Jump to content

Recommended Posts

I've been battling some nasty malware that refuses to be detected/removed for about a week now. I've scanned with Malwarebytes, Hitman Pro 3.5, Norton Power Eraser, TDSS Killer, and Rkill both in normal operation and in Safe Mode everyday for the last few days. Each time I scan I find 10-20 Trojans and other malicious files which are then removed and my computer seems to work normally again, only to have the problem resurface overnight while the computer is sleeping.

I keep getting the Vista Antivirus 2012 popups and warnings, and at the onset had the Google redirect problem although that has not resurfaced. Today I started getting warnings about RAM memory shortages and Hard disk errors, then everything went haywire. I lost some desktop shortcuts, all the items pinned to the top of the start menu, everything to the left of the start menu where control panel, recent items, etc. shortcuts are, as well as everything on the quick launch menu.

I'd really like to restore the start menu.

Below is the DDS log from today and I have the other logs from Malwarebytes and the other scanners from recent scans if they would be helpful.

Thanks in advance for your help! I'd like to beat the crap out of whoever writes malware.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_22

Run by Owner at 9:46:49 on 2011-12-27

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.908 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\igfxsrvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mail.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe

mRun: [eRecoveryService]

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [EarthLink Installer] " /C

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2CD27639-DCA6-41FF-8BEA-DC71C2582462} : DhcpNameServer = 192.168.2.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\y66jd7st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-30 201320]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-30 79304]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-30 35240]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-30 40488]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-30 33832]

.

=============== Created Last 30 ================

.

2011-12-27 14:46:53 -------- d-----r- c:\users\owner\appdata\local\MicrosoftNT

2011-12-27 14:35:35 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c2039a05-ff2e-4346-9e1d-5221d285e1f1}\offreg.dll

2011-12-27 10:32:26 35840 --sh--w- c:\users\owner\appdata\local\dplayx.dll

2011-12-27 06:51:01 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c2039a05-ff2e-4346-9e1d-5221d285e1f1}\mpengine.dll

2011-12-23 04:01:55 -------- d-----w- c:\users\owner\appdata\local\CrashDumps

2011-12-20 18:39:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-12-20 18:39:13 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-12-20 18:38:11 -------- d-----w- c:\programdata\Hitman Pro

2011-12-20 18:29:44 -------- d-----w- c:\users\owner\appdata\local\NPE

2011-12-20 18:29:43 -------- d-----w- c:\programdata\Norton

2011-12-15 12:17:46 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 12:17:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 12:17:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 12:17:30 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 12:17:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-12-15 12:17:22 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 12:17:08 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 12:26:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 9:54:16.11 ===============

Link to post
Share on other sites

Welcome to the forum.

See if following this guide works.

if not...........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [EarthLink Installer] " /C File not found
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    [2011/12/27 08:39:04 | 000,008,392 | -HS- | M] () -- C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w
    [2011/12/27 08:39:04 | 000,008,392 | -HS- | M] () -- C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w
    [2011/12/20 21:30:57 | 000,010,870 | -HS- | M] () -- C:\ProgramData\24n6x508x8iac5v17p5yu
    [2011/12/27 05:32:26 | 000,008,392 | -HS- | C] () -- C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w
    [2011/12/27 05:32:26 | 000,008,392 | -HS- | C] () -- C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w
    [2011/12/20 20:29:25 | 000,010,870 | -HS- | C] () -- C:\Users\Owner\AppData\Local\24n6x508x8iac5v17p5yu
    [2011/12/20 20:29:25 | 000,010,870 | -HS- | C] () -- C:\ProgramData\24n6x508x8iac5v17p5yu
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------------

Then.......

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

Problem came back this afternoon while computer was idle, this time as "Vista Security 2012" would not let me open any programs except under administrator. I used Rkill then ran the OTL Fix and Rogue Killer as suggested in last post. logs are below.

Is there any hope for me?

OTL Log:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EarthLink Installer deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w moved successfully.

C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w moved successfully.

C:\ProgramData\24n6x508x8iac5v17p5yu moved successfully.

File C:\Users\Owner\AppData\Local\0cj4j72iaj0f64pcnog7780iq253whs21n4w not found.

File C:\ProgramData\0cj4j72iaj0f64pcnog7780iq253whs21n4w not found.

C:\Users\Owner\AppData\Local\24n6x508x8iac5v17p5yu moved successfully.

File C:\ProgramData\24n6x508x8iac5v17p5yu not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

->Flash cache emptied: 75 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 502447924 bytes

->Temporary Internet Files folder emptied: 265960722 bytes

->Java cache emptied: 71289531 bytes

->FireFox cache emptied: 55792690 bytes

->Google Chrome cache emptied: 14709524 bytes

->Flash cache emptied: 3107727 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 294229 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 364810520 bytes

RecycleBin emptied: 2209977 bytes

Total Files Cleaned = 1,221.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_224549

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\mcafee_3V9uHeAQrQOd0Oj not found!

File\Folder C:\Windows\temp\mcafee_qilu1CUzKUVMweO not found!

File\Folder C:\Windows\temp\mcmsc_bj6bTeqLUqpMdoL not found!

File\Folder C:\Windows\temp\mcmsc_cBT76hCsfllemqZ not found!

File\Folder C:\Windows\temp\mcmsc_IZahwDmJQC320Vc not found!

File\Folder C:\Windows\temp\mcmsc_rCsK4wJpCN9hR64 not found!

C:\Windows\temp\sqlite_BEMAoinean3lFRG moved successfully.

C:\Windows\temp\sqlite_iLvEQVj29GeHAfv moved successfully.

File\Folder C:\Windows\temp\WFV4411.tmp not found!

Registry entries deleted on Reboot...

RogueKiller Log:

RogueKiller V6.2.1 [12/28/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date : 12/30/2011 00:06:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] winupd.job : C:\Users\Owner\AppData\Local\Temp:winupd.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 4e5e9a983d263312a3beae5de5a3749c

[bSP] a680517eeb201dde44f5a1267eaa0e5d : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 10485 Mo

1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 20482048 | Size: 74781 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 166539264 | Size: 74771 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Rkill log I ran just before OTL AND RogueKiller:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/29/2011 at 22:39:04.

Operating System: Windows Vista Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\Owner\AppData\Local\men.exe

C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

Rkill completed on 12/29/2011 at 22:39:42.

Link to post
Share on other sites

Ran TDSSKiller log:

11:08:01.0546 5884 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

11:08:02.0485 5884 ============================================================

11:08:02.0486 5884 Current date / time: 2011/12/30 11:08:02.0485

11:08:02.0486 5884 SystemInfo:

11:08:02.0486 5884

11:08:02.0486 5884 OS Version: 6.0.6002 ServicePack: 2.0

11:08:02.0486 5884 Product type: Workstation

11:08:02.0486 5884 ComputerName: OWNER-PC

11:08:02.0487 5884 UserName: Owner

11:08:02.0487 5884 Windows directory: C:\Windows

11:08:02.0487 5884 System windows directory: C:\Windows

11:08:02.0487 5884 Processor architecture: Intel x86

11:08:02.0487 5884 Number of processors: 2

11:08:02.0487 5884 Page size: 0x1000

11:08:02.0487 5884 Boot type: Normal boot

11:08:02.0487 5884 ============================================================

11:08:04.0161 5884 Initialize success

11:08:12.0954 4804 ============================================================

11:08:12.0954 4804 Scan started

11:08:12.0954 4804 Mode: Manual; SigCheck; TDLFS;

11:08:12.0954 4804 ============================================================

11:08:15.0082 4804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

11:08:15.0396 4804 ACPI - ok

11:08:15.0676 4804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

11:08:15.0825 4804 adp94xx - ok

11:08:15.0918 4804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

11:08:16.0053 4804 adpahci - ok

11:08:16.0129 4804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

11:08:16.0266 4804 adpu160m - ok

11:08:16.0319 4804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

11:08:16.0426 4804 adpu320 - ok

11:08:16.0486 4804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

11:08:16.0808 4804 AFD - ok

11:08:16.0948 4804 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys

11:08:17.0299 4804 AgereSoftModem - ok

11:08:17.0320 4804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

11:08:17.0402 4804 agp440 - ok

11:08:17.0433 4804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

11:08:17.0530 4804 aic78xx - ok

11:08:17.0578 4804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

11:08:17.0698 4804 aliide - ok

11:08:17.0747 4804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

11:08:17.0814 4804 amdagp - ok

11:08:17.0838 4804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

11:08:17.0932 4804 amdide - ok

11:08:17.0964 4804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

11:08:18.0199 4804 AmdK7 - ok

11:08:18.0225 4804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

11:08:18.0341 4804 AmdK8 - ok

11:08:18.0383 4804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

11:08:18.0478 4804 arc - ok

11:08:18.0514 4804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

11:08:18.0611 4804 arcsas - ok

11:08:18.0680 4804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

11:08:18.0827 4804 AsyncMac - ok

11:08:18.0875 4804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

11:08:18.0960 4804 atapi - ok

11:08:19.0032 4804 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys

11:08:19.0319 4804 athr - ok

11:08:19.0364 4804 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

11:08:19.0484 4804 b57nd60x - ok

11:08:19.0522 4804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

11:08:19.0662 4804 Beep - ok

11:08:19.0723 4804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

11:08:19.0883 4804 blbdrive - ok

11:08:19.0925 4804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

11:08:20.0052 4804 bowser - ok

11:08:20.0084 4804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

11:08:20.0282 4804 BrFiltLo - ok

11:08:20.0305 4804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

11:08:20.0434 4804 BrFiltUp - ok

11:08:20.0474 4804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

11:08:20.0778 4804 Brserid - ok

11:08:20.0818 4804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

11:08:21.0013 4804 BrSerWdm - ok

11:08:21.0045 4804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

11:08:21.0207 4804 BrUsbMdm - ok

11:08:21.0221 4804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

11:08:21.0388 4804 BrUsbSer - ok

11:08:21.0419 4804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

11:08:21.0592 4804 BTHMODEM - ok

11:08:21.0637 4804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

11:08:21.0702 4804 cdfs - ok

11:08:21.0760 4804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

11:08:21.0889 4804 cdrom - ok

11:08:21.0939 4804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

11:08:22.0090 4804 circlass - ok

11:08:22.0165 4804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

11:08:22.0268 4804 CLFS - ok

11:08:22.0319 4804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

11:08:22.0420 4804 CmBatt - ok

11:08:22.0450 4804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

11:08:22.0536 4804 cmdide - ok

11:08:22.0551 4804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

11:08:22.0612 4804 Compbatt - ok

11:08:22.0639 4804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

11:08:22.0701 4804 crcdisk - ok

11:08:22.0740 4804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

11:08:22.0841 4804 Crusoe - ok

11:08:22.0973 4804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

11:08:23.0145 4804 DfsC - ok

11:08:23.0225 4804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

11:08:23.0332 4804 disk - ok

11:08:23.0438 4804 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

11:08:23.0602 4804 DKbFltr - ok

11:08:23.0754 4804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

11:08:23.0913 4804 drmkaud - ok

11:08:23.0960 4804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

11:08:24.0040 4804 DXGKrnl - ok

11:08:24.0073 4804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

11:08:24.0211 4804 E1G60 - ok

11:08:24.0288 4804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

11:08:24.0405 4804 Ecache - ok

11:08:24.0532 4804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

11:08:24.0670 4804 elxstor - ok

11:08:24.0847 4804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

11:08:24.0984 4804 ErrDev - ok

11:08:25.0078 4804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

11:08:25.0245 4804 exfat - ok

11:08:25.0306 4804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

11:08:25.0426 4804 fastfat - ok

11:08:25.0492 4804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

11:08:25.0615 4804 fdc - ok

11:08:25.0739 4804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

11:08:25.0837 4804 FileInfo - ok

11:08:25.0882 4804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

11:08:26.0012 4804 Filetrace - ok

11:08:26.0164 4804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

11:08:26.0280 4804 flpydisk - ok

11:08:26.0744 4804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

11:08:26.0820 4804 FltMgr - ok

11:08:26.0963 4804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

11:08:27.0063 4804 Fs_Rec - ok

11:08:27.0105 4804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

11:08:27.0172 4804 gagp30kx - ok

11:08:27.0269 4804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

11:08:27.0461 4804 HdAudAddService - ok

11:08:27.0542 4804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:08:27.0721 4804 HDAudBus - ok

11:08:27.0793 4804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

11:08:27.0966 4804 HidBth - ok

11:08:28.0090 4804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

11:08:28.0237 4804 HidIr - ok

11:08:28.0313 4804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

11:08:28.0454 4804 HidUsb - ok

11:08:28.0487 4804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

11:08:28.0590 4804 HpCISSs - ok

11:08:28.0635 4804 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

11:08:28.0782 4804 HSFHWAZL - ok

11:08:28.0847 4804 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

11:08:29.0124 4804 HSF_DPV - ok

11:08:29.0179 4804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

11:08:29.0383 4804 HTTP - ok

11:08:29.0441 4804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

11:08:29.0529 4804 i2omp - ok

11:08:29.0574 4804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

11:08:29.0704 4804 i8042prt - ok

11:08:29.0752 4804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

11:08:29.0882 4804 iaStorV - ok

11:08:30.0279 4804 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

11:08:30.0953 4804 igfx - ok

11:08:31.0080 4804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

11:08:31.0169 4804 iirsp - ok

11:08:31.0213 4804 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys

11:08:31.0323 4804 int15 - ok

11:08:31.0417 4804 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys

11:08:31.0653 4804 IntcAzAudAddService - ok

11:08:31.0690 4804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

11:08:31.0778 4804 intelide - ok

11:08:31.0811 4804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

11:08:31.0902 4804 intelppm - ok

11:08:31.0939 4804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:08:32.0086 4804 IpFilterDriver - ok

11:08:32.0105 4804 IpInIp - ok

11:08:32.0144 4804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

11:08:32.0255 4804 IPMIDRV - ok

11:08:32.0285 4804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

11:08:32.0393 4804 IPNAT - ok

11:08:32.0421 4804 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

11:08:32.0577 4804 irda - ok

11:08:32.0615 4804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

11:08:32.0711 4804 IRENUM - ok

11:08:32.0752 4804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

11:08:32.0818 4804 isapnp - ok

11:08:32.0866 4804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

11:08:32.0905 4804 iScsiPrt - ok

11:08:32.0942 4804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

11:08:33.0032 4804 iteatapi - ok

11:08:33.0070 4804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

11:08:33.0158 4804 iteraid - ok

11:08:33.0182 4804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:08:33.0290 4804 kbdclass - ok

11:08:33.0322 4804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

11:08:33.0422 4804 kbdhid - ok

11:08:33.0481 4804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

11:08:33.0605 4804 KSecDD - ok

11:08:33.0653 4804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

11:08:33.0760 4804 lltdio - ok

11:08:33.0821 4804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

11:08:33.0931 4804 LSI_FC - ok

11:08:33.0965 4804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

11:08:34.0090 4804 LSI_SAS - ok

11:08:34.0128 4804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

11:08:34.0225 4804 LSI_SCSI - ok

11:08:34.0257 4804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

11:08:34.0340 4804 luafv - ok

11:08:34.0379 4804 MBAMSwissArmy - ok

11:08:34.0475 4804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

11:08:34.0565 4804 megasas - ok

11:08:34.0601 4804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

11:08:34.0770 4804 MegaSR - ok

11:08:34.0817 4804 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys

11:08:34.0844 4804 mfeavfk - ok

11:08:34.0878 4804 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys

11:08:34.0903 4804 mfebopk - ok

11:08:34.0944 4804 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys

11:08:34.0974 4804 mfehidk - ok

11:08:35.0009 4804 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys

11:08:35.0035 4804 mferkdk - ok

11:08:35.0067 4804 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys

11:08:35.0094 4804 mfesmfk - ok

11:08:35.0131 4804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

11:08:35.0209 4804 Modem - ok

11:08:35.0247 4804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

11:08:35.0324 4804 monitor - ok

11:08:35.0365 4804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

11:08:35.0458 4804 mouclass - ok

11:08:35.0483 4804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

11:08:35.0587 4804 mouhid - ok

11:08:35.0620 4804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

11:08:35.0706 4804 MountMgr - ok

11:08:35.0759 4804 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys

11:08:35.0788 4804 MPFP - ok

11:08:35.0827 4804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

11:08:35.0921 4804 mpio - ok

11:08:35.0952 4804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

11:08:36.0090 4804 mpsdrv - ok

11:08:36.0131 4804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

11:08:36.0220 4804 Mraid35x - ok

11:08:36.0286 4804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

11:08:36.0480 4804 MRxDAV - ok

11:08:36.0530 4804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:08:36.0646 4804 mrxsmb - ok

11:08:36.0702 4804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:08:36.0817 4804 mrxsmb10 - ok

11:08:36.0835 4804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:08:36.0961 4804 mrxsmb20 - ok

11:08:37.0017 4804 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

11:08:37.0106 4804 msahci - ok

11:08:37.0151 4804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

11:08:37.0276 4804 msdsm - ok

11:08:37.0312 4804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

11:08:37.0429 4804 Msfs - ok

11:08:37.0456 4804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

11:08:37.0519 4804 msisadrv - ok

11:08:37.0574 4804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

11:08:37.0679 4804 MSKSSRV - ok

11:08:37.0712 4804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

11:08:37.0837 4804 MSPCLOCK - ok

11:08:37.0870 4804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

11:08:37.0960 4804 MSPQM - ok

11:08:38.0019 4804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

11:08:38.0084 4804 MsRPC - ok

11:08:38.0118 4804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

11:08:38.0162 4804 mssmbios - ok

11:08:38.0266 4804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

11:08:38.0372 4804 MSTEE - ok

11:08:38.0408 4804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

11:08:38.0472 4804 Mup - ok

11:08:38.0543 4804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

11:08:38.0658 4804 NativeWifiP - ok

11:08:38.0717 4804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

11:08:38.0822 4804 NDIS - ok

11:08:38.0861 4804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

11:08:38.0955 4804 NdisTapi - ok

11:08:38.0991 4804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

11:08:39.0098 4804 Ndisuio - ok

11:08:39.0153 4804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:08:39.0300 4804 NdisWan - ok

11:08:39.0332 4804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

11:08:39.0425 4804 NDProxy - ok

11:08:39.0455 4804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

11:08:39.0545 4804 NetBIOS - ok

11:08:39.0602 4804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

11:08:39.0764 4804 netbt - ok

11:08:39.0853 4804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

11:08:39.0949 4804 nfrd960 - ok

11:08:40.0026 4804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

11:08:40.0122 4804 Npfs - ok

11:08:40.0154 4804 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

11:08:40.0292 4804 NSCIRDA - ok

11:08:40.0322 4804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

11:08:40.0444 4804 nsiproxy - ok

11:08:40.0533 4804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

11:08:40.0744 4804 Ntfs - ok

11:08:40.0832 4804 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

11:08:40.0933 4804 NTIDrvr - ok

11:08:40.0983 4804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

11:08:41.0179 4804 ntrigdigi - ok

11:08:41.0231 4804 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

11:08:41.0326 4804 NuidFltr - ok

11:08:41.0368 4804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

11:08:41.0492 4804 Null - ok

11:08:41.0621 4804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

11:08:41.0738 4804 nvraid - ok

11:08:41.0783 4804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

11:08:41.0887 4804 nvstor - ok

11:08:41.0920 4804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

11:08:42.0000 4804 nv_agp - ok

11:08:42.0019 4804 NwlnkFlt - ok

11:08:42.0049 4804 NwlnkFwd - ok

11:08:42.0097 4804 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

11:08:42.0201 4804 ohci1394 - ok

11:08:42.0259 4804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

11:08:42.0435 4804 Parport - ok

11:08:42.0476 4804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

11:08:42.0587 4804 partmgr - ok

11:08:42.0630 4804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

11:08:42.0754 4804 Parvdm - ok

11:08:42.0816 4804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

11:08:42.0920 4804 pci - ok

11:08:42.0955 4804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

11:08:43.0041 4804 pciide - ok

11:08:43.0083 4804 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

11:08:43.0157 4804 pcmcia - ok

11:08:43.0232 4804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

11:08:43.0472 4804 PEAUTH - ok

11:08:43.0589 4804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

11:08:43.0722 4804 PptpMiniport - ok

11:08:43.0768 4804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

11:08:43.0865 4804 Processor - ok

11:08:43.0938 4804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

11:08:44.0057 4804 PSched - ok

11:08:44.0112 4804 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys

11:08:44.0170 4804 PSDFilter - ok

11:08:44.0201 4804 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys

11:08:44.0257 4804 PSDNServ - ok

11:08:44.0288 4804 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys

11:08:44.0358 4804 psdvdisk - ok

11:08:44.0439 4804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

11:08:44.0645 4804 ql2300 - ok

11:08:44.0684 4804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

11:08:44.0802 4804 ql40xx - ok

11:08:44.0849 4804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

11:08:45.0024 4804 QWAVEdrv - ok

11:08:45.0075 4804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

11:08:45.0219 4804 RasAcd - ok

11:08:45.0291 4804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:08:45.0416 4804 Rasl2tp - ok

11:08:45.0516 4804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

11:08:45.0649 4804 RasPppoe - ok

11:08:45.0697 4804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

11:08:45.0792 4804 RasSstp - ok

11:08:45.0850 4804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

11:08:45.0991 4804 rdbss - ok

11:08:46.0060 4804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:08:46.0173 4804 RDPCDD - ok

11:08:46.0257 4804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

11:08:46.0377 4804 rdpdr - ok

11:08:46.0397 4804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

11:08:46.0494 4804 RDPENCDD - ok

11:08:46.0541 4804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

11:08:46.0701 4804 RDPWD - ok

11:08:46.0807 4804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

11:08:46.0898 4804 rspndr - ok

11:08:46.0950 4804 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS

11:08:47.0075 4804 RTSTOR - ok

11:08:47.0122 4804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

11:08:47.0212 4804 sbp2port - ok

11:08:47.0277 4804 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

11:08:47.0443 4804 sdbus - ok

11:08:47.0507 4804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:08:47.0679 4804 secdrv - ok

11:08:47.0735 4804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

11:08:47.0913 4804 Serenum - ok

11:08:47.0951 4804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

11:08:48.0119 4804 Serial - ok

11:08:48.0155 4804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

11:08:48.0279 4804 sermouse - ok

11:08:48.0425 4804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

11:08:48.0503 4804 sffdisk - ok

11:08:48.0529 4804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

11:08:48.0636 4804 sffp_mmc - ok

11:08:48.0682 4804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

11:08:48.0789 4804 sffp_sd - ok

11:08:48.0826 4804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

11:08:49.0008 4804 sfloppy - ok

11:08:49.0108 4804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

11:08:49.0198 4804 sisagp - ok

11:08:49.0235 4804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

11:08:49.0353 4804 SiSRaid2 - ok

11:08:49.0383 4804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

11:08:49.0498 4804 SiSRaid4 - ok

11:08:49.0586 4804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

11:08:49.0724 4804 Smb - ok

11:08:49.0825 4804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

11:08:49.0919 4804 spldr - ok

11:08:49.0983 4804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

11:08:50.0168 4804 srv - ok

11:08:50.0221 4804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

11:08:50.0392 4804 srv2 - ok

11:08:50.0438 4804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

11:08:50.0545 4804 srvnet - ok

11:08:50.0648 4804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

11:08:50.0711 4804 swenum - ok

11:08:50.0776 4804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

11:08:50.0866 4804 Symc8xx - ok

11:08:50.0900 4804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

11:08:50.0989 4804 Sym_hi - ok

11:08:51.0025 4804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

11:08:51.0114 4804 Sym_u3 - ok

11:08:51.0167 4804 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys

11:08:51.0236 4804 SynTP - ok

11:08:51.0363 4804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

11:08:51.0559 4804 Tcpip - ok

11:08:51.0623 4804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

11:08:51.0721 4804 Tcpip6 - ok

11:08:51.0789 4804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

11:08:51.0941 4804 tcpipreg - ok

11:08:51.0983 4804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

11:08:52.0105 4804 TDPIPE - ok

11:08:52.0139 4804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

11:08:52.0253 4804 TDTCP - ok

11:08:52.0318 4804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

11:08:52.0455 4804 tdx - ok

11:08:52.0511 4804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

11:08:52.0608 4804 TermDD - ok

11:08:52.0725 4804 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys

11:08:52.0775 4804 TrueSight ( UnsignedFile.Multi.Generic ) - warning

11:08:52.0775 4804 TrueSight - detected UnsignedFile.Multi.Generic (1)

11:08:52.0844 4804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:08:52.0980 4804 tssecsrv - ok

11:08:53.0012 4804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

11:08:53.0156 4804 tunmp - ok

11:08:53.0208 4804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

11:08:53.0345 4804 tunnel - ok

11:08:53.0382 4804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

11:08:53.0455 4804 uagp35 - ok

11:08:53.0506 4804 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

11:08:53.0570 4804 UBHelper - ok

11:08:53.0631 4804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

11:08:53.0743 4804 udfs - ok

11:08:53.0868 4804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

11:08:53.0934 4804 uliagpkx - ok

11:08:53.0976 4804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

11:08:54.0088 4804 uliahci - ok

11:08:54.0123 4804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

11:08:54.0269 4804 UlSata - ok

11:08:54.0301 4804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

11:08:54.0398 4804 ulsata2 - ok

11:08:54.0438 4804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

11:08:54.0537 4804 umbus - ok

11:08:54.0612 4804 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

11:08:54.0732 4804 usbaudio - ok

11:08:54.0768 4804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

11:08:54.0879 4804 usbccgp - ok

11:08:54.0914 4804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

11:08:55.0042 4804 usbcir - ok

11:08:55.0096 4804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

11:08:55.0223 4804 usbehci - ok

11:08:55.0259 4804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

11:08:55.0428 4804 usbhub - ok

11:08:55.0464 4804 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

11:08:55.0622 4804 usbohci - ok

11:08:55.0674 4804 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

11:08:55.0811 4804 usbprint - ok

11:08:55.0870 4804 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

11:08:55.0998 4804 usbscan - ok

11:08:56.0034 4804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:08:56.0174 4804 USBSTOR - ok

11:08:56.0219 4804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

11:08:56.0343 4804 usbuhci - ok

11:08:56.0387 4804 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

11:08:56.0578 4804 usbvideo - ok

11:08:56.0630 4804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

11:08:56.0745 4804 vga - ok

11:08:56.0785 4804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

11:08:56.0893 4804 VgaSave - ok

11:08:56.0937 4804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

11:08:57.0017 4804 viaagp - ok

11:08:57.0060 4804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

11:08:57.0160 4804 ViaC7 - ok

11:08:57.0199 4804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

11:08:57.0306 4804 viaide - ok

11:08:57.0350 4804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

11:08:57.0418 4804 volmgr - ok

11:08:57.0482 4804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

11:08:57.0599 4804 volmgrx - ok

11:08:57.0681 4804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

11:08:57.0762 4804 volsnap - ok

11:08:57.0809 4804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

11:08:57.0980 4804 vsmraid - ok

11:08:58.0115 4804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

11:08:58.0344 4804 WacomPen - ok

11:08:58.0443 4804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:08:58.0597 4804 Wanarp - ok

11:08:58.0635 4804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:08:58.0691 4804 Wanarpv6 - ok

11:08:58.0748 4804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

11:08:58.0843 4804 Wd - ok

11:08:58.0921 4804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

11:08:59.0069 4804 Wdf01000 - ok

11:08:59.0236 4804 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

11:08:59.0447 4804 winachsf - ok

11:08:59.0657 4804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:08:59.0735 4804 WmiAcpi - ok

11:08:59.0913 4804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

11:09:00.0078 4804 WpdUsb - ok

11:09:00.0147 4804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

11:09:00.0261 4804 ws2ifsl - ok

11:09:00.0380 4804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:09:00.0527 4804 WUDFRd - ok

11:09:00.0631 4804 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys

11:09:00.0737 4804 yukonwlh - ok

11:09:00.0792 4804 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0

11:09:02.0638 4804 \Device\Harddisk0\DR0 - ok

11:09:02.0676 4804 Boot (0x1200) (dd7135c8c40ba84eeecd3600268e932e) \Device\Harddisk0\DR0\Partition0

11:09:02.0678 4804 \Device\Harddisk0\DR0\Partition0 - ok

11:09:02.0706 4804 Boot (0x1200) (44cc9adfe5beddbea61922cfb7321598) \Device\Harddisk0\DR0\Partition1

11:09:02.0708 4804 \Device\Harddisk0\DR0\Partition1 - ok

11:09:02.0714 4804 ============================================================

11:09:02.0715 4804 Scan finished

11:09:02.0715 4804 ============================================================

11:09:02.0749 4772 Detected object count: 1

11:09:02.0749 4772 Actual detected object count: 1

11:09:08.0750 4772 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

11:09:08.0750 4772 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:09:37.0636 5088 Deinitialize success

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

ComboFix log:

ComboFix 11-12-30.01 - Owner 12/30/2011 16:09:23.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1303 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Local\dplayx.dll

c:\users\Owner\AppData\Roaming\.#

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome.manifest

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome\xulcache.jar

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\defaults\preferences\xulcache.js

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\install.rdf

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome.manifest

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome\xulcache.jar

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\defaults\preferences\xulcache.js

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\install.rdf

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome.manifest

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome\xulcache.jar

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\defaults\preferences\xulcache.js

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\install.rdf

c:\users\Owner\Documents\~WRL0066.tmp

c:\users\Owner\Documents\~WRL2427.tmp

c:\users\Owner\Documents\~WRL2953.tmp

c:\users\Owner\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))

.

.

2011-12-30 21:22 . 2011-12-30 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-30 13:04 . 2011-12-30 13:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC0D351-C6F6-4E5B-A739-E86695FB0BE0}\offreg.dll

2011-12-30 06:31 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC0D351-C6F6-4E5B-A739-E86695FB0BE0}\mpengine.dll

2011-12-30 05:03 . 2011-12-30 05:06 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-12-30 03:45 . 2011-12-30 03:45 -------- d-----w- C:\_OTL

2011-12-27 14:46 . 2011-12-27 14:46 -------- d-----r- c:\users\Owner\AppData\Local\MicrosoftNT

2011-12-23 04:01 . 2011-12-27 13:39 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps

2011-12-20 18:39 . 2011-12-28 13:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-12-20 18:39 . 2011-12-20 18:39 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-12-20 18:38 . 2011-12-20 18:59 -------- d-----w- c:\programdata\Hitman Pro

2011-12-20 18:29 . 2011-12-23 22:49 -------- d-----w- c:\users\Owner\AppData\Local\NPE

2011-12-20 18:29 . 2011-12-20 18:30 -------- d-----w- c:\programdata\Norton

2011-12-15 12:17 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 12:17 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 12:17 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 12:17 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 12:17 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-12-15 12:17 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 12:17 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 12:26 . 2011-12-13 12:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 04:39 . 2011-05-17 15:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]

"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-06-17 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 90585919

*Deregistered* - 90585919

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]

.

2011-12-23 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job

- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-12-20 18:32]

.

2011-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]

.

2011-12-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mail.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-30 16:22

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-12-30 16:27:59

ComboFix-quarantined-files.txt 2011-12-30 21:27

.

Pre-Run: 15,700,066,304 bytes free

Post-Run: 17,797,734,400 bytes free

.

- - End Of File - - 56820C1FA8EB93EB7CB68985E3A5ABCB

Link to post
Share on other sites

Nothing has resurfaced since yesterday, the Malwarebytes scan this morning was clean. Fingers crossed that Combofix did the trick? Thanks so much for your advice.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.31.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

12/31/2011 8:38:04 AM

mbam-log-2011-12-31 (08-38-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 170550

Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Looks Good :) :)

Lets give it a day or so and see how it is.

In the mean time.......

Please update your Java, older versions are vulnerable to malware.

Java 6 Update 16<---------uninstall this from add/remove programs

Java 6 Update 22<--------update this one: control panel > Java > Update

Let me know how it is in a day or two, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.