Jump to content

Can't Update MBAM, something infected my computer


mecanady

Recommended Posts

Hi, something is up with my computer. Initially, a popup window started showing up on my computer reading:

"Warning your computer contains various signs of viruses and malware programs presence. Your system requires immediate antivirus check! Antivirus 2010 will perform quick and free online checking of your PC"

First, I immediately installed MBAM from a clean flash drive because I was sure this was the Antivirus 2010 virus. All research said to just run MBAM. MBAM installed just fine, but it would not update; instead it gives the error "MBAM_ERROR_UPDATING (0, 0 WinHttpSendRequest). I uninstalled MBAM using the control panel and restarting method recommended, then reinstalled, but still the same error. I've read on other threads this could be a DNS issue, but our router seems to be working fine. I ran a full scan anyway with MBAM and nothing showed up (log below).

I researched on ways to manually remove Antivirus 2010 and it suggested Spyware Doctor and a registry cleaner. I used registrymum and it fixed 10 registry "errors or problems," the other 600+ could not be addressed without registering (I found it odd there this many registry "issues" let alone this Antivirus 2010 problem as my computer is a brand new laptop I bought from Best Buy a week ago and I have hardly used it let alone visited any questionable sites or downloaded any thing risky). I ran two full scans with Spyware Doctor, which I was able to download and update, but it too found nothing.

I've also run Spybot and it found the following:

"Adbrite

Fastclick

Rightmedia (i think that's what it was)

Win32.pornpopup"

I researched the Win32.pornpop because that sounded bad, plus there has been absolutely no porn on this computer seeing as it's hardly been used or been out of the box long enough (and I doubt my girlfriend used it to surf porn when she has two laptops of her own). I found out the Win32.pornpop up could just be harmless, if annoying, cookie issue that could have come from a legit site. So, I downloaded and ran Index.da Analyzer 2.5, which cleared the cookies. Another scan with Spybot showed no results. I have yet to restart my computer to see if the stuff shows back up on Spybot, but from what I've read even if it does, it's not that big a deal.

So, the real problem is that right after all this, the Spydoctor scan, registry cleaning, Spybot scan, and Index.da sweep - the Antivirus 2010 popup showed up yet again. I'm starting to think the two (spybot results and the Antivirus 2010) aren't related or one is systematic of the other. Also, I still cannot update MBAM, which I suppose could be the issue in not finding the Antivirus 2010 issue to remove it. Or, am I just being paranoid and this isn't an issue at all?

Interestingly, there are four laptops on my home wireless network (my gf's two and my old one and this brand new one). This issue started a few days ago on all 4 computers. Scans on all computers show no threats, but they all get the same Antivirus 2010 message. On two of the laptops there are page redirects from Google searches to entertainment sights (not porn) or redirects to blank pages. Also, the internet is slow.

A week ago my old laptop had several issues that were addressed and cured on the MBAM forums. During that episode the router was knocked out (not confirmed by what happened, could be a freak coincidence) but the other computers were not affected.

Help!

LOG:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/24/2010 5:46:28 PM

mbam-log-2010-09-24 (17-46-28).txt

Scan type: Full scan (C:\|D:\|Q:\|)

Objects scanned: 201408

Time elapsed: 26 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello mecanady,

The details you provided are appreciated. Let's do keep in mind we can only deal with 1 computer at a time in a single topic.

So let's keep "this topic" for "this specific" pc only.

But I would recommend you disconnect (for the time being) the other pc's that are having the same issues. Shutdown the (other systems) pc's similar issues.

You said

I used registrymum and it fixed 10 registry .....
Use of registry cleaners by someone untrained is ill-advised, most especially if you grabbed that from an unknown origin.

Also, use of registry cleaners (in general) is not advised.

DE-install registrymum

If you cannot download tools with "this" system, use a known-clean system to do downloads and save to CD/DVD or onto an unused (new) or known-clean USB thumb drive. Then transport & put tools on Desktop of this pc.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not mecanady and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Step 2

Show all files:

  • Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg , and then click Control Panel >> Appearance and Personalization >> Folder Options.
  • Click the View tab.
    Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
  • Click Apply > OK.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Step 3

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to start the tool, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr

or http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please include the following logs in your next reply:

TDSSKILLER log

DDS.txt

Attach.txt

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

I ran all the diagnostic programs without a problem on this pc. I shutdown the other three laptops (with much chagrin to my gf's WoW habit). TDSS Killer didn't find anything and didn't require reboot. Here are the three logs:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Mark on 09/25/2010 at 15:51:49.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Users\Mark\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Users\Mark\Desktop\rkill.com

Rkill completed on 09/25/2010 at 15:56:23.

2010/09/25 15:59:44.0329 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/25 15:59:44.0329 ================================================================================

2010/09/25 15:59:44.0329 SystemInfo:

2010/09/25 15:59:44.0329

2010/09/25 15:59:44.0329 OS Version: 6.1.7600 ServicePack: 0.0

2010/09/25 15:59:44.0329 Product type: Workstation

2010/09/25 15:59:44.0329 ComputerName: MARK-PC

2010/09/25 15:59:44.0329 UserName: Mark

2010/09/25 15:59:44.0329 Windows directory: C:\Windows

2010/09/25 15:59:44.0329 System windows directory: C:\Windows

2010/09/25 15:59:44.0329 Running under WOW64

2010/09/25 15:59:44.0329 Processor architecture: Intel x64

2010/09/25 15:59:44.0329 Number of processors: 4

2010/09/25 15:59:44.0329 Page size: 0x1000

2010/09/25 15:59:44.0329 Boot type: Normal boot

2010/09/25 15:59:44.0329 ================================================================================

2010/09/25 15:59:44.0329 Utility is running under WOW64

2010/09/25 15:59:44.0519 Initialize success

2010/09/25 15:59:58.0089 ================================================================================

2010/09/25 15:59:58.0089 Scan started

2010/09/25 15:59:58.0089 Mode: Manual;

2010/09/25 15:59:58.0089 ================================================================================

2010/09/25 15:59:58.0469 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/09/25 15:59:58.0579 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/09/25 15:59:58.0679 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/09/25 15:59:58.0799 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/09/25 15:59:58.0909 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/09/25 15:59:59.0029 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/09/25 15:59:59.0149 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/09/25 15:59:59.0269 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/09/25 15:59:59.0389 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/09/25 15:59:59.0499 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/09/25 15:59:59.0589 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/09/25 15:59:59.0689 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/09/25 15:59:59.0799 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/09/25 15:59:59.0909 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/09/25 16:00:00.0019 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/09/25 16:00:00.0129 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/09/25 16:00:00.0249 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/09/25 16:00:00.0379 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/09/25 16:00:00.0399 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/09/25 16:00:00.0499 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/09/25 16:00:00.0629 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/09/25 16:00:00.0769 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys

2010/09/25 16:00:00.0979 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/09/25 16:00:01.0129 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/09/25 16:00:01.0229 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/09/25 16:00:01.0319 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/09/25 16:00:01.0409 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/09/25 16:00:01.0449 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/09/25 16:00:01.0469 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/09/25 16:00:01.0519 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/09/25 16:00:01.0549 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/09/25 16:00:01.0569 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/09/25 16:00:01.0589 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/09/25 16:00:01.0619 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/09/25 16:00:01.0709 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/09/25 16:00:01.0759 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/09/25 16:00:01.0839 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/09/25 16:00:01.0909 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/09/25 16:00:02.0069 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/09/25 16:00:02.0109 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/09/25 16:00:02.0139 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/09/25 16:00:02.0269 CnxtHdAudService (c1ee6fa6a870132bb71f2c8830779c59) C:\Windows\system32\drivers\CHDRT64.sys

2010/09/25 16:00:02.0389 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/09/25 16:00:02.0419 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/09/25 16:00:02.0479 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/09/25 16:00:02.0599 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/09/25 16:00:02.0629 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/09/25 16:00:02.0679 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/09/25 16:00:02.0809 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/09/25 16:00:02.0889 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/09/25 16:00:03.0009 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/09/25 16:00:03.0189 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/09/25 16:00:03.0259 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/09/25 16:00:03.0349 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/09/25 16:00:03.0379 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/09/25 16:00:03.0449 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/09/25 16:00:03.0489 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/09/25 16:00:03.0499 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/09/25 16:00:03.0529 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/09/25 16:00:03.0549 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/09/25 16:00:03.0579 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/09/25 16:00:03.0599 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/09/25 16:00:03.0659 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/09/25 16:00:03.0719 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/09/25 16:00:03.0859 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/09/25 16:00:03.0879 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/09/25 16:00:03.0929 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/09/25 16:00:03.0989 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

2010/09/25 16:00:04.0019 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/09/25 16:00:04.0039 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/09/25 16:00:04.0059 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/09/25 16:00:04.0109 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/09/25 16:00:04.0159 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/09/25 16:00:04.0199 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/09/25 16:00:04.0229 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/09/25 16:00:04.0259 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/09/25 16:00:04.0389 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys

2010/09/25 16:00:04.0479 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/09/25 16:00:04.0739 igfx (7467ae8f96ea983423148c62458669fa) C:\Windows\system32\DRIVERS\igdkmd64.sys

2010/09/25 16:00:04.0979 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/09/25 16:00:05.0059 Impcd (c48567d80ad357613cd0eeade18780ae) C:\Windows\system32\DRIVERS\Impcd.sys

2010/09/25 16:00:05.0159 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys

2010/09/25 16:00:05.0209 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/09/25 16:00:05.0239 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/09/25 16:00:05.0289 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/09/25 16:00:05.0309 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/09/25 16:00:05.0329 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/09/25 16:00:05.0379 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/09/25 16:00:05.0389 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/09/25 16:00:05.0429 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/09/25 16:00:05.0479 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/09/25 16:00:05.0519 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/09/25 16:00:05.0559 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/09/25 16:00:05.0599 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/09/25 16:00:05.0679 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/09/25 16:00:05.0789 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys

2010/09/25 16:00:05.0909 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/09/25 16:00:06.0049 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/09/25 16:00:06.0079 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/09/25 16:00:06.0099 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/09/25 16:00:06.0119 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/09/25 16:00:06.0159 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/09/25 16:00:06.0249 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/09/25 16:00:06.0279 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/09/25 16:00:06.0309 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/09/25 16:00:06.0379 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/09/25 16:00:06.0459 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/09/25 16:00:06.0539 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/09/25 16:00:06.0579 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/09/25 16:00:06.0599 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/09/25 16:00:06.0619 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/09/25 16:00:06.0649 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/09/25 16:00:06.0679 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/09/25 16:00:06.0699 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/09/25 16:00:06.0729 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/09/25 16:00:06.0749 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/09/25 16:00:06.0769 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/09/25 16:00:06.0839 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/09/25 16:00:06.0869 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/09/25 16:00:06.0879 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/09/25 16:00:06.0959 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/09/25 16:00:06.0999 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/09/25 16:00:07.0019 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/09/25 16:00:07.0049 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/09/25 16:00:07.0079 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/09/25 16:00:07.0089 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/09/25 16:00:07.0129 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/09/25 16:00:07.0139 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/09/25 16:00:07.0209 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/09/25 16:00:07.0259 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/09/25 16:00:07.0339 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/09/25 16:00:07.0399 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/09/25 16:00:07.0419 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/09/25 16:00:07.0449 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/09/25 16:00:07.0509 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/09/25 16:00:07.0579 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/09/25 16:00:07.0609 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/09/25 16:00:07.0679 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/09/25 16:00:07.0719 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/09/25 16:00:07.0739 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/09/25 16:00:07.0789 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/09/25 16:00:07.0829 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

2010/09/25 16:00:07.0859 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/09/25 16:00:07.0899 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/09/25 16:00:07.0929 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/09/25 16:00:07.0949 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/09/25 16:00:08.0049 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/09/25 16:00:08.0129 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/09/25 16:00:08.0169 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/09/25 16:00:08.0199 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/09/25 16:00:08.0229 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/09/25 16:00:08.0239 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/09/25 16:00:08.0319 PCTCore (3a68080572b81577791a7b19bb880da9) C:\Windows\system32\drivers\PCTCore64.sys

2010/09/25 16:00:08.0399 pctgntdi (d6ad12ef986484d692253caca6882d89) C:\Windows\system32\drivers\pctgntdi64.sys

2010/09/25 16:00:08.0459 pctplsg (ccc67d848660b513ad01356b324727b2) C:\Windows\System32\drivers\pctplsg64.sys

2010/09/25 16:00:08.0489 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/09/25 16:00:08.0509 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/09/25 16:00:08.0609 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/09/25 16:00:08.0639 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/09/25 16:00:08.0689 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/09/25 16:00:08.0739 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/09/25 16:00:08.0819 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/09/25 16:00:08.0859 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/09/25 16:00:08.0879 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/09/25 16:00:08.0929 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/09/25 16:00:08.0969 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/09/25 16:00:08.0989 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/09/25 16:00:09.0019 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/09/25 16:00:09.0039 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/09/25 16:00:09.0069 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/09/25 16:00:09.0099 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/09/25 16:00:09.0119 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/09/25 16:00:09.0159 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/09/25 16:00:09.0189 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/09/25 16:00:09.0229 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/09/25 16:00:09.0279 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/09/25 16:00:09.0359 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\Windows\system32\Drivers\RtsUStor.sys

2010/09/25 16:00:09.0409 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/09/25 16:00:09.0579 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/09/25 16:00:09.0739 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/09/25 16:00:09.0809 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/09/25 16:00:09.0859 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/09/25 16:00:09.0889 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/09/25 16:00:09.0959 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/09/25 16:00:09.0989 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/09/25 16:00:10.0049 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/09/25 16:00:10.0089 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/09/25 16:00:10.0139 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys

2010/09/25 16:00:10.0179 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2010/09/25 16:00:10.0209 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2010/09/25 16:00:10.0249 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys

2010/09/25 16:00:10.0339 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/09/25 16:00:10.0369 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/09/25 16:00:10.0399 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/09/25 16:00:10.0519 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/09/25 16:00:10.0589 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys

2010/09/25 16:00:10.0619 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys

2010/09/25 16:00:10.0659 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys

2010/09/25 16:00:10.0709 ssfmonm (2c8842ac3fb749423311d934a3746fe2) C:\Windows\system32\DRIVERS\ssfmonm.sys

2010/09/25 16:00:10.0729 ssidrv (4a69c76bba285745a45045c4672f89c7) C:\Windows\system32\DRIVERS\ssidrv.sys

2010/09/25 16:00:10.0769 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/09/25 16:00:10.0809 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/09/25 16:00:10.0949 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/09/25 16:00:11.0139 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/09/25 16:00:11.0189 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/09/25 16:00:11.0229 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/09/25 16:00:11.0249 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/09/25 16:00:11.0279 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/09/25 16:00:11.0299 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/09/25 16:00:11.0349 TfFsMon (4b1c89130cf2e86921674de5ae7814e2) C:\Windows\system32\drivers\TfFsMon.sys

2010/09/25 16:00:11.0439 TfNetMon (a43b4746fb15e85ba816102c8ac5ef98) C:\Windows\system32\drivers\TfNetMon.sys

2010/09/25 16:00:11.0499 TfSysMon (761f2e2b759389a472bd3d94141742b9) C:\Windows\system32\drivers\TfSysMon.sys

2010/09/25 16:00:11.0629 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys

2010/09/25 16:00:11.0719 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/09/25 16:00:11.0839 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/09/25 16:00:11.0869 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/09/25 16:00:11.0929 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

2010/09/25 16:00:11.0969 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/09/25 16:00:12.0079 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/09/25 16:00:12.0119 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/09/25 16:00:12.0149 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/09/25 16:00:12.0249 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/09/25 16:00:12.0289 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/09/25 16:00:12.0309 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

2010/09/25 16:00:12.0339 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

2010/09/25 16:00:12.0369 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/09/25 16:00:12.0389 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/09/25 16:00:12.0409 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/09/25 16:00:12.0429 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/09/25 16:00:12.0469 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

2010/09/25 16:00:12.0499 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/09/25 16:00:12.0539 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/09/25 16:00:12.0549 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/09/25 16:00:12.0569 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/09/25 16:00:12.0599 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/09/25 16:00:12.0629 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/09/25 16:00:12.0649 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/09/25 16:00:12.0679 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/09/25 16:00:12.0709 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/09/25 16:00:12.0739 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/09/25 16:00:12.0769 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/09/25 16:00:12.0799 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2010/09/25 16:00:12.0849 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/09/25 16:00:12.0879 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/25 16:00:12.0899 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/25 16:00:12.0949 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/09/25 16:00:12.0969 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/09/25 16:00:13.0109 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/09/25 16:00:13.0139 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/09/25 16:00:13.0219 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/09/25 16:00:13.0349 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/09/25 16:00:13.0399 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/09/25 16:00:13.0469 ================================================================================

2010/09/25 16:00:13.0469 Scan finished

2010/09/25 16:00:13.0469 ================================================================================

DDS (Ver_09-09-29.01) - NTFSx86

Run by Mark at 16:01:31.64 on Sat 09/25/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2184 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe

C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Gateway\Optical Drive Power Management\ODDPWR.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Video Web Camera\traybar.exe

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Users\Mark\AppData\Local\Apps\2.0\N2NL8HCA.8KT\QPWBN0OW.32P\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe

C:\Program Files (x86)\Spyware Doctor\pctsTray.exe

C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE

C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\agcp.exe

C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Mark\Desktop\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=id49c&r=273609105605l0484z165a46k2d26o

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=id49c&r=273609105605l0484z165a46k2d26o

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=id49c&r=273609105605l0484z165a46k2d26o

mLocal Page = c:\windows\syswow64\blank.htm

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [googletalk] "c:\users\mark\appdata\roaming\google\google talk\googletalk.exe" /autostart

mRun: [iAStorIcon] "c:\program files (x86)\intel\intel® rapid storage technology\IAStorIcon.exe"

mRun: [backupManagerTray] "c:\program files (x86)\newtech infosystems\gateway mybackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [LManager] "c:\program files (x86)\launch manager\LManager.exe"

mRun: [Camera Assistant Software] "c:\program files (x86)\video web camera\traybar.exe"

mRun: [WebrootTrayApp] "c:\program files (x86)\webroot\security\current\framework\WRTray.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iSTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"

StartupFolder: c:\users\mark\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll

LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\ix6txse5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore64.sys --> c:\windows\system32\drivers\PCTCore64.sys [?]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

R1 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi64.sys --> c:\windows\system32\drivers\pctgntdi64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\launch manager\dsiwmis.exe [2010-4-29 312400]

R2 ePowerSvc;Acer ePower Service;c:\program files\gateway\gateway power management\ePowerSvc.exe [2010-6-14 866336]

R2 GREGService;GREGService;c:\program files (x86)\gateway\registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-4-29 13336]

R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\gateway mybackup\IScheduleSvc.exe [2010-3-8 250368]

R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\gateway\optical drive power management\ODDPWRSvc.exe [2010-6-14 171040]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-23 1153368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-9-24 365280]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys --> c:\windows\system32\drivers\ssfmonm.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-6-14 2320920]

R2 Updater Service;Updater Service;c:\program files\gateway\gateway updater\UpdaterService.exe [2010-4-29 243232]

R2 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\security\current\framework\WRConsumerService.exe [2010-8-26 3050048]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\hecix64.sys --> c:\windows\system32\drivers\HECIx64.sys [?]

R3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\intcdaud.sys --> c:\windows\system32\drivers\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c62x64.sys --> c:\windows\system32\drivers\L1C62x64.sys [?]

R3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg64.sys --> c:\windows\system32\drivers\pctplsg64.sys [?]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\sftfslh.sys --> c:\windows\system32\drivers\Sftfslh.sys [?]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\sftplaylh.sys --> c:\windows\system32\drivers\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\sftredirlh.sys --> c:\windows\system32\drivers\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\sftvollh.sys --> c:\windows\system32\drivers\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

R3 ThreatFire;ThreatFire;c:\program files (x86)\spyware doctor\tfengine\tfservice.exe service --> c:\program files (x86)\spyware doctor\tfengine\TFService.exe service [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys --> c:\windows\system32\drivers\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-9-15 135664]

S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files (x86)\common files\nero\nero backitup 4\NBService.exe [2010-1-15 935208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-4-29 332272]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rtsustor.sys --> c:\windows\system32\drivers\RtsUStor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]

=============== Created Last 30 ================

2010-09-25 11:14 9,346 a------- C:\InformationalData.tmp

2010-09-25 11:14 884 a------- C:\DetectionData.tmp

2010-09-24 19:27 <DIR> --d----- c:\users\mark\appdata\roaming\Systenance

2010-09-24 19:26 <DIR> --d----- c:\program files (x86)\Index.dat Analyzer

2010-09-24 18:10 <DIR> --d----- c:\users\mark\appdata\roaming\PC Tools

2010-09-24 18:10 <DIR> --d----- c:\programdata\PC Tools

2010-09-24 18:10 <DIR> --d----- c:\program files (x86)\Spyware Doctor

2010-09-24 18:10 <DIR> --d----- c:\program files (x86)\common files\PC Tools

2010-09-24 18:10 <DIR> --d----- c:\progra~3\PC Tools

2010-09-24 17:59 <DIR> --d----- c:\users\mark\appdata\roaming\GetRightToGo

2010-09-24 17:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-24 17:12 <DIR> --d----- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-09-23 20:26 <DIR> --d----- c:\programdata\Spybot - Search & Destroy

2010-09-23 20:26 <DIR> --d----- c:\program files (x86)\Spybot - Search & Destroy

2010-09-23 20:26 <DIR> --d----- c:\progra~3\Spybot - Search & Destroy

2010-09-23 17:50 <DIR> --d----- c:\users\mark\appdata\roaming\Malwarebytes

2010-09-23 17:50 <DIR> --d----- c:\programdata\Malwarebytes

2010-09-23 17:50 <DIR> --d----- c:\progra~3\Malwarebytes

2010-09-22 12:53 <DIR> --d----- c:\users\mark\appdata\roaming\TrueCrypt

2010-09-22 12:32 <DIR> --d----- c:\users\mark\appdata\roaming\BleachBit

2010-09-21 00:16 <DIR> --d----- c:\program files (x86)\Ventrilo

2010-09-21 00:16 268 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2010-09-21 00:15 <DIR> --d----- c:\program files (x86)\common files\Wise Installation Wizard

2010-09-17 13:32 <DIR> --d----- c:\windows\system32\Wat

2010-09-17 00:56 0 a------- c:\windows\system32\shoBCB7.tmp

2010-09-17 00:54 <DIR> --d----- c:\program files (x86)\MSXML 4.0

2010-09-16 20:18 <DIR> --d----- c:\programdata\Blizzard Entertainment

2010-09-16 20:18 <DIR> --d----- c:\progra~3\Blizzard Entertainment

2010-09-16 19:37 641,536 a------- c:\windows\system32\CPFilters.dll

2010-09-16 19:37 199,680 a------- c:\windows\system32\mpg2splt.ax

2010-09-16 19:37 204,288 a------- c:\windows\system32\MSNP.ax

2010-09-16 19:35 1,289,528 a------- c:\windows\system32\ntdll.dll

2010-09-16 19:34 571,904 a------- c:\windows\system32\oleaut32.dll

2010-09-16 19:21 <DIR> --d----- c:\programdata\VirtualizedApplications

2010-09-16 19:21 <DIR> --d----- c:\progra~3\VirtualizedApplications

2010-09-16 17:07 <DIR> --d----- c:\users\mark\appdata\roaming\SoftGrid Client

2010-09-16 17:05 731,106 a------- c:\windows\system32\PerfStringBackup.INI

2010-09-16 17:05 <DIR> --d----- c:\program files (x86)\Microsoft Application Virtualization Client

2010-09-16 17:01 <DIR> --d----- c:\users\mark\appdata\roaming\TP

2010-09-16 16:10 1,130,824 a------- c:\windows\system32\dfshim.dll

2010-09-16 16:10 297,808 a------- c:\windows\system32\mscoree.dll

2010-09-16 16:10 295,264 a------- c:\windows\system32\PresentationHost.exe

2010-09-16 16:10 99,176 a------- c:\windows\system32\PresentationHostProxy.dll

2010-09-16 16:10 49,472 a------- c:\windows\system32\netfxperf.dll

2010-09-16 14:35 658 a------- c:\windows\WinInit.Ini

2010-09-16 13:47 3,955,080 a------- c:\windows\system32\ntkrnlpa.exe

2010-09-16 13:47 3,899,784 a------- c:\windows\system32\ntoskrnl.exe

2010-09-16 13:45 978,432 a------- c:\windows\system32\wininet.dll

2010-09-16 13:45 1,638,912 a------- c:\windows\system32\mshtml.tlb

2010-09-16 13:43 96,768 a------- c:\windows\system32\sspicli.dll

2010-09-16 13:43 22,016 a------- c:\windows\system32\secur32.dll

2010-09-16 13:39 2,048 a------- c:\windows\system32\tzres.dll

2010-09-16 11:47 122,880 a------- c:\windows\system32\pdfmont.dll

2010-09-16 11:47 <DIR> --d----- c:\program files (x86)\PDF4Free

2010-09-16 10:14 740,864 a------- c:\windows\system32\inetcomm.dll

2010-09-16 09:30 82,944 a------- c:\windows\system32\iccvid.dll

2010-09-16 09:00 293,888 a------- c:\windows\system32\atmfd.dll

2010-09-16 09:00 34,304 a------- c:\windows\system32\atmlib.dll

2010-09-16 08:20 67,584 a------- c:\windows\system32\asycfilt.dll

2010-09-16 08:11 427,520 a------- c:\windows\system32\vbscript.dll

2010-09-16 08:11 224,256 a------- c:\windows\system32\schannel.dll

2010-09-16 07:07 37,376 a------- c:\windows\system32\rtutils.dll

2010-09-16 06:17 1,233,920 a------- c:\windows\system32\msxml3.dll

2010-09-16 00:41 <DIR> --d----- c:\programdata\CyberLink

2010-09-16 00:41 <DIR> --d----- c:\users\mark\appdata\roaming\SNS

2010-09-15 20:42 <DIR> --d----- c:\program files (x86)\common files\Blizzard Entertainment

2010-09-15 20:42 <DIR> --d----- c:\programdata\Blizzard

2010-09-15 20:42 <DIR> --d----- c:\progra~3\Blizzard

2010-09-15 18:49 <DIR> --d----- c:\program files (x86)\Webroot

2010-09-15 18:48 <DIR> -cd-h--- c:\programdata\{5D7316EC-0EDC-4C87-A589-9244C286BC92}

2010-09-15 18:48 <DIR> -cd-h--- c:\progra~3\{5D7316EC-0EDC-4C87-A589-9244C286BC92}

2010-09-15 18:46 <DIR> --d----- c:\programdata\Webroot

2010-09-15 18:46 <DIR> --d----- c:\progra~3\Webroot

2010-09-15 17:21 172,032 a------- c:\windows\system32\wintrust.dll

2010-09-15 17:21 132,608 a------- c:\windows\system32\cabview.dll

2010-09-15 17:19 <DIR> --d----- c:\users\mark\appdata\roaming\Intel Corporation

2010-09-15 17:16 <DIR> --d----- c:\users\Mark

2010-09-15 17:16 <DIR> --dsh--- C:\Recovery

2010-09-15 17:16 <DIR> --dsh--- c:\programdata\Documents

2010-09-15 17:16 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

2010-07-06 23:52 135,168 a------- c:\windows\apppatch\apppatch64\AcXtrnal.dll

2010-07-06 23:52 347,648 a------- c:\windows\apppatch\apppatch64\AcLayers.dll

2009-07-13 23:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat

2009-07-13 23:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat

2009-07-13 23:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat

2009-07-13 23:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat

2009-07-13 22:54 174 a--sh--- c:\program files (x86)\desktop.ini

2009-07-13 19:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat

2009-07-13 19:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat

2009-07-13 19:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat

2009-07-13 19:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 14:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat

2009-07-13 19:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-13 19:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:04:40.02 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/15/2010 5:16:46 PM

System Uptime: 9/25/2010 12:58:49 PM (4 hours ago)

Motherboard: Acer | | ID49C

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 2266/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 453 GiB total, 399.881 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP15: 9/24/2010 11:14:55 AM - Windows Update

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2 MUI

Advertising Center

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Backup Manager Basic

Best Buy Software Installer

Compatibility Pack for the 2007 Office system

Curse Client

CyberLink PowerDVD 9

Gateway InfoCentre

Gateway MyBackup

Gateway Power Management

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Social Networks

Gateway Updater

Glowing Touchpad

Google Talk (remove only)

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Index.dat Analyzer v2.5

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Junk Mail filter update

Launch Manager

Malwarebytes' Anti-Malware

Microsoft Choice Guard

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.6.10)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Optical Drive Power Management

PDF4Free 2.0

Realtek USB 2.0 Card Reader

Spybot - Search & Destroy

Spyware Doctor 7.0

TrueCrypt

Ventrilo Client

Video Web Camera

Webroot Software

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

World of Warcraft

==== Event Viewer Messages From Past Week ========

9/25/2010 11:15:29 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

9/25/2010 11:13:02 AM, Error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).

9/25/2010 11:13:02 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/25/2010 11:09:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.

9/24/2010 6:24:33 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/23/2010 9:11:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 9:11:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/23/2010 9:11:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/23/2010 9:11:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/23/2010 9:11:28 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21

9/23/2010 9:11:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr SRTSP SRTSPX truecrypt Wanarpv6

9/23/2010 9:11:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/23/2010 9:11:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:51:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/23/2010 5:49:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/23/2010 5:49:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx truecrypt vwififlt Wanarpv6 WfpLwf

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/23/2010 5:49:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/23/2010 10:17:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2010 6:18:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

9/18/2010 3:19:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

==== End Of File ===========================

Link to post
Share on other sites

If you did not purchase Spyware Docotor, can I have you de-install it?

That would be one less startup and less overhead.

What did you or do you have from Webroot? did you used to have SpySweeper and if so, was it a purchase?

Please let me know answers to the above.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with MBAM scan log and answers to above.

P.S. Just the newest 3 entries in your system log, shows sone residual (lefovers) from add-on applications:

9/25/2010 11:13:02 AM, Error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).

9/25/2010 11:13:02 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/25/2010 11:09:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.

Removing Spyware Docotor show take care of 1st one.

Next round we will have to get and run the Norton removal tool ---- but FIRST

Tell me what Antivirus program is installed here ?

Edited by Maurice Naggar
Link to post
Share on other sites

Spydoctor has been uninstalled; I did not buy it. I ran the Norton removal tool earlier and thought it had removed it all. My computer restarted for the Spydoctor uninstall, so maybe now all the other leftovers are gone.

Webroot is the antivirus software I use, specifically Webroot Antivirus with Spy Sweeper. I purchased it when I bought the computer last week from Best Buy. I installed it from the CD. Is the Spysweeper you are referring to the same as the "with Spy Sweeper" part of Webroot?

I did everything asked for MBAM. All the items are checked. However, it still says the same error when it tries to update: "MBAM_ERROR_UPDATING (0, 0 WinHttpSendRequest)" Should I go ahead and scan without an update, or is there a way I can update manually? (I did try to find a way to update manually before I started this thread, but every time I clicked on the link in other forum threads, the page wouldn't load - page not found, error on page, etc...).

Link to post
Share on other sites

Webroot is the antivirus software I use, specifically Webroot Antivirus with Spy Sweeper. I purchased it when I bought the computer last week from Best Buy. I installed it from the CD. Is the Spysweeper you are referring to the same as the "with Spy Sweeper" part of Webroot?

Yes.

Give this a try to get a refresh of the Rules.def and afterwards, do the MBAM scan.

1) For the moment, insure that MBAM is not running.

2) Download and save mbam-rules.exe from >> here <<

3) RUN mbam-rules.exe

4) The rules.ref file should go to

?FOR Windows Vista and Windows 7:

?C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

?FOR Windows XP and 2000

?C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Now run a Quick Scan with MBAM and post log

Edited by Maurice Naggar
Link to post
Share on other sites

When i tried to click on the link to MBAM rules the page wouldn't load:

Tab says: "Problem loading page"

Server not found

Firefox can't find the server at data.mbamupdates.com.

* Check the address for typing errors such as

ww.example.com instead of

www.example.com

* If you are unable to load any pages, check your computer's network

connection.

* If your computer or network is protected by a firewall or proxy, make sure

that Firefox is permitted to access the Web.

This is the same thing as what I described before. I can try to find a clean computer to download on. Would that work?

Link to post
Share on other sites

Yes, if you have access to clean system, you can download the file and copy and transport to this and then run.

Next:

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Next:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Reply with copy of the DrWeb Cure-It log

OTL.txt

Extras.txt

Checkup.txt

Copy and Paste your logs inside the reply-text box. Do not use the attachment aption.

Link to post
Share on other sites

As I try again and again to reply with the logs I wonder if it wouldn't just be easier to to reload windows with the reboot disks, I'm getting more page redirects and on this particular reply, and I've had to close the window due to firefox freezing up a few times (now in retrospect as I copy and paste this, due to the enormity of the CureIt file). I will try to get this reply done before my computer decides to not let me. I apologize if the following is curt, but I'm afraid I won't finished before it all goes haywire again.

Okay, got updated rules for MBAM, installed. MBAM found nothing.

Ran Dr.Cureit. First round of scans scan (did express scan, no results), in full scan got interrupted because I didn't have my truecrypt drive mounted. First scan found five things, quarantined four, deleted one before i reran it. Reran express scan (found nothing) and reran full scan, found two things this time (two things it found before): DoctorWeb:Quarantine, trojandownloaders. There was no option to "move incurable" but it looked like it moved it already. I tried several times to save the log after the complete scan (second scan, but first scan not completed) - nothing happened. I rebooted and I found in the DoctorWeb Quarantine the following three things: "descript.ion"; "F6E90DE7d01"; and "rkill." And the log posted below, but I think the log is from the first incomplete scan, which looks like it doesn't report the 5 things it found before it got stopped.

I ran OTL and Security Check.

After all that, there are still page redirects and popups, so I don't think Dr.Cureit did anything. I know this isn't you're fault and I'm sorry I wasn't able to comply with all of your directions at this time. That being said, I'm further sorry, but the Cureit Logs are attached, not pasted, below. I've tried time and time again too simply paste them below, but my browser isn't agreeing with the log's extraordinary length and every time I just get a blank page after a few minutes with "Done" at the lower right hand corer and no new reply added. Here are the OTL, Extras, and Security check logs:

****The Cureit Log propeties say it's over 10MB large...so it won't load properly. I've compressed it and attached it.

LOGS:

OTL logfile created on: 9/26/2010 10:26:23 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Mark\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 452.65 Gb Total Space | 398.57 Gb Free Space | 88.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARK-PC

Current User Name: Mark

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/26 17:05:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe

PRC - [2010/08/26 08:38:01 | 001,277,672 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe

PRC - [2010/08/26 08:33:58 | 003,050,048 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

PRC - [2010/08/25 16:56:58 | 003,867,096 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe

PRC - [2010/08/25 16:56:48 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe

PRC - [2010/04/29 21:45:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/04/07 22:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/04/07 22:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/04/07 22:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/03/12 18:06:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe

PRC - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2010/03/08 17:55:42 | 000,252,928 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2010/02/25 23:39:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

PRC - [2009/12/23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/12/23 18:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007/01/16 04:21:18 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files (x86)\Panasonic\Panasonic KX-P7105 and KX-P7110\Status Display\stmndsp.exe

PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Mark\AppData\Roaming\Google\Google Talk\googletalk.exe

PRC - [2006/11/03 08:37:22 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic KX-P7105 and KX-P7110\Status Display\PeekMMF.exe

PRC - [2003/02/09 11:14:50 | 000,057,344 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files (x86)\Panasonic\Remote server\KMENTSRV.exe

========== Modules (SafeList) ==========

MOD - [2010/09/26 17:05:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe

MOD - [2009/07/13 19:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/22 11:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)

SRV:64bit: - [2010/03/17 11:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/08/26 08:33:58 | 003,050,048 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)

SRV - [2010/08/25 16:56:58 | 003,867,096 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)

SRV - [2010/04/29 21:45:45 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)

SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/04/07 22:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/12/23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2003/02/09 11:14:50 | 000,057,344 | ---- | M] (Panasonic Communications Co.,Ltd.) [Auto | Running] -- C:\Program Files (x86)\Panasonic\Remote server\KMENTSRV.exe -- (KME Remote Server)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)

DRV:64bit: - [2010/09/22 12:51:23 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2010/06/17 14:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)

DRV:64bit: - [2010/06/17 14:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)

DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/04/14 23:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2010/04/14 20:46:56 | 000,727,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/04/06 20:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/03/24 03:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/03/04 03:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/01/25 03:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/01/07 13:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/01/06 07:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...84z165a46k2d26o

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...84z165a46k2d26o

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...84z165a46k2d26o

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...84z165a46k2d26o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...84z165a46k2d26o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/20 18:32:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/20 18:32:20 | 000,000,000 | ---D | M]

[2010/09/20 18:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions

[2010/09/26 09:57:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ix6txse5.default\extensions

[2010/09/22 12:36:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ix6txse5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/20 18:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/23 18:45:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Gateway\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PeekMMF] C:\Program Files (x86)\Panasonic\Panasonic KX-P7105 and KX-P7110\Status Display\PeekMMF.exe ()

O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )

O4 - HKCU..\Run: [googletalk] C:\Users\Mark\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx (WRC Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\DoctorWeb

[2010/09/26 17:05:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe

[2010/09/26 10:26:43 | 000,040,960 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysNative\PSCLM64C.DLL

[2010/09/26 10:26:34 | 000,061,507 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\KME_SRCH.DLL

[2010/09/26 10:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic shared

[2010/09/26 10:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2010/09/26 10:26:33 | 000,200,769 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08425sn.dll

[2010/09/26 10:26:33 | 000,090,175 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\kme_rout.dll

[2010/09/26 10:26:33 | 000,061,440 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\kme_snmp.dll

[2010/09/26 10:26:33 | 000,049,152 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\kme_srvc.dll

[2010/09/26 10:26:33 | 000,045,056 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\snmp_Str.dll

[2010/09/26 10:26:33 | 000,032,768 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08425pt.dll

[2010/09/26 10:26:32 | 000,102,400 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08415sn.dll

[2010/09/26 10:26:32 | 000,090,112 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08000sn.dll

[2010/09/26 10:26:32 | 000,077,824 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08000sm.dll

[2010/09/26 10:26:32 | 000,053,248 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08425ms.dll

[2010/09/26 10:26:32 | 000,040,960 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08425mp.dll

[2010/09/26 10:26:32 | 000,032,768 | ---- | C] (Kyushu Matsushita Electric Co.,Ltd) -- C:\Windows\SysWow64\k08425ln.dll

[2010/09/26 10:26:31 | 000,094,273 | ---- | C] (Kyushu Matsushita Electric Co.,Ltd) -- C:\Windows\SysWow64\K08000RM.dll

[2010/09/26 10:26:31 | 000,086,081 | ---- | C] (Kyushu Matsushita Electric Co.,Ltd) -- C:\Windows\SysWow64\K08000MS.dll

[2010/09/26 10:26:31 | 000,065,536 | ---- | C] (Kyushu Matsushita Electric Co., Ltd.) -- C:\Windows\SysWow64\k08000sc.dll

[2010/09/26 10:26:31 | 000,061,440 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\k07105rm.dll

[2010/09/26 10:26:30 | 000,135,168 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\K07105pt.dll

[2010/09/26 10:26:30 | 000,131,072 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\K07105sn.dll

[2010/09/26 10:26:29 | 000,147,456 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\K07105mp.dll

[2010/09/26 10:26:29 | 000,122,880 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\K07105ln.dll

[2010/09/26 10:26:29 | 000,053,248 | ---- | C] (Panasonic Communications Co.,Ltd.) -- C:\Windows\SysWow64\K07105MS.dll

[2010/09/26 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\InstallShield

[2010/09/26 10:25:31 | 000,000,000 | ---D | C] -- C:\P7105

[2010/09/25 15:59:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\tdsskiller

[2010/09/24 19:27:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Systenance

[2010/09/24 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Index.dat Analyzer

[2010/09/24 18:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/09/24 17:59:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Downloads

[2010/09/24 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\GetRightToGo

[2010/09/24 17:12:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/09/24 17:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/09/24 16:22:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Help

[2010/09/23 20:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/09/23 20:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/09/23 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes

[2010/09/23 17:50:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/09/23 17:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/22 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\TrueCrypt

[2010/09/22 12:51:23 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys

[2010/09/22 12:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2010/09/22 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\BleachBit

[2010/09/21 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Ventrilo

[2010/09/21 00:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo

[2010/09/21 00:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2010/09/20 18:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla

[2010/09/20 18:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla

[2010/09/20 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010/09/19 20:47:42 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apps

[2010/09/19 20:47:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Deployment

[2010/09/18 15:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Games

[2010/09/17 13:32:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/09/17 13:32:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/09/17 00:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/09/17 00:51:59 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

[2010/09/16 20:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2010/09/16 19:37:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/09/16 19:37:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/09/16 19:37:25 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/09/16 19:37:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/09/16 19:37:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/09/16 19:37:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/09/16 19:37:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/09/16 19:35:46 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/09/16 19:34:00 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010/09/16 19:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2010/09/16 17:08:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SoftGrid Client

[2010/09/16 17:07:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\SoftGrid Client

[2010/09/16 17:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/09/16 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client

[2010/09/16 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\TP

[2010/09/16 16:10:35 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/09/16 16:10:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/09/16 16:10:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/09/16 16:10:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/09/16 16:10:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/09/16 16:10:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/09/16 16:10:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/09/16 16:10:34 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/09/16 13:47:02 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/09/16 13:47:01 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2010/09/16 13:47:01 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2010/09/16 13:45:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/09/16 13:45:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/09/16 13:45:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/09/16 13:45:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/09/16 13:45:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/09/16 13:45:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010/09/16 13:43:28 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2010/09/16 11:47:45 | 000,122,880 | ---- | C] (PDF Bean Inc.) -- C:\Windows\SysWow64\pdfmont.dll

[2010/09/16 11:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF4Free

[2010/09/16 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe

[2010/09/16 09:30:13 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/09/16 09:00:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/09/16 09:00:10 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/09/16 09:00:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/09/16 09:00:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/09/16 08:11:42 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2010/09/16 08:11:42 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll

[2010/09/16 07:07:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/09/16 07:07:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/09/16 06:48:33 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2010/09/16 00:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2010/09/16 00:41:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\SNS

[2010/09/16 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\My Stuff

[2010/09/15 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2010/09/15 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

[2010/09/15 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2010/09/15 19:10:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe

[2010/09/15 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Google

[2010/09/15 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Google

[2010/09/15 19:01:24 | 000,136,224 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys

[2010/09/15 19:01:24 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys

[2010/09/15 18:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2010/09/15 18:48:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5D7316EC-0EDC-4C87-A589-9244C286BC92}

[2010/09/15 18:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2010/09/15 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\PackageAware

[2010/09/15 18:39:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Diagnostics

[2010/09/15 17:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Best_Buy

CureIt.zip

Link to post
Share on other sites

Just thought I'd put this on here because it seemed really odd. The popup about my computer being infected and needing immediate scan for viruses popped up on my gf's iPhone this afternoon at the house. The phone does connect to the wifi router (and presumably has been connected this whole time, but no problems until today.) Can a virus really jump from a PC to a MAC let alone from a PC to an iPhone? Also, when my gf uses her laptops at work/school, she doesn't have any problems with either of them.

Could this be a router issue that could be solved by a hard restart of the router?

I also reran the express scan and full scan with Dr.Cureit today in case I messed it up the first two times. It found the same two things as before - already in quarantine. I didn't attach the log, but can if you need me too. I believe I understand why it's so large, b/c it just adds to the old log I guess. I reran OTL and Security Check - those logs are the same when compared with the logs I posted last night so I won't post those unless you ask for them.

Link to post
Share on other sites

It is up to you if at this point you want to wipe the HDD clean and install Windows fresh.

Let me know what you decide. It would be faster effortwise and timewise to start over fresh.

If you want to proceed forth with "hunt and remove" malware:

If pc has a physical connection to a modem or router, disconnect it.

If you have a router, unplug it from power.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Next, reconnect router if unplugged and wait for it to display all lights, and connected.

Wait about a minute or so.

Reconnect the connections of this pc to the modem or router.

Make sure that pc has internet connectivity.

Reply with MBAM scan log

Link to post
Share on other sites

Hi, thanks for all your help on this really irritating issue.

After the iPhone popup we were certain it was the router. We hard reset the router, started a new network with a new name, new password. Now, everything is working fine. Malwarebytes updated without any issue, and after both a quick and full scan, didn't detect anything (logs below). Spybot didn't find anything either. All the usual programs that generally start with windows (gchat etc..) are starting again and no more popups, page redirects, and internet is working much better.

So, I guess it was the router. Is it common for routers to get infected? Could malware mess up the DNS so the router couldn't operate properly so nothing could fix it? Or possibly the server got hijacked and hard reset fixed it?

Now that this is over, how should I proceed cleaning everything up as far as programs I installed, logs, etc... What about the malware that was found and quarantined by Dr. Web-cureit and Spybot Search & Destroy?

Thanks again!

***Quick Scan***

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4707

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/27/2010 6:20:56 PM

mbam-log-2010-09-27 (18-20-56).txt

Scan type: Quick scan

Objects scanned: 136853

Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

***FULL SCAN***

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4707

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/27/2010 6:53:52 PM

mbam-log-2010-09-27 (18-53-52).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Objects scanned: 219725

Time elapsed: 24 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hearty kudos & Bravo !

You've done very well.

Q: Is it common for routers to get infected?

A: It is not unheard of.

Q: Could malware mess up the DNS so the router couldn't operate properly so nothing could fix it?

Malware can affect DNS service.

Q: Or possibly the server got hijacked and hard reset fixed it?

The hard reset did the good turn in this case.

Now as to the cleanup of tools:

Delete RKILL.com

Delete TDSSKILLER.zip & .exe

Delete mbam-rules.exe

Delete Drweb-cureit.exe

Delete Securitycheck.exe

Older versions of Adobe Reader pose a potential security risk.

Click the Start button , click Control Panel, next select Programs, and then select Programs and Features.

De-install your Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Staying safer and recommendations

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.