Jump to content

Recommended Posts

Hi, I managed to pick up a fake antivirus called Open Cloud Security. I've tried everything within my means to get rid of it but nothing wants to run. I've tried downloading MWB but it shuts down after only a few seconds and won't open again, giving an error that says, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." None of the other programs I've tried will run either. I'm also getting google redirects while trying to search for answers... Any help would be greatly appreciated.

GMER didn't work either and I got the same error message as above, but I got the DDS logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Run by Brian at 0:27:15 on 2011-09-27

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2330 [GMT -6:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\201556196:461372659.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rP0ycS1iv3n4.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell Remote Access\ezi_ra.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Brian\AppData\Roaming\NAH40LEZUK.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\BingBar\BingBar.exe

C:\Program Files\Microsoft\BingBar\BingApp.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uWinlogon: Shell=explorer.exe,c:\users\brian\appdata\roaming\microsoft\windows\shell.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Windows Defender] c:\users\brian\appdata\roaming\NAH40LEZUK.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.miniclip.com/games/motocross-fever/en/"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [<NO NAME>]

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [imH5sWJ7dLgZhXk8234A] c:\windows\system32\rP0ycS1iv3n4.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{bed1705f-7558-40f7-9f52-6c6fbd58ea2e}\setup\hpzstub.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{679C2871-7A74-417D-9550-76D3CD0C75C6} : DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{74BF2032-1C5E-4D5B-8112-9BC56637410F} : DhcpNameServer = 24.116.2.50 24.116.2.34

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\9akob3e7.default\

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-26 64512]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-3-27 73728]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-26 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-26 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-27 40552]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-3-27 209408]

.

=============== Created Last 30 ================

.

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\uycS1ivD34m5LqY

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\HH6WJ7fgqwO

2011-09-27 05:38:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-27 05:38:44 -------- d-----w- c:\program files\Lavasoft

2011-09-27 05:26:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-27 05:05:06 -------- d-----w- c:\users\brian\appdata\roaming\K4Eg0c5dLRwUlOz

2011-09-27 05:05:05 -------- d-----w- c:\users\brian\appdata\roaming\ekVVuipQ6WTqktP

2011-09-27 04:54:14 -------- d-----w- c:\users\brian\appdata\roaming\E22bbnq6gT

2011-09-27 04:54:10 -------- d-----w- c:\users\brian\appdata\roaming\samH5sWJ7gZqXPo

2011-09-27 04:19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\do4HWfZkt0i4Hd8

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\aYwkUVlBzA

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\gcA1vD2o4Gs

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\bRZ9hYXwjVlBzN

2011-09-27 03:58:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-27 03:55:14 -------- d-----w- c:\users\brian\appdata\roaming\EhYw4ZXUlA35J

2011-09-27 03:55:13 -------- d-----w- c:\users\brian\appdata\roaming\xYUlvD2oFm5Q7E8

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\rBtzPNycAuDoFpG

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\msQJ6dEK8R9TwBz

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\lkIVrlONtPuSiDo

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\C4aQH6sWKfLgZjC

2011-09-27 02:53:45 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes

2011-09-27 02:53:18 -------- d-----w- c:\programdata\Malwarebytes

2011-09-27 02:40:07 -------- d-----w- c:\users\brian\appdata\roaming\kpmG5sQJ6E8R9T

2011-09-27 02:40:06 -------- d-----w- c:\users\brian\appdata\roaming\T1uvD2obF

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\k4aammH5sWJ7ELg

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\iOBtxP0yc1v3n

2011-09-27 02:30:01 2463744 ----a-w- c:\windows\system32\rP0ycS1iv3n4.exe

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\g8gRZqhYXkVlBz0

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\AcA1ivD2oFpHsJd

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\kvvDD3oonFa

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\GmmHH5sWJ7dELgZ

2011-09-27 02:12:07 -------- d-----w- c:\users\brian\appdata\roaming\JccSS1ivvDonFaH

2011-09-27 02:12:06 -------- d-----w- c:\users\brian\appdata\roaming\wTZZqqhYCw

2011-08-30 19:08:03 -------- d-----w- c:\program files\iPod

2011-08-30 18:59:54 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-09-07 03:08:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-27 05:46:04 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-15 18:14:57 139152 ----a-w- c:\users\brian\appdata\roaming\PnkBstrK.sys

2011-07-15 18:14:37 794408 ----a-w- c:\windows\system32\pbsvc.exe

2011-07-15 18:14:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-07-12 17:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 17:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 17:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 00:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 00:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-30 17:59:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

============= FINISH: 0:27:36.67 ===============

Again, any help would be appreciated! Thanks!

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Hi, thanks for your time!

I ran TDSSKiller and here is the log.

09:12:11.0983 2476 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

09:12:12.0436 2476 ============================================================

09:12:12.0436 2476 Current date / time: 2011/09/28 09:12:12.0436

09:12:12.0436 2476 SystemInfo:

09:12:12.0436 2476

09:12:12.0436 2476 OS Version: 6.0.6001 ServicePack: 1.0

09:12:12.0436 2476 Product type: Workstation

09:12:12.0436 2476 ComputerName: BRIAN-PC

09:12:12.0436 2476 UserName: Brian

09:12:12.0436 2476 Windows directory: C:\Windows

09:12:12.0436 2476 System windows directory: C:\Windows

09:12:12.0436 2476 Processor architecture: Intel x86

09:12:12.0436 2476 Number of processors: 2

09:12:12.0436 2476 Page size: 0x1000

09:12:12.0436 2476 Boot type: Normal boot

09:12:12.0436 2476 ============================================================

09:12:12.0592 2476 Initialize success

09:12:14.0278 0296 ============================================================

09:12:14.0278 0296 Scan started

09:12:14.0278 0296 Mode: Manual;

09:12:14.0278 0296 ============================================================

09:12:14.0506 0296 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys

09:12:14.0506 0296 ACPI - ok

09:12:14.0521 0296 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

09:12:14.0521 0296 adp94xx - ok

09:12:14.0537 0296 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

09:12:14.0537 0296 adpahci - ok

09:12:14.0552 0296 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

09:12:14.0552 0296 adpu160m - ok

09:12:14.0568 0296 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

09:12:14.0568 0296 adpu320 - ok

09:12:14.0584 0296 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

09:12:14.0584 0296 AFD - ok

09:12:14.0599 0296 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

09:12:14.0599 0296 agp440 - ok

09:12:14.0615 0296 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

09:12:14.0615 0296 aic78xx - ok

09:12:14.0615 0296 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

09:12:14.0615 0296 aliide - ok

09:12:14.0630 0296 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

09:12:14.0630 0296 amdagp - ok

09:12:14.0646 0296 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

09:12:14.0646 0296 amdide - ok

09:12:14.0662 0296 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

09:12:14.0662 0296 AmdK7 - ok

09:12:14.0677 0296 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

09:12:14.0677 0296 AmdK8 - ok

09:12:14.0677 0296 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys

09:12:14.0677 0296 ApfiltrService - ok

09:12:14.0693 0296 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

09:12:14.0693 0296 arc - ok

09:12:14.0708 0296 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

09:12:14.0708 0296 arcsas - ok

09:12:14.0724 0296 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

09:12:14.0724 0296 AsyncMac - ok

09:12:14.0740 0296 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

09:12:14.0740 0296 atapi - ok

09:12:14.0755 0296 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys

09:12:14.0755 0296 BCM42RLY - ok

09:12:14.0786 0296 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys

09:12:14.0786 0296 BCM43XX - ok

09:12:14.0802 0296 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

09:12:14.0802 0296 Beep - ok

09:12:14.0818 0296 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

09:12:14.0818 0296 blbdrive - ok

09:12:14.0833 0296 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

09:12:14.0833 0296 bowser - ok

09:12:14.0849 0296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

09:12:14.0849 0296 BrFiltLo - ok

09:12:14.0864 0296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

09:12:14.0864 0296 BrFiltUp - ok

09:12:14.0880 0296 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

09:12:14.0880 0296 Brserid - ok

09:12:14.0880 0296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

09:12:14.0880 0296 BrSerWdm - ok

09:12:14.0896 0296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

09:12:14.0896 0296 BrUsbMdm - ok

09:12:14.0911 0296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

09:12:14.0911 0296 BrUsbSer - ok

09:12:14.0927 0296 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys

09:12:14.0927 0296 BthEnum - ok

09:12:14.0927 0296 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

09:12:14.0942 0296 BTHMODEM - ok

09:12:14.0942 0296 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

09:12:14.0942 0296 BthPan - ok

09:12:14.0958 0296 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys

09:12:14.0958 0296 BTHPORT - ok

09:12:14.0974 0296 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys

09:12:14.0974 0296 BTHUSB - ok

09:12:14.0989 0296 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys

09:12:14.0989 0296 btwaudio - ok

09:12:15.0005 0296 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys

09:12:15.0005 0296 btwavdt - ok

09:12:15.0020 0296 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys

09:12:15.0020 0296 btwrchid - ok

09:12:15.0036 0296 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

09:12:15.0036 0296 cdfs - ok

09:12:15.0036 0296 cdrom - ok

09:12:15.0052 0296 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

09:12:15.0052 0296 circlass - ok

09:12:15.0067 0296 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys

09:12:15.0067 0296 CLFS - ok

09:12:15.0083 0296 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

09:12:15.0083 0296 CmBatt - ok

09:12:15.0098 0296 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

09:12:15.0098 0296 cmdide - ok

09:12:15.0114 0296 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

09:12:15.0114 0296 Compbatt - ok

09:12:15.0130 0296 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

09:12:15.0130 0296 crcdisk - ok

09:12:15.0145 0296 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

09:12:15.0145 0296 Crusoe - ok

09:12:15.0176 0296 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

09:12:15.0176 0296 DfsC - ok

09:12:15.0192 0296 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

09:12:15.0192 0296 disk - ok

09:12:15.0223 0296 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys

09:12:15.0223 0296 drmkaud - ok

09:12:15.0239 0296 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

09:12:15.0239 0296 DXGKrnl - ok

09:12:15.0254 0296 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

09:12:15.0254 0296 e1express - ok

09:12:15.0270 0296 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

09:12:15.0270 0296 E1G60 - ok

09:12:15.0270 0296 e480030c (38144999408326aaa70de52db6d2089b) C:\Windows\201556196:461372659.exe

09:12:15.0270 0296 Suspicious file (Hidden): C:\Windows\201556196:461372659.exe. md5: 38144999408326aaa70de52db6d2089b

09:12:15.0270 0296 e480030c ( HiddenFile.Multi.Generic ) - warning

09:12:15.0270 0296 e480030c - detected HiddenFile.Multi.Generic (1)

09:12:15.0286 0296 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

09:12:15.0286 0296 Ecache - ok

09:12:15.0317 0296 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

09:12:15.0317 0296 elxstor - ok

09:12:15.0332 0296 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

09:12:15.0332 0296 ErrDev - ok

09:12:15.0348 0296 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

09:12:15.0348 0296 exfat - ok

09:12:15.0364 0296 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

09:12:15.0364 0296 fastfat - ok

09:12:15.0364 0296 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

09:12:15.0364 0296 fdc - ok

09:12:15.0379 0296 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

09:12:15.0379 0296 FileInfo - ok

09:12:15.0395 0296 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

09:12:15.0395 0296 Filetrace - ok

09:12:15.0410 0296 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:12:15.0410 0296 flpydisk - ok

09:12:15.0426 0296 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

09:12:15.0426 0296 FltMgr - ok

09:12:15.0442 0296 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

09:12:15.0442 0296 Fs_Rec - ok

09:12:15.0442 0296 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

09:12:15.0442 0296 gagp30kx - ok

09:12:15.0457 0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:12:15.0457 0296 GEARAspiWDM - ok

09:12:15.0473 0296 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:12:15.0473 0296 HDAudBus - ok

09:12:15.0488 0296 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys

09:12:15.0504 0296 HidBth - ok

09:12:15.0504 0296 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

09:12:15.0504 0296 HidIr - ok

09:12:15.0520 0296 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

09:12:15.0520 0296 HidUsb - ok

09:12:15.0535 0296 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

09:12:15.0535 0296 HpCISSs - ok

09:12:15.0551 0296 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

09:12:15.0551 0296 HTTP - ok

09:12:15.0566 0296 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

09:12:15.0566 0296 i2omp - ok

09:12:15.0582 0296 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

09:12:15.0582 0296 i8042prt - ok

09:12:15.0598 0296 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys

09:12:15.0598 0296 iaNvStor - ok

09:12:15.0613 0296 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

09:12:15.0613 0296 iaStor - ok

09:12:15.0629 0296 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

09:12:15.0629 0296 iaStorV - ok

09:12:15.0644 0296 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

09:12:15.0644 0296 iirsp - ok

09:12:15.0660 0296 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

09:12:15.0660 0296 intelide - ok

09:12:15.0676 0296 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

09:12:15.0676 0296 intelppm - ok

09:12:15.0676 0296 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:12:15.0691 0296 IpFilterDriver - ok

09:12:15.0691 0296 IpInIp - ok

09:12:15.0707 0296 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

09:12:15.0707 0296 IPMIDRV - ok

09:12:15.0722 0296 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

09:12:15.0722 0296 IPNAT - ok

09:12:15.0738 0296 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

09:12:15.0738 0296 IRENUM - ok

09:12:15.0738 0296 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

09:12:15.0738 0296 isapnp - ok

09:12:15.0754 0296 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

09:12:15.0754 0296 iScsiPrt - ok

09:12:15.0769 0296 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

09:12:15.0769 0296 iteatapi - ok

09:12:15.0785 0296 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

09:12:15.0785 0296 iteraid - ok

09:12:15.0785 0296 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

09:12:15.0785 0296 kbdclass - ok

09:12:15.0800 0296 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

09:12:15.0800 0296 kbdhid - ok

09:12:15.0816 0296 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

09:12:15.0832 0296 KSecDD - ok

09:12:15.0847 0296 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

09:12:15.0847 0296 Lavasoft Kernexplorer - ok

09:12:15.0847 0296 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

09:12:15.0847 0296 Lbd - ok

09:12:15.0863 0296 LHidFilt (597d79382c154cedb638a65012925a23) C:\Windows\system32\DRIVERS\LHidFilt.Sys

09:12:15.0863 0296 LHidFilt - ok

09:12:15.0878 0296 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

09:12:15.0878 0296 lltdio - ok

09:12:15.0894 0296 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\Windows\system32\DRIVERS\LMouFilt.Sys

09:12:15.0894 0296 LMouFilt - ok

09:12:15.0910 0296 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

09:12:15.0910 0296 LSI_FC - ok

09:12:15.0925 0296 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

09:12:15.0925 0296 LSI_SAS - ok

09:12:15.0941 0296 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

09:12:15.0941 0296 LSI_SCSI - ok

09:12:15.0956 0296 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

09:12:15.0956 0296 luafv - ok

09:12:15.0956 0296 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

09:12:15.0956 0296 MBAMProtector - ok

09:12:15.0972 0296 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

09:12:15.0972 0296 megasas - ok

09:12:15.0988 0296 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

09:12:16.0003 0296 MegaSR - ok

09:12:16.0003 0296 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

09:12:16.0003 0296 mferkdk - ok

09:12:16.0019 0296 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

09:12:16.0019 0296 mfesmfk - ok

09:12:16.0034 0296 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

09:12:16.0034 0296 Modem - ok

09:12:16.0050 0296 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

09:12:16.0050 0296 monitor - ok

09:12:16.0066 0296 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

09:12:16.0066 0296 mouclass - ok

09:12:16.0066 0296 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

09:12:16.0066 0296 mouhid - ok

09:12:16.0081 0296 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

09:12:16.0081 0296 MountMgr - ok

09:12:16.0097 0296 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

09:12:16.0097 0296 mpio - ok

09:12:16.0112 0296 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

09:12:16.0112 0296 mpsdrv - ok

09:12:16.0128 0296 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

09:12:16.0128 0296 Mraid35x - ok

09:12:16.0144 0296 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

09:12:16.0144 0296 MRxDAV - ok

09:12:16.0144 0296 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:12:16.0144 0296 mrxsmb - ok

09:12:16.0159 0296 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:12:16.0159 0296 mrxsmb10 - ok

09:12:16.0175 0296 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:12:16.0175 0296 mrxsmb20 - ok

09:12:16.0190 0296 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

09:12:16.0190 0296 msahci - ok

09:12:16.0206 0296 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

09:12:16.0206 0296 msdsm - ok

09:12:16.0222 0296 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

09:12:16.0222 0296 Msfs - ok

09:12:16.0237 0296 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

09:12:16.0237 0296 msisadrv - ok

09:12:16.0253 0296 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

09:12:16.0253 0296 MSKSSRV - ok

09:12:16.0268 0296 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

09:12:16.0268 0296 MSPCLOCK - ok

09:12:16.0284 0296 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

09:12:16.0284 0296 MSPQM - ok

09:12:16.0284 0296 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

09:12:16.0284 0296 MsRPC - ok

09:12:16.0300 0296 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

09:12:16.0300 0296 mssmbios - ok

09:12:16.0315 0296 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

09:12:16.0315 0296 MSTEE - ok

09:12:16.0331 0296 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

09:12:16.0331 0296 Mup - ok

09:12:16.0346 0296 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

09:12:16.0346 0296 NativeWifiP - ok

09:12:16.0362 0296 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

09:12:16.0362 0296 NDIS - ok

09:12:16.0378 0296 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

09:12:16.0378 0296 NdisTapi - ok

09:12:16.0378 0296 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

09:12:16.0378 0296 Ndisuio - ok

09:12:16.0393 0296 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

09:12:16.0393 0296 NdisWan - ok

09:12:16.0409 0296 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

09:12:16.0409 0296 NDProxy - ok

09:12:16.0424 0296 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

09:12:16.0424 0296 NetBIOS - ok

09:12:16.0440 0296 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

09:12:16.0440 0296 netbt - ok

09:12:16.0456 0296 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

09:12:16.0456 0296 nfrd960 - ok

09:12:16.0471 0296 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

09:12:16.0471 0296 Npfs - ok

09:12:16.0487 0296 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

09:12:16.0487 0296 nsiproxy - ok

09:12:16.0502 0296 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

09:12:16.0518 0296 Ntfs - ok

09:12:16.0518 0296 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

09:12:16.0534 0296 ntrigdigi - ok

09:12:16.0534 0296 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

09:12:16.0534 0296 Null - ok

09:12:16.0643 0296 nvlddmkm (64fa050c9ce122792eed58b275d07c55) C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:12:16.0690 0296 nvlddmkm - ok

09:12:16.0690 0296 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

09:12:16.0690 0296 nvraid - ok

09:12:16.0705 0296 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

09:12:16.0705 0296 nvstor - ok

09:12:16.0721 0296 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

09:12:16.0721 0296 nv_agp - ok

09:12:16.0736 0296 NwlnkFlt - ok

09:12:16.0752 0296 NwlnkFwd - ok

09:12:16.0768 0296 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

09:12:16.0768 0296 OEM02Dev - ok

09:12:16.0783 0296 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

09:12:16.0783 0296 OEM02Vfx - ok

09:12:16.0783 0296 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

09:12:16.0799 0296 ohci1394 - ok

09:12:16.0814 0296 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys

09:12:16.0814 0296 Packet - ok

09:12:16.0830 0296 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

09:12:16.0830 0296 Parport - ok

09:12:16.0830 0296 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

09:12:16.0830 0296 partmgr - ok

09:12:16.0846 0296 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

09:12:16.0846 0296 Parvdm - ok

09:12:16.0861 0296 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

09:12:16.0861 0296 pci - ok

09:12:16.0877 0296 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

09:12:16.0877 0296 pciide - ok

09:12:16.0892 0296 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

09:12:16.0892 0296 pcmcia - ok

09:12:16.0924 0296 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

09:12:16.0924 0296 PEAUTH - ok

09:12:16.0970 0296 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

09:12:16.0970 0296 PptpMiniport - ok

09:12:16.0970 0296 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

09:12:16.0970 0296 Processor - ok

09:12:16.0986 0296 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

09:12:17.0002 0296 PSched - ok

09:12:17.0002 0296 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

09:12:17.0002 0296 PxHelp20 - ok

09:12:17.0033 0296 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

09:12:17.0048 0296 ql2300 - ok

09:12:17.0048 0296 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

09:12:17.0048 0296 ql40xx - ok

09:12:17.0064 0296 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

09:12:17.0064 0296 QWAVEdrv - ok

09:12:17.0111 0296 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

09:12:17.0126 0296 R300 - ok

09:12:17.0126 0296 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

09:12:17.0126 0296 RasAcd - ok

09:12:17.0142 0296 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:12:17.0142 0296 Rasl2tp - ok

09:12:17.0158 0296 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

09:12:17.0158 0296 RasPppoe - ok

09:12:17.0173 0296 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

09:12:17.0173 0296 RasSstp - ok

09:12:17.0189 0296 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

09:12:17.0189 0296 rdbss - ok

09:12:17.0204 0296 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:12:17.0204 0296 RDPCDD - ok

09:12:17.0220 0296 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

09:12:17.0220 0296 rdpdr - ok

09:12:17.0236 0296 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

09:12:17.0236 0296 RDPENCDD - ok

09:12:17.0251 0296 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

09:12:17.0251 0296 RDPWD - ok

09:12:17.0267 0296 RFCOMM (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys

09:12:17.0267 0296 RFCOMM - ok

09:12:17.0267 0296 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

09:12:17.0267 0296 rimmptsk - ok

09:12:17.0282 0296 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

09:12:17.0282 0296 rimsptsk - ok

09:12:17.0298 0296 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

09:12:17.0298 0296 rismxdp - ok

09:12:17.0314 0296 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

09:12:17.0314 0296 rspndr - ok

09:12:17.0329 0296 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

09:12:17.0329 0296 sbp2port - ok

09:12:17.0345 0296 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

09:12:17.0345 0296 sdbus - ok

09:12:17.0360 0296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:12:17.0360 0296 secdrv - ok

09:12:17.0376 0296 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

09:12:17.0376 0296 Serenum - ok

09:12:17.0392 0296 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

09:12:17.0392 0296 Serial - ok

09:12:17.0392 0296 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

09:12:17.0392 0296 sermouse - ok

09:12:17.0423 0296 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

09:12:17.0423 0296 sffdisk - ok

09:12:17.0438 0296 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

09:12:17.0438 0296 sffp_mmc - ok

09:12:17.0438 0296 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys

09:12:17.0438 0296 sffp_sd - ok

09:12:17.0454 0296 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

09:12:17.0454 0296 sfloppy - ok

09:12:17.0470 0296 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

09:12:17.0470 0296 sisagp - ok

09:12:17.0485 0296 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

09:12:17.0485 0296 SiSRaid2 - ok

09:12:17.0501 0296 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

09:12:17.0501 0296 SiSRaid4 - ok

09:12:17.0516 0296 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

09:12:17.0516 0296 Smb - ok

09:12:17.0532 0296 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

09:12:17.0532 0296 spldr - ok

09:12:17.0548 0296 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

09:12:17.0548 0296 srv - ok

09:12:17.0563 0296 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

09:12:17.0563 0296 srv2 - ok

09:12:17.0579 0296 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

09:12:17.0579 0296 srvnet - ok

09:12:17.0594 0296 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

09:12:17.0594 0296 STHDA - ok

09:12:17.0610 0296 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

09:12:17.0610 0296 swenum - ok

09:12:17.0626 0296 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

09:12:17.0626 0296 Symc8xx - ok

09:12:17.0641 0296 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

09:12:17.0641 0296 Sym_hi - ok

09:12:17.0657 0296 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

09:12:17.0657 0296 Sym_u3 - ok

09:12:17.0688 0296 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

09:12:17.0688 0296 Tcpip - ok

09:12:17.0704 0296 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

09:12:17.0719 0296 Tcpip6 - ok

09:12:17.0719 0296 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

09:12:17.0719 0296 tcpipreg - ok

09:12:17.0735 0296 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys

09:12:17.0735 0296 TcUsb - ok

09:12:17.0750 0296 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

09:12:17.0750 0296 TDPIPE - ok

09:12:17.0766 0296 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

09:12:17.0766 0296 TDTCP - ok

09:12:17.0766 0296 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

09:12:17.0782 0296 tdx - ok

09:12:17.0782 0296 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

09:12:17.0782 0296 TermDD - ok

09:12:17.0813 0296 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:12:17.0813 0296 tssecsrv - ok

09:12:17.0813 0296 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

09:12:17.0828 0296 tunmp - ok

09:12:17.0828 0296 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

09:12:17.0828 0296 tunnel - ok

09:12:17.0844 0296 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

09:12:17.0844 0296 uagp35 - ok

09:12:17.0860 0296 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

09:12:17.0860 0296 udfs - ok

09:12:17.0875 0296 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

09:12:17.0875 0296 uliagpkx - ok

09:12:17.0891 0296 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

09:12:17.0891 0296 uliahci - ok

09:12:17.0906 0296 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

09:12:17.0906 0296 UlSata - ok

09:12:17.0922 0296 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

09:12:17.0922 0296 ulsata2 - ok

09:12:17.0922 0296 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

09:12:17.0938 0296 umbus - ok

09:12:17.0953 0296 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

09:12:17.0953 0296 USBAAPL - ok

09:12:17.0953 0296 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

09:12:17.0969 0296 usbaudio - ok

09:12:17.0969 0296 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys

09:12:17.0969 0296 usbccgp - ok

09:12:17.0984 0296 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

09:12:17.0984 0296 usbcir - ok

09:12:18.0000 0296 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys

09:12:18.0000 0296 usbehci - ok

09:12:18.0016 0296 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys

09:12:18.0016 0296 usbhub - ok

09:12:18.0016 0296 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

09:12:18.0031 0296 usbohci - ok

09:12:18.0031 0296 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

09:12:18.0031 0296 usbprint - ok

09:12:18.0047 0296 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:12:18.0047 0296 USBSTOR - ok

09:12:18.0062 0296 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys

09:12:18.0062 0296 usbuhci - ok

09:12:18.0078 0296 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

09:12:18.0078 0296 vga - ok

09:12:18.0094 0296 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

09:12:18.0094 0296 VgaSave - ok

09:12:18.0109 0296 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

09:12:18.0109 0296 viaagp - ok

09:12:18.0109 0296 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

09:12:18.0109 0296 ViaC7 - ok

09:12:18.0125 0296 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

09:12:18.0125 0296 viaide - ok

09:12:18.0140 0296 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

09:12:18.0140 0296 volmgr - ok

09:12:18.0156 0296 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

09:12:18.0156 0296 volmgrx - ok

09:12:18.0172 0296 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

09:12:18.0172 0296 volsnap - ok

09:12:18.0187 0296 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

09:12:18.0187 0296 vsmraid - ok

09:12:18.0203 0296 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

09:12:18.0203 0296 WacomPen - ok

09:12:18.0218 0296 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:12:18.0218 0296 Wanarp - ok

09:12:18.0234 0296 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:12:18.0234 0296 Wanarpv6 - ok

09:12:18.0250 0296 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

09:12:18.0250 0296 Wd - ok

09:12:18.0265 0296 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

09:12:18.0265 0296 Wdf01000 - ok

09:12:18.0328 0296 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:12:18.0328 0296 WmiAcpi - ok

09:12:18.0359 0296 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

09:12:18.0359 0296 ws2ifsl - ok

09:12:18.0374 0296 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:12:18.0374 0296 WUDFRd - ok

09:12:18.0406 0296 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys

09:12:18.0406 0296 yukonwlh - ok

09:12:18.0421 0296 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

09:12:18.0421 0296 \Device\Harddisk0\DR0 - ok

09:12:18.0421 0296 Boot (0x1200) (9527d160d1b10d15a97e22d23388481a) \Device\Harddisk0\DR0\Partition0

09:12:18.0421 0296 \Device\Harddisk0\DR0\Partition0 - ok

09:12:18.0421 0296 Boot (0x1200) (ea65db23cb165ac8171b2b67b92870bd) \Device\Harddisk0\DR0\Partition1

09:12:18.0421 0296 \Device\Harddisk0\DR0\Partition1 - ok

09:12:18.0421 0296 ============================================================

09:12:18.0421 0296 Scan finished

09:12:18.0421 0296 ============================================================

09:12:18.0437 7172 Detected object count: 1

09:12:18.0437 7172 Actual detected object count: 1

09:13:56.0857 7172 HKLM\SYSTEM\ControlSet001\services\e480030c - will be deleted on reboot

09:13:56.0857 7172 HKLM\SYSTEM\ControlSet003\services\e480030c - will be deleted on reboot

09:13:56.0857 7172 C:\Windows\201556196:461372659.exe - will be deleted on reboot

09:13:56.0857 7172 e480030c ( HiddenFile.Multi.Generic ) - User select action: Delete

09:14:02.0395 6516 Deinitialize success

And the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Run by Brian at 9:19:25 on 2011-09-28

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2464 [GMT -6:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rP0ycS1iv3n4.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell Remote Access\ezi_ra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\ehome\ehmsas.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Users\Brian\AppData\Roaming\NAH40LEZUK.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Microsoft\BingBar\BBSvc.EXE

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uWinlogon: Shell=explorer.exe,c:\users\brian\appdata\roaming\microsoft\windows\shell.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Windows Defender] c:\users\brian\appdata\roaming\NAH40LEZUK.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.miniclip.com/games/motocross-fever/en/"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [<NO NAME>]

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [imH5sWJ7dLgZhXk8234A] c:\windows\system32\rP0ycS1iv3n4.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{bed1705f-7558-40f7-9f52-6c6fbd58ea2e}\setup\hpzstub.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{679C2871-7A74-417D-9550-76D3CD0C75C6} : DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{74BF2032-1C5E-4D5B-8112-9BC56637410F} : DhcpNameServer = 24.116.2.50 24.116.2.34

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\9akob3e7.default\

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-26 64512]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-3-27 73728]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-26 366152]

R3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-26 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-27 40552]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-3-27 209408]

.

=============== Created Last 30 ================

.

2011-09-28 15:15:35 -------- d-----w- c:\users\brian\appdata\roaming\LibDpnGaQWVcDaH

2011-09-28 15:15:34 -------- d-----w- c:\users\brian\appdata\roaming\ihCBOxGQd7LTjeA

2011-09-27 14:34:25 -------- d-----w- c:\users\brian\appdata\roaming\UrzOA2GQWRgXjeI

2011-09-27 14:34:24 -------- d-----w- c:\users\brian\appdata\roaming\oopmG5QJ6W89Xje

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\uycS1ivD34m5LqY

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\HH6WJ7fgqwO

2011-09-27 05:38:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-27 05:38:44 -------- d-----w- c:\program files\Lavasoft

2011-09-27 05:26:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-27 05:05:06 -------- d-----w- c:\users\brian\appdata\roaming\K4Eg0c5dLRwUlOz

2011-09-27 05:05:05 -------- d-----w- c:\users\brian\appdata\roaming\ekVVuipQ6WTqktP

2011-09-27 04:54:14 -------- d-----w- c:\users\brian\appdata\roaming\E22bbnq6gT

2011-09-27 04:54:10 -------- d-----w- c:\users\brian\appdata\roaming\samH5sWJ7gZqXPo

2011-09-27 04:19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\do4HWfZkt0i4Hd8

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\aYwkUVlBzA

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\gcA1vD2o4Gs

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\bRZ9hYXwjVlBzN

2011-09-27 03:58:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-27 03:55:14 -------- d-----w- c:\users\brian\appdata\roaming\EhYw4ZXUlA35J

2011-09-27 03:55:13 -------- d-----w- c:\users\brian\appdata\roaming\xYUlvD2oFm5Q7E8

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\rBtzPNycAuDoFpG

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\msQJ6dEK8R9TwBz

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\lkIVrlONtPuSiDo

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\C4aQH6sWKfLgZjC

2011-09-27 02:53:45 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes

2011-09-27 02:53:18 -------- d-----w- c:\programdata\Malwarebytes

2011-09-27 02:40:07 -------- d-----w- c:\users\brian\appdata\roaming\kpmG5sQJ6E8R9T

2011-09-27 02:40:06 -------- d-----w- c:\users\brian\appdata\roaming\T1uvD2obF

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\k4aammH5sWJ7ELg

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\iOBtxP0yc1v3n

2011-09-27 02:30:01 2463744 ------w- c:\windows\system32\rP0ycS1iv3n4.exe

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\g8gRZqhYXkVlBz0

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\AcA1ivD2oFpHsJd

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\kvvDD3oonFa

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\GmmHH5sWJ7dELgZ

2011-09-27 02:12:07 -------- d-----w- c:\users\brian\appdata\roaming\JccSS1ivvDonFaH

2011-09-27 02:12:06 -------- d-----w- c:\users\brian\appdata\roaming\wTZZqqhYCw

2011-08-30 19:08:03 -------- d-----w- c:\program files\iPod

2011-08-30 18:59:54 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-09-07 03:08:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-27 05:46:04 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-15 18:14:57 139152 ----a-w- c:\users\brian\appdata\roaming\PnkBstrK.sys

2011-07-15 18:14:37 794408 ----a-w- c:\windows\system32\pbsvc.exe

2011-07-15 18:14:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-07-12 17:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 17:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 17:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 00:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 00:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-30 17:59:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

============= FINISH: 9:19:40.35 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

So MBAM works for me now. Here's the log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7849

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

10/2/2011 7:23:20 PM

mbam-log-2011-10-02 (19-23-20).txt

Scan type: Quick scan

Objects scanned: 239362

Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 7

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 13

Memory Processes Infected:

c:\Windows\System32\rp0ycs1iv3n4.exe (Backdoor.Bot) -> 3232 -> Unloaded process successfully.

c:\Users\Brian\AppData\Roaming\nah40lezuk.exe (Backdoor.Agent) -> 5464 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C89DA9AC-C82A-DF4C-5C58-CAF69F64DC0A} (Backdoor.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{C89DA9AC-C82A-DF4C-5C58-CAF69F64DC0A} (Backdoor.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ImH5sWJ7dLgZhXk8234A (Backdoor.Bot) -> Value: ImH5sWJ7dLgZhXk8234A -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Backdoor.Agent) -> Value: Windows Defender -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Value: 24d1ca9a-a864-4f7b-86fe-495eb56529d8 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Brian\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

c:\Users\Brian\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.

Files Infected:

c:\Windows\System32\rp0ycs1iv3n4.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Local\Temp\mrsxdejopu (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\Users\Brian\local settings\temporary internet files\Content.IE5\5A22T2IL\file[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Users\Brian\local settings\temporary internet files\Content.IE5\5A22T2IL\swef26r[1].mp4 (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Brian\local settings\temporary internet files\Content.IE5\E1F7ZEFV\info[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Roaming\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brian\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brian\Desktop\opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security\opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security\uninstall opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.

c:\Users\Brian\AppData\Roaming\nah40lezuk.exe (Backdoor.Agent) -> Delete on reboot.

c:\Users\Brian\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

When I try to run combofix, it doesn't do anything. It says it's scanning but never changes the clock, and i naver see any stages completed. I exited out and tried again. Same result. Rebooting my computer didn't help.

This is my DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Run by Brian at 21:43:32 on 2011-10-02

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2225 [GMT -6:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell Remote Access\ezi_ra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WerCon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Windows Defender] c:\users\brian\appdata\roaming\NAH40LEZUK.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [<NO NAME>]

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{bed1705f-7558-40f7-9f52-6c6fbd58ea2e}\setup\hpzstub.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{679C2871-7A74-417D-9550-76D3CD0C75C6} : DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{74BF2032-1C5E-4D5B-8112-9BC56637410F} : DhcpNameServer = 24.116.2.50 24.116.2.34

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\9akob3e7.default\

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-3-27 73728]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-2 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-2 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-12 136176]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-27 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-27 40552]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-3-27 209408]

.

=============== Created Last 30 ================

.

2011-10-03 03:23:40 98816 ----a-w- c:\windows\sed.exe

2011-10-03 03:23:40 518144 ----a-w- c:\windows\SWREG.exe

2011-10-03 03:23:40 256000 ----a-w- c:\windows\PEV.exe

2011-10-03 03:23:40 208896 ----a-w- c:\windows\MBR.exe

2011-10-03 03:23:35 -------- d-s---w- C:\ComboFix

2011-10-03 01:12:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 01:09:38 -------- d-----w- c:\users\brian\appdata\roaming\YjCeIBrzOyAuSiF

2011-10-03 01:09:37 -------- d-----w- c:\users\brian\appdata\roaming\euvS2pGaJdKfLhX

2011-09-28 15:15:35 -------- d-----w- c:\users\brian\appdata\roaming\LibDpnGaQWVcDaH

2011-09-28 15:15:34 -------- d-----w- c:\users\brian\appdata\roaming\ihCBOxGQd7LTjeA

2011-09-27 14:34:25 -------- d-----w- c:\users\brian\appdata\roaming\UrzOA2GQWRgXjeI

2011-09-27 14:34:24 -------- d-----w- c:\users\brian\appdata\roaming\oopmG5QJ6W89Xje

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\uycS1ivD34m5LqY

2011-09-27 06:23:47 -------- d-----w- c:\users\brian\appdata\roaming\HH6WJ7fgqwO

2011-09-27 05:38:44 -------- d-----w- c:\program files\Lavasoft

2011-09-27 05:05:06 -------- d-----w- c:\users\brian\appdata\roaming\K4Eg0c5dLRwUlOz

2011-09-27 05:05:05 -------- d-----w- c:\users\brian\appdata\roaming\ekVVuipQ6WTqktP

2011-09-27 04:54:14 -------- d-----w- c:\users\brian\appdata\roaming\E22bbnq6gT

2011-09-27 04:54:10 -------- d-----w- c:\users\brian\appdata\roaming\samH5sWJ7gZqXPo

2011-09-27 04:19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\do4HWfZkt0i4Hd8

2011-09-27 04:05:09 -------- d-----w- c:\users\brian\appdata\roaming\aYwkUVlBzA

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\gcA1vD2o4Gs

2011-09-27 04:00:51 -------- d-----w- c:\users\brian\appdata\roaming\bRZ9hYXwjVlBzN

2011-09-27 03:55:14 -------- d-----w- c:\users\brian\appdata\roaming\EhYw4ZXUlA35J

2011-09-27 03:55:13 -------- d-----w- c:\users\brian\appdata\roaming\xYUlvD2oFm5Q7E8

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\rBtzPNycAuDoFpG

2011-09-27 03:50:57 -------- d-----w- c:\users\brian\appdata\roaming\msQJ6dEK8R9TwBz

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\lkIVrlONtPuSiDo

2011-09-27 03:14:40 -------- d-----w- c:\users\brian\appdata\roaming\C4aQH6sWKfLgZjC

2011-09-27 02:53:45 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes

2011-09-27 02:53:18 -------- d-----w- c:\programdata\Malwarebytes

2011-09-27 02:40:07 -------- d-----w- c:\users\brian\appdata\roaming\kpmG5sQJ6E8R9T

2011-09-27 02:40:06 -------- d-----w- c:\users\brian\appdata\roaming\T1uvD2obF

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\k4aammH5sWJ7ELg

2011-09-27 02:30:06 -------- d-----w- c:\users\brian\appdata\roaming\iOBtxP0yc1v3n

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\g8gRZqhYXkVlBz0

2011-09-27 02:28:54 -------- d-----w- c:\users\brian\appdata\roaming\AcA1ivD2oFpHsJd

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\kvvDD3oonFa

2011-09-27 02:12:12 -------- d-----w- c:\users\brian\appdata\roaming\GmmHH5sWJ7dELgZ

2011-09-27 02:12:07 -------- d-----w- c:\users\brian\appdata\roaming\JccSS1ivvDonFaH

2011-09-27 02:12:06 -------- d-----w- c:\users\brian\appdata\roaming\wTZZqqhYCw

.

==================== Find3M ====================

.

2011-09-07 03:08:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-27 05:46:04 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-27 05:45:03 234536 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-15 18:14:57 139152 ----a-w- c:\users\brian\appdata\roaming\PnkBstrK.sys

2011-07-15 18:14:37 794408 ----a-w- c:\windows\system32\pbsvc.exe

2011-07-15 18:14:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-07-12 17:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 17:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 17:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 00:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 00:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 21:43:45.08 ===============

I apolagize if I somehow complicated this. I uninstalled my Ad-aware AV because it was constantly trying to update but kept freezing and i couldn't make it stop. A file, "Dell Dock's", says it fails to load also now.

Thanks again for your time.

-alaskabum

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.