Mqruq0"=-
"Mqruqj"=-
"Mqruqgc"=-
"MqruqgK"=-
"Mqruqg0"=-
"Mqruqgj"=-
"Mqtwpc"=-
"MquaK"=-
"Mqst0"=-
"Mqvp3"=-
"MqrMj"=-
"Mqqs0"=-
"Mqqo0"=-
"MqvrJc"=-
"MqtwpK"=-
"Mqua0"=-
"Mqtwp0"=-
"bipro"=-
"Mqtwpj"=-
"Mqtwpgc"=-
"MqtwpgK"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MqruqK"=-
"Mqruq0"=-
"Mqruqj"=-
"Mqruqgc"=-
"MqruqgK"=-
"Mqruqg0"=-
"Mqruqgj"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000001
"EnableLUA"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"=dword:00000000
"NoFolderOptions"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
AMService


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

=======================================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

=======================================

Please post the following in your next reply:
  • The ComboFix log
  • The ESET log
  • An update on how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 11th, 2011, 3:56 pm

Nothing seems to be happening when i drag the CFScript.txt on to combofix.

Also That online scanner seems down?

I get this when i go on it

404 Not Found
Sorry but the page you are looking for cannot be found.

Check the search results below for the closest match or use the sitemap to find a relevant category.


Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby Carolyn » April 11th, 2011, 4:22 pm

I've modified the information in the codebox. Try again please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:
Note: click the phrase "Select All" at the top of the codebox, then use ctrl-c to copy the text.
Code: Select all
RenV::
c:\program files\Analog Devices\SoundMAX\SMax4    .exe
c:\program files\Analog Devices\SoundMAX\SMax4   .exe
c:\program files\Analog Devices\SoundMAX\SMax4  .exe
c:\program files\Analog Devices\SoundMAX\SMax4 .exe
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\PC Tools Security\pctsGui .exe
c:\program files\PC Tools Security\BDT\FGuard .exe
c:\windows\avp32  .exe
c:\windows\avp32 .exe
c:\windows\debug   .exe
c:\windows\debug .exe
c:\windows\drweb   .exe
c:\windows\drweb .exe
c:\windows\gdi32     .exe
c:\windows\gdi32    .exe
c:\windows\gdi32  .exe
c:\windows\gdi32 .exe
c:\windows\hexdump .exe
c:\windows\iexplarer        .exe
c:\windows\iexplarer       .exe
c:\windows\iexplarer      .exe
c:\windows\iexplarer     .exe
c:\windows\iexplarer    .exe
c:\windows\iexplarer   .exe
c:\windows\iexplarer  .exe
c:\windows\iexplarer .exe
c:\windows\Knuxoa .exe
c:\windows\msmgm   .exe
c:\windows\msmgm .exe
c:\windows\nvsvc32       .exe
c:\windows\nvsvc32    .exe
c:\windows\nvsvc32 .exe
c:\windows\sysedit .exe
c:\windows\taskmgr  .exe
c:\windows\taskmgr .exe
c:\windows\user    .exe
c:\windows\user .exe
c:\windows\winamp   .exe
c:\windows\wininst   .exe
c:\windows\wininst .exe

AtJob::

File::
c:\programdata\g0bl07OX.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuso.exe
c:\users\Michael\AppData\Local\Wzexadomipusovom.bin
c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

DirLook::
c:\users\Michael\AppData\Local\_

Folder::
c:\users\Michael\AppData\Roaming\Xiimyq
c:\users\Michael\AppData\Roaming\Ycoz

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lbesahigafekut"=-
"{88B10A1A-875E-3835-B96D-F54B7DF74FDB}"=-
"{6333E559-97EF-45E9-C1CC-9B448CE4D33A}"=-
"MqrMc"=-
"Mqstc"=-
"Mqtw+"=-
"Mquwe"=-
"Mque"=-
"Mqvpe"=-
"Mqrtc"=-
"GAGEZ8R8ZB"=-
"Mqqsc"=-
"Mqqoc"=-
"{2DFB306D-3052-88DB-F333-0A60E4676CCC}"=-
"Mqvre"=-
"Mqurb"=-
"2B5BEEEC4E692BCD"=-
"MqpSc"=-
"Mqutc"=-
"Mqruqc"=-
"Mqtwpc"=-
"MquaK"=-
"Mqst0"=-
"Mqvp3"=-
"MqrMj"=-
"Mqqs0"=-
"Mqqo0"=-
"MqvrJc"=-
"MqtwpK"=-
"Mqua0"=-
"Mqtwpj"=-
"Mqtwpgc"=-
"MqtwpgK"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MqrMc"=-
"Mqstc"=-
"Mqtw+"=-
"Mquwe"=-
"Mque"=-
"Abatohufajel"=-
"Mqvpe"=-
"Mqrtc"=-
"Mqqsc"=-
"Mqqoc"=-
"Mqvre"=-
"Mqurb"=-
"MqpSc"=-
"Mqutc"=-
"Mqruqc"=-
"MqruqK"=-
"Mqruq0"=-
"Mqruqj"=-
"Mqruqgc"=-
"MqruqgK"=-
"Mqruqg0"=-
"Mqruqgj"=-
"Mqtwpc"=-
"MquaK"=-
"Mqst0"=-
"Mqvp3"=-
"MqrMj"=-
"Mqqs0"=-
"Mqqo0"=-
"MqvrJc"=-
"MqtwpK"=-
"Mqua0"=-
"Mqtwp0"=-
"bipro"=-
"Mqtwpj"=-
"Mqtwpgc"=-
"MqtwpgK"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MqruqK"=-
"Mqruq0"=-
"Mqruqj"=-
"Mqruqgc"=-
"MqruqgK"=-
"Mqruqg0"=-
"Mqruqgj"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000001
"EnableLUA"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"=dword:00000000
"NoFolderOptions"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
AMService


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 11th, 2011, 6:52 pm

ComboFix 11-04-07.08 - Michael 11/04/2011 23:00:19.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.703.207 [GMT 1:00]
Running from: c:\users\Michael\Desktop\ComboFix.txt.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\g0bl07OX.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuso.exe"
"c:\users\Michael\AppData\Local\Wzexadomipusovom.bin"
"c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nuso.exe
c:\users\Michael\AppData\Local\Wzexadomipusovom.bin
c:\users\Michael\AppData\Roaming\Xiimyq
c:\users\Michael\AppData\Roaming\Ycoz
c:\windows\Knuxoa.exe
c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At102.job
c:\windows\Tasks\At103.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At106.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At109.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At111.job
c:\windows\Tasks\At112.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job
c:\windows\Tasks\At115.job
c:\windows\Tasks\At116.job
c:\windows\Tasks\At117.job
c:\windows\Tasks\At118.job
c:\windows\Tasks\At119.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At120.job
c:\windows\Tasks\At121.job
c:\windows\Tasks\At122.job
c:\windows\Tasks\At123.job
c:\windows\Tasks\At124.job
c:\windows\Tasks\At125.job
c:\windows\Tasks\At126.job
c:\windows\Tasks\At127.job
c:\windows\Tasks\At128.job
c:\windows\Tasks\At129.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At130.job
c:\windows\Tasks\At131.job
c:\windows\Tasks\At132.job
c:\windows\Tasks\At133.job
c:\windows\Tasks\At134.job
c:\windows\Tasks\At135.job
c:\windows\Tasks\At136.job
c:\windows\Tasks\At137.job
c:\windows\Tasks\At138.job
c:\windows\Tasks\At139.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At140.job
c:\windows\Tasks\At141.job
c:\windows\Tasks\At142.job
c:\windows\Tasks\At143.job
c:\windows\Tasks\At144.job
c:\windows\Tasks\At145.job
c:\windows\Tasks\At146.job
c:\windows\Tasks\At147.job
c:\windows\Tasks\At148.job
c:\windows\Tasks\At149.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At150.job
c:\windows\Tasks\At151.job
c:\windows\Tasks\At152.job
c:\windows\Tasks\At153.job
c:\windows\Tasks\At154.job
c:\windows\Tasks\At155.job
c:\windows\Tasks\At156.job
c:\windows\Tasks\At157.job
c:\windows\Tasks\At158.job
c:\windows\Tasks\At159.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At160.job
c:\windows\Tasks\At161.job
c:\windows\Tasks\At162.job
c:\windows\Tasks\At163.job
c:\windows\Tasks\At164.job
c:\windows\Tasks\At165.job
c:\windows\Tasks\At166.job
c:\windows\Tasks\At167.job
c:\windows\Tasks\At168.job
c:\windows\Tasks\At169.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At170.job
c:\windows\Tasks\At171.job
c:\windows\Tasks\At172.job
c:\windows\Tasks\At173.job
c:\windows\Tasks\At174.job
c:\windows\Tasks\At175.job
c:\windows\Tasks\At176.job
c:\windows\Tasks\At177.job
c:\windows\Tasks\At178.job
c:\windows\Tasks\At179.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At180.job
c:\windows\Tasks\At181.job
c:\windows\Tasks\At182.job
c:\windows\Tasks\At183.job
c:\windows\Tasks\At184.job
c:\windows\Tasks\At185.job
c:\windows\Tasks\At186.job
c:\windows\Tasks\At187.job
c:\windows\Tasks\At188.job
c:\windows\Tasks\At189.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At190.job
c:\windows\Tasks\At191.job
c:\windows\Tasks\At192.job
c:\windows\Tasks\At193.job
c:\windows\Tasks\At194.job
c:\windows\Tasks\At195.job
c:\windows\Tasks\At196.job
c:\windows\Tasks\At197.job
c:\windows\Tasks\At198.job
c:\windows\Tasks\At199.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At200.job
c:\windows\Tasks\At201.job
c:\windows\Tasks\At202.job
c:\windows\Tasks\At203.job
c:\windows\Tasks\At204.job
c:\windows\Tasks\At205.job
c:\windows\Tasks\At206.job
c:\windows\Tasks\At207.job
c:\windows\Tasks\At208.job
c:\windows\Tasks\At209.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At210.job
c:\windows\Tasks\At211.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
c:\windows\Tasks\At97.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At99.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 22:28 . 2011-04-11 22:37 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-04-11 22:28 . 2011-04-11 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 17:05 . 2011-04-10 17:34 -------- d-----w- C:\ComboFix
2011-04-09 17:35 . 2011-04-09 17:35 -------- d-----w- c:\users\Michael\AppData\Local\_
2011-04-09 16:55 . 2011-04-09 16:55 -------- d-----w- c:\program files\CCleaner
2011-04-09 15:47 . 2010-12-03 14:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-09 15:47 . 2010-12-03 14:34 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-09 15:47 . 2010-12-09 09:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
2011-04-09 15:47 . 2010-12-03 14:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-09 14:18 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-09 14:18 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-09 14:18 . 2010-11-17 09:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-09 14:18 . 2010-11-17 09:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-09 14:17 . 2010-11-25 09:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-09 14:17 . 2010-11-25 09:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-09 14:16 . 2010-11-25 09:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-09 14:15 . 2011-04-09 14:22 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-09 14:15 . 2011-04-09 14:16 -------- d-----w- c:\programdata\PC Tools
2011-04-09 14:15 . 2011-04-09 14:15 -------- d-----w- c:\users\Michael\AppData\Roaming\PC Tools
2011-04-09 14:15 . 2011-04-11 22:35 -------- d-----w- c:\program files\PC Tools Security
2011-04-09 11:49 . 2011-04-09 11:49 135168 --sha-r- c:\windows\system32\wshextf.dll
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-04-05 16:37 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 16:37 . 2011-04-05 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 16:37 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 22:54 . 2011-04-09 17:14 -------- d-----w- c:\program files\Facebook FriendAdder
2011-03-31 00:43 . 2011-03-31 00:43 -------- d-----w- c:\users\Michael\AppData\Local\jagexlauncher
2011-03-30 23:41 . 2011-04-03 22:38 -------- d-----w- c:\windows\.jagex_cache_32
2011-03-28 21:18 . 2011-03-28 21:19 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-03-26 20:57 . 2011-03-26 20:57 -------- d-----w- c:\users\Michael\AppData\Roaming\SynthMaker
2011-03-26 20:54 . 2011-03-26 20:54 -------- d-----w- c:\users\Michael\AppData\Roaming\Acoustica
2011-03-26 20:54 . 2009-12-14 15:25 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-26 20:53 . 2011-03-26 20:53 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-03-26 20:50 . 2011-03-26 20:57 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-03-26 20:50 . 2011-03-26 20:50 -------- d-----w- c:\programdata\Acoustica
2011-03-25 23:03 . 2011-03-27 00:40 -------- d-----w- c:\users\Michael\AppData\Local\Ahead
2011-03-25 20:37 . 2011-03-25 20:37 -------- d-----w- c:\users\Michael\AppData\Roaming\Ahead
2011-03-25 20:36 . 2011-03-25 20:36 -------- d-----w- c:\programdata\Ahead
2011-03-25 20:32 . 2011-03-25 20:34 -------- d-----w- c:\program files\Common Files\Ahead
2011-03-25 20:32 . 2011-03-25 20:32 -------- d-----w- c:\program files\Nero
2011-03-18 19:11 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-18 19:09 . 2011-03-18 19:10 -------- d-----w- c:\program files\Microsoft Expression
2011-03-18 19:09 . 2011-03-18 19:09 -------- d-----w- c:\program files\WPF Toolkit
2011-03-18 18:55 . 2010-02-04 10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-18 18:55 . 2010-02-04 10:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-18 18:55 . 2010-02-04 10:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-18 18:55 . 2010-02-04 10:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-18 18:55 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-03-18 18:55 . 2007-03-12 16:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-03-18 18:53 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 18:53 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-18 18:53 . 2007-04-04 18:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-18 18:52 . 2011-03-18 18:52 -------- d-----w- c:\windows\system32\xlive
2011-03-18 18:52 . 2011-03-18 18:52 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-18 18:50 . 2011-03-18 18:50 -------- d-----w- c:\program files\Microsoft XNA
2011-03-18 18:47 . 2011-03-18 19:06 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2011-03-18 18:43 . 2011-03-18 18:43 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-03-18 18:40 . 2011-03-18 18:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-03-18 18:40 . 2011-03-18 19:08 -------- d-----w- c:\program files\Microsoft SDKs
2011-03-18 18:38 . 2011-03-18 18:38 -------- d-----w- c:\program files\Microsoft XDE
2011-03-18 18:38 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-18 18:30 . 2011-03-18 18:43 -------- d-----w- c:\program files\Microsoft.NET
2011-03-18 18:25 . 2011-03-18 18:25 -------- d-----w- c:\windows\PCHEALTH
2011-03-13 15:48 . 2011-03-13 15:48 -------- d-----w- c:\users\Michael\AppData\Roaming\Thunderbird
2011-03-13 15:48 . 2011-03-13 15:48 -------- d-----w- c:\users\Michael\AppData\Local\Thunderbird
2011-03-13 15:47 . 2011-03-13 15:47 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 00:05 . 2011-03-11 11:02 47360 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2011-03-11 11:05 . 2011-03-11 11:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-21 06:06 . 2011-01-31 23:46 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2011-01-29 16:03 . 2011-01-29 16:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 10:39 . 2011-01-27 23:40 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05A39C2D-28F4-4ECA-95A5-98D0AE184D72}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Michael\AppData\Local\_ ----
.
2011-04-09 17:35 . 2011-04-09 17:35 1041 ----a-w- c:\users\Michael\AppData\Local\_\XBLA_Thief.exe_StrongName_zwdcyrydpynah5eeowens5erga4me4j0\1.0.2.1\user.config
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files\Gamers Unite! Snag Bar\Helper.dll" [2011-03-28 357376]
.
[HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-03-28 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-02-21 36928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2010-12-09 247760]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.malwareremoval.com/forum/vie ... 34&start=0
TCP: {59EB024F-4AA1-424C-95DE-4054B35D5306} = 192.168.0.1
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Maxtor_6K040L0 rev.NAR61HA0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859B2EC5]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85e5e872; SUB DWORD [EBP-0x4], 0x85e5e12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x8288D52F] -> \Device\Harddisk0\DR0[0x854D75E8]
3 CLASSPNP[0x872F259E] -> ntkrnlpa!IofCallDriver[0x8288D52F] -> [0x854CF3A0]
5 PCTCore[0x8361A099] -> ntkrnlpa!IofCallDriver[0x8288D52F] -> [0x85209918]
7 ACPI[0x82F9B3D4] -> ntkrnlpa!IofCallDriver[0x8288D52F] -> \IdeDeviceP0T0L0-0[0x85207030]
[0x85537278] -> IRP_MJ_CREATE -> 0x859B2EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskMaxtor_6K040L0__________________________NAR61HA0#5&19606f25&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 80293246 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2700)
c:\program files\PC Tools Security\pctgmhk.dll
c:\windows\System32\msxml6.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-04-11 23:47:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 22:47
.
Pre-Run: 21,999,804,416 bytes free
Post-Run: 21,983,047,680 bytes free
.
- - End Of File - - DE9A193BB9DCF22980130E612403E58F


Theres the log :)

Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby Carolyn » April 12th, 2011, 11:29 am

Hi Michael,

It looks like the computer is still infected with the TDL rootkit, or it has been re-infected.

Remove outdated Java
You can download and install the current version after your computer is clean.
  • Go to start > control panel > programs and features.
  • Right click on each instance of

    Java Auto Updater
    Java(TM) 6 Update 22


  • Click Uninstall & then follow the prompts to remove them.

============================

Please run TDSSKiller again
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

============================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

============================

No Anti-virus Software Installed
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.

  1. Antivir PersonalEdition Classic- Superior detection, the "free" version has no email scan.
  2. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  3. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.

A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT unistall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


============================

Please post the following in your next reply:
  • The TDSSKiller log
  • The ESET log
  • New DDS.txt and Attach.txt logs
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 12th, 2011, 4:15 pm

The TDSSKiller log;
2011/04/12 18:35:22.0359 4044 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 18:35:23.0027 4044 ================================================================================
2011/04/12 18:35:23.0027 4044 SystemInfo:
2011/04/12 18:35:23.0027 4044
2011/04/12 18:35:23.0028 4044 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/12 18:35:23.0028 4044 Product type: Workstation
2011/04/12 18:35:23.0028 4044 ComputerName: MICHAEL-PC
2011/04/12 18:35:23.0028 4044 UserName: Michael
2011/04/12 18:35:23.0028 4044 Windows directory: C:\Windows
2011/04/12 18:35:23.0028 4044 System windows directory: C:\Windows
2011/04/12 18:35:23.0029 4044 Processor architecture: Intel x86
2011/04/12 18:35:23.0029 4044 Number of processors: 1
2011/04/12 18:35:23.0029 4044 Page size: 0x1000
2011/04/12 18:35:23.0029 4044 Boot type: Normal boot
2011/04/12 18:35:23.0029 4044 ================================================================================
2011/04/12 18:35:25.0327 4044 Initialize success
2011/04/12 18:35:41.0953 2604 ================================================================================
2011/04/12 18:35:41.0953 2604 Scan started
2011/04/12 18:35:41.0953 2604 Mode: Manual;
2011/04/12 18:35:41.0953 2604 ================================================================================
2011/04/12 18:35:45.0357 2604 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/12 18:35:45.0526 2604 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/12 18:35:45.0711 2604 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/12 18:35:46.0126 2604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 18:35:46.0362 2604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 18:35:46.0564 2604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 18:35:46.0753 2604 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\Windows\system32\drivers\aeaudio.sys
2011/04/12 18:35:46.0964 2604 AFD (1144a61560afd4406c80362198db69c2) C:\Windows\system32\drivers\afd.sys
2011/04/12 18:35:46.0981 2604 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 1144a61560afd4406c80362198db69c2, Fake md5: 1151fd4fb0216cfed887bfde29ebd516
2011/04/12 18:35:47.0006 2604 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/12 18:35:47.0169 2604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/12 18:35:47.0340 2604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 18:35:47.0544 2604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/12 18:35:47.0708 2604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 18:35:47.0877 2604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/12 18:35:48.0071 2604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/12 18:35:48.0233 2604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
2011/04/12 18:35:48.0418 2604 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/12 18:35:48.0592 2604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
2011/04/12 18:35:48.0739 2604 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/12 18:35:48.0931 2604 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/12 18:35:49.0148 2604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
2011/04/12 18:35:49.0301 2604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 18:35:49.0543 2604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 18:35:49.0695 2604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/12 18:35:49.0965 2604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
2011/04/12 18:35:50.0189 2604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/12 18:35:50.0446 2604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/12 18:35:50.0635 2604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/12 18:35:50.0809 2604 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 18:35:51.0005 2604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
2011/04/12 18:35:51.0181 2604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
2011/04/12 18:35:51.0368 2604 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2011/04/12 18:35:51.0449 2604 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2011/04/12 18:35:51.0700 2604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/12 18:35:51.0866 2604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/12 18:35:52.0029 2604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/12 18:35:52.0177 2604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/12 18:35:52.0355 2604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 18:35:52.0731 2604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 18:35:52.0895 2604 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 18:35:53.0113 2604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
2011/04/12 18:35:53.0252 2604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/12 18:35:53.0487 2604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
2011/04/12 18:35:53.0642 2604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 18:35:53.0830 2604 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/12 18:35:54.0028 2604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 18:35:54.0208 2604 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/12 18:35:54.0429 2604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 18:35:54.0630 2604 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/04/12 18:35:54.0870 2604 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 18:35:55.0089 2604 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/12 18:35:55.0674 2604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
2011/04/12 18:35:55.0995 2604 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
2011/04/12 18:35:56.0215 2604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 18:35:56.0770 2604 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 18:35:57.0161 2604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
2011/04/12 18:35:57.0484 2604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 18:35:57.0671 2604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/12 18:35:57.0902 2604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/12 18:35:58.0207 2604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 18:35:58.0460 2604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 18:35:58.0662 2604 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
2011/04/12 18:35:58.0825 2604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 18:35:58.0978 2604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 18:35:59.0161 2604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 18:35:59.0330 2604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 18:35:59.0531 2604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/12 18:35:59.0707 2604 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 18:35:59.0885 2604 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/12 18:36:00.0062 2604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/12 18:36:00.0247 2604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/12 18:36:00.0411 2604 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/12 18:36:00.0621 2604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
2011/04/12 18:36:00.0814 2604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 18:36:01.0140 2604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 18:36:01.0360 2604 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 18:36:01.0599 2604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/12 18:36:01.0787 2604 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 18:36:01.0946 2604 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/12 18:36:02.0138 2604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 18:36:02.0374 2604 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/12 18:36:02.0575 2604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 18:36:02.0835 2604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/12 18:36:03.0058 2604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
2011/04/12 18:36:03.0231 2604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 18:36:03.0449 2604 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/12 18:36:03.0628 2604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/12 18:36:03.0810 2604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/12 18:36:03.0963 2604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 18:36:04.0151 2604 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/12 18:36:04.0341 2604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 18:36:04.0528 2604 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/04/12 18:36:04.0709 2604 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 18:36:04.0889 2604 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/12 18:36:05.0155 2604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 18:36:05.0386 2604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 18:36:05.0576 2604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 18:36:05.0745 2604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
2011/04/12 18:36:05.0906 2604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 18:36:06.0089 2604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/12 18:36:06.0289 2604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
2011/04/12 18:36:06.0497 2604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
2011/04/12 18:36:06.0708 2604 MidiSyn (63c34814492aa65fc517b002de77b191) C:\Windows\system32\drivers\MidiSyn.sys
2011/04/12 18:36:06.0914 2604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/12 18:36:07.0162 2604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 18:36:07.0349 2604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 18:36:07.0541 2604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 18:36:07.0749 2604 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 18:36:07.0920 2604 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/12 18:36:08.0121 2604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 18:36:08.0311 2604 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 18:36:08.0495 2604 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 18:36:08.0660 2604 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 18:36:08.0831 2604 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 18:36:08.0998 2604 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/12 18:36:09.0155 2604 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 18:36:09.0392 2604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 18:36:09.0582 2604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/12 18:36:09.0765 2604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 18:36:09.0953 2604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 18:36:10.0135 2604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 18:36:10.0341 2604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 18:36:10.0517 2604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 18:36:10.0706 2604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 18:36:10.0949 2604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 18:36:11.0121 2604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
2011/04/12 18:36:11.0496 2604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/12 18:36:11.0718 2604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 18:36:11.0980 2604 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/12 18:36:12.0171 2604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/12 18:36:12.0343 2604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 18:36:12.0514 2604 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 18:36:12.0710 2604 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 18:36:12.0885 2604 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 18:36:13.0080 2604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 18:36:13.0249 2604 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 18:36:13.0539 2604 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
2011/04/12 18:36:13.0765 2604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 18:36:14.0014 2604 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/04/12 18:36:14.0186 2604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 18:36:14.0372 2604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 18:36:14.0597 2604 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 18:36:14.0810 2604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/12 18:36:14.0973 2604 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 18:36:15.0150 2604 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 18:36:15.0352 2604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 18:36:15.0506 2604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 18:36:15.0707 2604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/12 18:36:15.0900 2604 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 18:36:16.0077 2604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/12 18:36:16.0289 2604 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/12 18:36:16.0470 2604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/12 18:36:16.0637 2604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 18:36:16.0813 2604 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/12 18:36:17.0005 2604 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/04/12 18:36:17.0156 2604 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/04/12 18:36:17.0347 2604 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/04/12 18:36:17.0524 2604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/12 18:36:17.0713 2604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/12 18:36:18.0166 2604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 18:36:18.0372 2604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
2011/04/12 18:36:18.0594 2604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 18:36:18.0766 2604 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys
2011/04/12 18:36:18.0960 2604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 18:36:19.0159 2604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 18:36:19.0353 2604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 18:36:19.0519 2604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 18:36:19.0684 2604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/12 18:36:19.0858 2604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 18:36:20.0090 2604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 18:36:20.0287 2604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 18:36:20.0477 2604 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 18:36:20.0651 2604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/12 18:36:20.0813 2604 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 18:36:21.0000 2604 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 18:36:21.0248 2604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 18:36:21.0434 2604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/12 18:36:21.0745 2604 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/12 18:36:21.0890 2604 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 18:36:22.0078 2604 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/12 18:36:22.0315 2604 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/12 18:36:22.0577 2604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 18:36:22.0762 2604 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/04/12 18:36:22.0952 2604 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 18:36:23.0133 2604 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/12 18:36:23.0391 2604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 18:36:23.0632 2604 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\Windows\system32\drivers\senfilt.sys
2011/04/12 18:36:23.0871 2604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/12 18:36:24.0015 2604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/12 18:36:24.0198 2604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 18:36:24.0435 2604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 18:36:24.0602 2604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 18:36:24.0759 2604 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 18:36:24.0946 2604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 18:36:25.0196 2604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
2011/04/12 18:36:25.0382 2604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 18:36:25.0560 2604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 18:36:25.0770 2604 smwdm (93560891704bbf5ff11e8d16c41698e5) C:\Windows\system32\drivers\smwdm.sys
2011/04/12 18:36:25.0997 2604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/12 18:36:26.0217 2604 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 18:36:26.0395 2604 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 18:36:26.0573 2604 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 18:36:26.0787 2604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
2011/04/12 18:36:26.0971 2604 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/12 18:36:27.0131 2604 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/04/12 18:36:27.0309 2604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 18:36:27.0501 2604 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
2011/04/12 18:36:27.0758 2604 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 18:36:28.0041 2604 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 18:36:28.0247 2604 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 18:36:28.0403 2604 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 18:36:28.0587 2604 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 18:36:28.0766 2604 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 18:36:28.0954 2604 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 18:36:29.0153 2604 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
2011/04/12 18:36:29.0436 2604 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 18:36:29.0604 2604 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/12 18:36:29.0759 2604 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
2011/04/12 18:36:29.0937 2604 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
2011/04/12 18:36:30.0133 2604 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 18:36:30.0350 2604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 18:36:30.0504 2604 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 18:36:30.0730 2604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 18:36:30.0903 2604 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 18:36:31.0068 2604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
2011/04/12 18:36:31.0276 2604 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 18:36:31.0447 2604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 18:36:31.0620 2604 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 18:36:31.0794 2604 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 18:36:32.0088 2604 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/04/12 18:36:32.0266 2604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
2011/04/12 18:36:32.0441 2604 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 18:36:32.0620 2604 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 18:36:32.0839 2604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/12 18:36:33.0031 2604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 18:36:33.0204 2604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/12 18:36:33.0498 2604 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/12 18:36:33.0656 2604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 18:36:33.0822 2604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
2011/04/12 18:36:33.0997 2604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/12 18:36:34.0160 2604 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/04/12 18:36:34.0386 2604 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/12 18:36:34.0525 2604 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
2011/04/12 18:36:34.0714 2604 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 18:36:34.0892 2604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 18:36:35.0091 2604 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 18:36:35.0281 2604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 18:36:35.0452 2604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/12 18:36:35.0637 2604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/12 18:36:35.0831 2604 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/12 18:36:36.0037 2604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 18:36:36.0225 2604 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 18:36:36.0279 2604 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 18:36:36.0539 2604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
2011/04/12 18:36:36.0725 2604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 18:36:37.0043 2604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/12 18:36:37.0215 2604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/12 18:36:37.0500 2604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 18:36:37.0767 2604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 18:36:37.0984 2604 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/12 18:36:38.0165 2604 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 18:36:38.0400 2604 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2011/04/12 18:36:38.0584 2604 ================================================================================
2011/04/12 18:36:38.0584 2604 Scan finished
2011/04/12 18:36:38.0584 2604 ================================================================================
2011/04/12 18:36:38.0633 0904 Detected object count: 1
2011/04/12 18:37:02.0405 0904 AFD (1144a61560afd4406c80362198db69c2) C:\Windows\system32\drivers\afd.sys
2011/04/12 18:37:02.0408 0904 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 1144a61560afd4406c80362198db69c2, Fake md5: 1151fd4fb0216cfed887bfde29ebd516
2011/04/12 18:37:10.0670 0904 Backup copy found, using it..
2011/04/12 18:37:10.0696 0904 C:\Windows\system32\drivers\afd.sys - will be cured after reboot
2011/04/12 18:37:10.0696 0904 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/04/12 18:37:19.0193 3008 Deinitialize success

The ESET log;
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

New DDS.txt;
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 20:22:02.37 on 12/04/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.703.286 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.malwareremoval.com/forum/vie ... 34&start=0
uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - c:\program files\gamers unite! snag bar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-explorer: HideSCAHealth = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: {59EB024F-4AA1-424C-95DE-4054B35D5306} = 192.168.0.1
SecurityProviders:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\yqqk97at.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\yqqk97at.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-9 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-9 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-9 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-4-9 247760]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-9 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-9 1150936]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2011-2-1 36928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
exefile="c:\windows\system32\config\systemprofile\appdata\local\aim.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-04-12 17:44:15 -------- d-----w- c:\program files\ESET
2011-04-12 17:44:00 -------- d--h--w- c:\windows\AxInstSV
2011-04-11 22:48:15 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-04-11 22:44:07 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-11 22:28:05 -------- d-----w- c:\users\michael\appdata\local\temp
2011-04-10 17:05:46 98816 ----a-w- c:\windows\sed.exe
2011-04-10 17:05:46 89088 ----a-w- c:\windows\MBR.exe
2011-04-10 17:05:46 256512 ----a-w- c:\windows\PEV.exe
2011-04-10 17:05:46 161792 ----a-w- c:\windows\SWREG.exe
2011-04-10 17:05:36 -------- d-----w- C:\ComboFix
2011-04-09 17:35:38 -------- d-----w- c:\users\michael\appdata\local\_
2011-04-09 16:55:15 -------- d-----w- c:\program files\CCleaner
2011-04-09 15:47:47 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-09 15:47:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-09 15:47:46 1996752 ----a-w- c:\windows\PCTBDCore.dll
2011-04-09 15:47:46 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-09 14:18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-09 14:18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-09 14:18:50 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-09 14:18:50 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-09 14:17:13 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-09 14:17:13 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-09 14:16:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-09 14:15:22 -------- d-----w- c:\program files\common files\PC Tools
2011-04-09 14:15:19 -------- d-----w- c:\users\michael\appdata\roaming\PC Tools
2011-04-09 14:15:19 -------- d-----w- c:\progra~2\PC Tools
2011-04-09 14:15:18 -------- d-----w- c:\program files\PC Tools Security
2011-04-09 11:49:31 135168 --sha-r- c:\windows\system32\wshextf.dll
2011-04-05 16:37:11 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-04-05 16:37:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 16:37:03 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-05 16:37:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 16:37:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 22:54:06 -------- d-----w- c:\program files\Facebook FriendAdder
2011-03-31 00:43:04 -------- d-----w- c:\users\michael\appdata\local\jagexlauncher
2011-03-30 23:41:24 -------- d-----w- c:\windows\.jagex_cache_32
2011-03-28 21:18:54 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-03-26 20:57:32 -------- d-----w- c:\users\michael\appdata\roaming\SynthMaker
2011-03-26 20:54:54 -------- d-----w- c:\users\michael\appdata\roaming\Acoustica
2011-03-26 20:54:53 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-03-26 20:53:33 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-03-26 20:50:34 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-03-26 20:50:34 -------- d-----w- c:\progra~2\Acoustica
2011-03-25 23:03:01 -------- d-----w- c:\users\michael\appdata\local\Ahead
2011-03-25 20:32:24 -------- d-----w- c:\program files\Nero
2011-03-18 19:11:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-18 19:09:48 -------- d-----w- c:\program files\Microsoft Expression
2011-03-18 19:09:41 -------- d-----w- c:\program files\WPF Toolkit
2011-03-18 18:55:33 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-18 18:55:33 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-18 18:55:30 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-03-18 18:55:30 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-18 18:55:30 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-18 18:55:28 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-03-18 18:53:47 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-18 18:53:45 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-18 18:53:43 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-18 18:52:05 -------- d-----w- c:\windows\system32\xlive
2011-03-18 18:52:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-03-18 18:50:39 -------- d-----w- c:\program files\Microsoft XNA
2011-03-18 18:47:37 100512 ----a-w- c:\progra~2\microsoft\vpdexpress\10.0\1033\ResourceCache.dll
2011-03-18 18:43:20 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-03-18 18:40:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-03-18 18:38:23 -------- d-----w- c:\program files\Microsoft XDE
2011-03-18 18:38:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-18 18:25:43 -------- d-----w- c:\windows\PCHEALTH
2011-03-15 00:03:29 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2011-03-15 00:05:21 47360 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys
2011-01-29 16:03:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:23:25.06 ===============

New Attach.txt;
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2011 23:22:12
System Uptime: 12/04/2011 18:39:03 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K8V-MX
Processor: AMD Sempron(tm) Processor 2800+ | Socket 754 | 1600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 20.439 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Ask Toolbar
Browser Defender 3.0
CCleaner
Download Updater (AOL LLC)
ESET Online Scanner v3
ffdshow [rev 3154] [2009-12-09]
Foxit Reader
Gamers Unite! Snag Bar
GIMP 2.6.11
Google Chrome
JDownloader
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Blend SDK for Windows Phone 7
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2010 Express for Windows Phone - ENU
Microsoft Windows Phone 7 Developer Resources
Microsoft Windows Phone Developer Tools - ENU
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Mozilla Firefox 4.0 (x86 en-GB)
Mozilla Thunderbird (3.1.9)
MSVCRT Redists
Nero 7 Premium
neroxml
SoundMAX
Spyware Doctor 8.0
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
Vegas Pro 10.0
Windows Phone 7 Add-in for Visual Studio 2010 - ENU
Windows Phone Emulator - ENU
WinPcap 4.1.1
WinZip 15.0
WPF Toolkit February 2010 (Version 3.5.50211.1)
XPort 360
.
==== Event Viewer Messages From Past Week ========
.
12/04/2011 18:39:10, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
12/04/2011 03:24:52, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7E3AB051-E915-45B9-80DB-AB987AF02CD1} because another computer on the network has the same name. The server could not start.
12/04/2011 00:16:24, Error: BridgeMP [14702] - Bridge [Adapter VIA Rhine II Compatible Fast Ethernet Adapter]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/04/2011 00:16:19, Error: BridgeMP [14702] - Bridge [Adapter 802.11 USB Wireless LAN Card]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/04/2011 00:16:08, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{4B7CE61C-B692-4C28-90CE-D198FE6115F7} because another computer on the network has the same name. The server could not start.
11/04/2011 23:32:57, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/04/2011 22:10:21, Error: Service Control Manager [7034] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s).
10/04/2011 20:32:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:32:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/04/2011 20:32:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/04/2011 20:32:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/04/2011 20:32:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/04/2011 20:31:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/04/2011 20:31:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/04/2011 20:31:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vmm vwififlt Wanarpv6 WfpLwf
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/04/2011 20:31:38, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/04/2011 19:57:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/04/2011 19:57:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vmm Wanarpv6
10/04/2011 19:33:06, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/04/2011 19:25:24, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/04/2011 18:26:45, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/04/2011 18:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/04/2011 17:51:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/04/2011 17:51:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/04/2011 17:51:34, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/04/2011 17:29:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x858414ce, 0x9c12fb74, 0x9c12f750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041011-27531-01.
10/04/2011 17:25:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/04/2011 17:21:32, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
10/04/2011 17:17:38, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/04/2011 17:17:38, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/04/2011 02:56:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/04/2011 02:56:56, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/04/2011 02:53:26, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/04/2011 02:49:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00100074, 0x00000002, 0x00000001, 0x828d292b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041011-34515-01.
10/04/2011 02:25:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
10/04/2011 02:25:31, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 23:54:43, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
09/04/2011 21:52:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82a41f3e, 0x8490b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040911-24921-01.
09/04/2011 21:46:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x8289f92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040911-35500-01.
09/04/2011 19:20:21, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 19:18:17, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 18:50:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 18:48:23, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 18:24:45, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09/04/2011 17:12:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 17:11:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
09/04/2011 17:10:34, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:38:07, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:11, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
09/04/2011 16:22:10, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 16:02:43, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/04/2011 15:42:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
09/04/2011 15:42:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NMIndexingService service to connect.
09/04/2011 15:42:26, Error: Service Control Manager [7000] - The NMIndexingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 15:39:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
09/04/2011 15:31:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
09/04/2011 15:31:00, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 15:29:56, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
09/04/2011 15:18:41, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
09/04/2011 15:16:25, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
09/04/2011 12:34:12, Error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 17:36:38, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
05/04/2011 17:24:36, Error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 17:24:33, Error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


My computer Seems to be running Much, Much better now, just hope my computer is clean.

Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby Carolyn » April 12th, 2011, 4:57 pm

Hi Michael,

Still no Antivirus program? Spyware Doctor is not a replacement for an Antivirus program. It is meant to compliment one, not replace it. If the AV products I listed are not of interest to you, consider upgrading to PC Tools Spyware Doctor with AntiVirus 2011

If you continue to access the internet without an Antivirus program, your computer will become infected again.

Please disable Windows Defender. With Spyware Doctor running, you do not need Defender.

Disable Windows Defender
- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save


The ESET log was incomplete. Let's try a different scanner:

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window
        In Interner Explorer
      • It will require an activex control, please install it
      • Click Accept

        In Firefox
      • It will require an Add-on to be installed, please install it
      • Order to install the Add-on Firefox needs to be restarted, please do so
  • Click Full System Scan
  • It will now download the scanner this may take a while please be patient
  • It will then start scanning wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan copy and paste those results as a reply to this topic
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 12th, 2011, 10:42 pm

I knew i forgot about something.

I chose to go with the "Antivir PersonalEdition Classic"

How do i find Windows Defender? I cant find it anywhere.

To run "F-Secure Online Scan" i need java installed, shall i install java at this point?

Thanks;
Michael
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm

Re: Malware infection

Unread postby Carolyn » April 13th, 2011, 11:26 am

Hi Michael,

To find Windows Defender, click on the Start orb, then type "Defender" in the search window. The program will appear in the list above.

Yes, go ahead ind install Java...

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Malware infection

Unread postby TrickyMicky » April 13th, 2011, 7:31 pm

Windows defender says its disabled already.

Here's the F-Secure Online Scan log;
Scanning Report
Wednesday, April 13, 2011 21:57:43 - 23:06:57

Computer name: MICHAEL-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
No malware found
Statistics
Scanned:

Files: 43764
System: 4023
Not scanned: 49

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\CSC\V2.0.6\PQ
C:\WINDOWS\CSC\V2.0.6\TEMP\EA-{20724449-2AAA-11E0-BB9D-90C142E7A4A3}
C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\ETILQS_9SZYGSEVXHUQEKJ
C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\HSPERFDATA_MICHAEL\2072
C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\HSPERFDATA_MICHAEL\3028
C:\QOOBOX\BACKENV\VIKPEV00
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02AAC94572D089EC5465F13E34BEA58E_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0477697C91C0AF7429C2581264A8849E_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29737C110BE94324EAE2F5C578FA365D_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2977C17B58E4FA985D9DB7FE592EA5BE_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E3CB137BD941FBCD744FA87EE0D3E47_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31CD88822ACFCBE285E64C0DA27BEECD_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\341ED633DE2E322B706AEA3EDA77DE40_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343BEDEB4516ADE40017B14B5C385B74_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3991C45089DB0CC97332DA523B50BB42_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38DC3E7AD8BF49B5B26B8B4E75C17C3C_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41E1965EF182B86FCA01C438520B1C5E_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BCD2C55A9826FA5DB823074DFA1067A_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D6543FBF629F3AA1998C02521AA5E87_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\530EE48D866ABA1B8401C86ED9CF34D1_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6335D0E4C245C14AA91616C24FB86782_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\869B922FAD3FE283B8705D10DE30C5F2_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86D3AFAE5D353D2670DE5C78C319EC3A_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82F904BF41CC7F3E31A0579B0AEC0F1A_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F72D9C4116E4AC938DCB4E58826B3F6_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABECE2BB607131B523F8D6297625EE0E_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C38B9010632F85F8B5D777FED2FE1CD0_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C83D785893FB4DE2041F582090DC307F_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA2E3820D5975E9B2D8FBF21D32FFDD5_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D45BA07781A568A175ACDC8C65FED884_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4AA8E5995665EB2E7638C3C4929AC74_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E52537B972DEDD0C8293BDB21699937B_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB7A808101FF593291BF803BF4AD355D_AD06FCDF-537E-460B-A2A1-27DD50BB6EDB
C:\BOOT\BCD

Options
Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
TrickyMicky
Active Member
 
Posts: 8
Joined: April 9th, 2011, 7:01 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Froby, pgmigg and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware