Malwarebytes stops running, even in safe mode

Jimcat · October 15, 2011

I am not having any luck getting Malwarebytes to run. I am able to download and update it, but even in safe mode, it stops running after about 15 seconds.

I tried running the process killer files. I also tried running the file as an administrator. In every case, something stops the scan and I need to download Malwarebytes again before I can make another attempt.

Please let me know what I can do to get this started. Is there something I can run and post the logs for that would help you to assist me?

LDTate · October 18, 2011

:welcome:

Please don't attach the scan results, use Copy/Paste

Logs will be closed if you haven't replied within 3 days

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download DDS by sUBs from one of the following links and save it to your desktop.

- DDS.scr
- DDS.pif

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt in your next reply

Jimcat · October 18, 2011

Thank you for the advice. Fortunately I have a clean computer from which to reference your instructions. I will be starting the process soon.

You mentioned instructions for two browsers that I don't use. Are there any special things to be done for Google Chrome or MS Internet Explorer?

LDTate · October 18, 2011

Are there any special things to be done for Google Chrome or MS Internet Explorer?

No. With IE, just do the suggestions

Jimcat · October 18, 2011

Below are the contents of dds.txt:

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421

Run by Jim Kasprzak 4 at 18:46:18 on 2011-10-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1515 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111008063140.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.46\oberontb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.46\oberontb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex

StartupFolder: c:\users\jimkas~4\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.46\oberontb.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

TCP: Interfaces\{F58ECC62-2A6E-4E0F-BF75-831A4A9756F0} : DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-25 64712]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-25 164776]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

S2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

S2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]

S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]

S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-13 632048]

S2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-18 22:40:49 48016 --sha-w- c:\windows\system32\c_15244.nl_

2011-10-18 22:40:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6213496-5790-49ad-ab24-cc25f5e191d5}\offreg.dll

2011-10-15 11:39:57 -------- d-----w- c:\windows\pss

2011-10-15 11:08:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-15 11:08:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-15 10:09:23 -------- d-----w- C:\a006e82503421d9c66

2011-10-14 10:24:53 -------- d-----w- c:\users\jim kasprzak 4\appdata\roaming\Malwarebytes

2011-10-14 10:24:40 -------- d-----w- c:\programdata\Malwarebytes

2011-10-14 10:03:20 0 ---ha-w- c:\users\jim kasprzak 4\appdata\local\BIT5705.tmp

2011-10-14 09:56:09 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6213496-5790-49ad-ab24-cc25f5e191d5}\mpengine.dll

2011-10-13 09:42:47 -------- d-----w- C:\57a8a4e03131d83c7239cf6079d8cec4

2011-10-12 23:08:44 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08:43 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08:43 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08:43 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-12 23:08:23 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-12 23:08:23 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-11 15:42:18 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\DataSafeOnline

2011-10-11 11:33:27 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\Google

2011-10-11 10:04:43 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\My Games

2011-10-08 19:29:10 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-10-08 19:29:01 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-23 11:08:01 307200 ----a-w- c:\program files\internet explorer\iediagcmd.exe

2011-09-23 11:08:01 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-23 11:08:01 107008 ----a-w- c:\program files\internet explorer\iecleanup.exe

2011-09-23 11:08:00 748336 ----a-w- c:\program files\internet explorer\iexplore.exe

.

==================== Find3M ====================

.

2011-10-19 02:35:23 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-09-28 01:59:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

============= FINISH: 18:48:17.42 ===============

LDTate · October 18, 2011

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps
Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Jimcat · October 18, 2011

Thank you for the warnings! I am in the process of changing my passwords and will take the appropriate precautions with my cards. Please provide instructions on how to continue cleaning the computer.

LDTate · October 18, 2011

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Jimcat · October 19, 2011

Things are looking really bad now. I can't get network connectivity after rebooting. If I restart in safe mode, it says that I have "limited connectivity" and the computer can't see any networks. (I have confirmed all the obvious stuff: the Ethernet cable is plugged in, and the router has connectivity - it's the same router on which I'm connecting with my clean computer.) This wasn't a problem before my last reboot. I can't run network diagnostics in safe mode.

If I restart in normal mode, it only stays up for about 30 seconds before getting a blue screen of death and restarting again.

I'm going to see if I can download TDSSKiller onto a thumb drive and install it from there in safe mode. Any advice on how to get network connectivity back will be greatly appreciated.

Jimcat · October 19, 2011

Update: good news, I have network connectivity back after running TDSSKiller and rebooting.

Here are the logs:

21:33:17.0345 1364 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

21:33:17.0360 1364 ============================================================

21:33:17.0360 1364 Current date / time: 2011/10/18 21:33:17.0360

21:33:17.0360 1364 SystemInfo:

21:33:17.0360 1364

21:33:17.0360 1364 OS Version: 6.0.6002 ServicePack: 2.0

21:33:17.0360 1364 Product type: Workstation

21:33:17.0360 1364 ComputerName: JIMKASPRZAK-PC

21:33:17.0360 1364 UserName: Jim Kasprzak 4

21:33:17.0360 1364 Windows directory: C:\Windows

21:33:17.0360 1364 System windows directory: C:\Windows

21:33:17.0360 1364 Processor architecture: Intel x86

21:33:17.0360 1364 Number of processors: 2

21:33:17.0360 1364 Page size: 0x1000

21:33:17.0360 1364 Boot type: Safe boot with network

21:33:17.0360 1364 ============================================================

21:33:17.0984 1364 Initialize success

21:33:20.0324 1536 ============================================================

21:33:20.0324 1536 Scan started

21:33:20.0324 1536 Mode: Manual;

21:33:20.0324 1536 ============================================================

21:33:20.0886 1536 .afd - ok

21:33:20.0902 1536 .tdx - ok

21:33:20.0995 1536 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:33:20.0995 1536 ACPI - ok

21:33:21.0042 1536 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:33:21.0042 1536 adp94xx - ok

21:33:21.0073 1536 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:33:21.0073 1536 adpahci - ok

21:33:21.0089 1536 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:33:21.0089 1536 adpu160m - ok

21:33:21.0104 1536 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:33:21.0104 1536 adpu320 - ok

21:33:21.0167 1536 AFD (9c9ceff2fd8ef7fe83f5f1aa514bdf14) C:\Windows\system32\drivers\afd.sys

21:33:21.0167 1536 AFD ( Rootkit.Win32.ZAccess.e ) - infected

21:33:21.0167 1536 AFD - detected Rootkit.Win32.ZAccess.e (0)

21:33:21.0198 1536 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:33:21.0198 1536 agp440 - ok

21:33:21.0245 1536 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:33:21.0245 1536 aic78xx - ok

21:33:21.0276 1536 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:33:21.0276 1536 aliide - ok

21:33:21.0276 1536 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:33:21.0292 1536 amdagp - ok

21:33:21.0307 1536 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:33:21.0307 1536 amdide - ok

21:33:21.0338 1536 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:33:21.0338 1536 AmdK7 - ok

21:33:21.0354 1536 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:33:21.0354 1536 AmdK8 - ok

21:33:21.0432 1536 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:33:21.0432 1536 arc - ok

21:33:21.0463 1536 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:33:21.0463 1536 arcsas - ok

21:33:21.0494 1536 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:33:21.0494 1536 AsyncMac - ok

21:33:21.0526 1536 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:33:21.0526 1536 atapi - ok

21:33:21.0557 1536 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:33:21.0557 1536 Beep - ok

21:33:21.0588 1536 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:33:21.0588 1536 blbdrive - ok

21:33:21.0650 1536 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:33:21.0650 1536 bowser - ok

21:33:21.0666 1536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:33:21.0666 1536 BrFiltLo - ok

21:33:21.0682 1536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:33:21.0682 1536 BrFiltUp - ok

21:33:21.0713 1536 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:33:21.0713 1536 Brserid - ok

21:33:21.0728 1536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:33:21.0728 1536 BrSerWdm - ok

21:33:21.0744 1536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:33:21.0744 1536 BrUsbMdm - ok

21:33:21.0760 1536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:33:21.0760 1536 BrUsbSer - ok

21:33:21.0775 1536 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:33:21.0775 1536 BTHMODEM - ok

21:33:21.0822 1536 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:33:21.0822 1536 cdfs - ok

21:33:21.0838 1536 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:33:21.0838 1536 cdrom - ok

21:33:21.0900 1536 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\Windows\system32\drivers\cfwids.sys

21:33:21.0900 1536 cfwids - ok

21:33:21.0916 1536 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:33:21.0916 1536 circlass - ok

21:33:21.0962 1536 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:33:21.0978 1536 CLFS - ok

21:33:22.0009 1536 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:33:22.0009 1536 cmdide - ok

21:33:22.0025 1536 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys

21:33:22.0025 1536 Compbatt - ok

21:33:22.0056 1536 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:33:22.0056 1536 crcdisk - ok

21:33:22.0087 1536 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:33:22.0087 1536 Crusoe - ok

21:33:22.0150 1536 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:33:22.0150 1536 DfsC - ok

21:33:22.0196 1536 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:33:22.0196 1536 disk - ok

21:33:22.0243 1536 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:33:22.0243 1536 drmkaud - ok

21:33:22.0290 1536 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:33:22.0290 1536 DXGKrnl - ok

21:33:22.0462 1536 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

21:33:22.0462 1536 e1express - ok

21:33:22.0540 1536 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:33:22.0540 1536 E1G60 - ok

21:33:22.0618 1536 eb289bdd (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3717933291:349660194.exe

21:33:22.0618 1536 Suspicious file (Hidden): C:\Windows\3717933291:349660194.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

21:33:22.0618 1536 eb289bdd ( HiddenFile.Multi.Generic ) - warning

21:33:22.0618 1536 eb289bdd - detected HiddenFile.Multi.Generic (1)

21:33:22.0664 1536 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:33:22.0664 1536 Ecache - ok

21:33:22.0711 1536 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:33:22.0711 1536 elxstor - ok

21:33:22.0742 1536 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys

21:33:22.0742 1536 ErrDev - ok

21:33:22.0805 1536 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:33:22.0805 1536 exfat - ok

21:33:22.0820 1536 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:33:22.0820 1536 fastfat - ok

21:33:22.0852 1536 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:33:22.0852 1536 fdc - ok

21:33:22.0883 1536 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:33:22.0883 1536 FileInfo - ok

21:33:22.0898 1536 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:33:22.0898 1536 Filetrace - ok

21:33:22.0930 1536 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:33:22.0930 1536 flpydisk - ok

21:33:22.0961 1536 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:33:22.0961 1536 FltMgr - ok

21:33:22.0992 1536 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:33:22.0992 1536 Fs_Rec - ok

21:33:23.0008 1536 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:33:23.0008 1536 gagp30kx - ok

21:33:23.0039 1536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:33:23.0039 1536 GEARAspiWDM - ok

21:33:23.0148 1536 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:33:23.0148 1536 HDAudBus - ok

21:33:23.0164 1536 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:33:23.0164 1536 HidBth - ok

21:33:23.0179 1536 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:33:23.0179 1536 HidIr - ok

21:33:23.0195 1536 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:33:23.0210 1536 HidUsb - ok

21:33:23.0242 1536 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:33:23.0242 1536 HpCISSs - ok

21:33:23.0304 1536 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:33:23.0304 1536 HTTP - ok

21:33:23.0320 1536 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:33:23.0320 1536 i2omp - ok

21:33:23.0351 1536 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:33:23.0351 1536 i8042prt - ok

21:33:23.0382 1536 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

21:33:23.0382 1536 iaStor - ok

21:33:23.0413 1536 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:33:23.0413 1536 iaStorV - ok

21:33:23.0491 1536 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

21:33:23.0507 1536 igfx - ok

21:33:23.0538 1536 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:33:23.0538 1536 iirsp - ok

21:33:23.0632 1536 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys

21:33:23.0632 1536 IntcAzAudAddService - ok

21:33:23.0647 1536 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

21:33:23.0647 1536 intelide - ok

21:33:23.0678 1536 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:33:23.0678 1536 intelppm - ok

21:33:23.0725 1536 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:33:23.0725 1536 IpFilterDriver - ok

21:33:23.0741 1536 IpInIp - ok

21:33:23.0756 1536 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:33:23.0756 1536 IPMIDRV - ok

21:33:23.0788 1536 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:33:23.0788 1536 IPNAT - ok

21:33:23.0819 1536 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:33:23.0819 1536 IRENUM - ok

21:33:23.0850 1536 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:33:23.0850 1536 isapnp - ok

21:33:23.0881 1536 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:33:23.0881 1536 iScsiPrt - ok

21:33:23.0912 1536 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:33:23.0912 1536 iteatapi - ok

21:33:23.0928 1536 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:33:23.0928 1536 iteraid - ok

21:33:23.0928 1536 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:33:23.0944 1536 kbdclass - ok

21:33:23.0959 1536 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

21:33:23.0959 1536 kbdhid - ok

21:33:24.0006 1536 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

21:33:24.0006 1536 KSecDD - ok

21:33:24.0037 1536 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:33:24.0037 1536 lltdio - ok

21:33:24.0068 1536 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:33:24.0068 1536 LSI_FC - ok

21:33:24.0084 1536 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:33:24.0084 1536 LSI_SAS - ok

21:33:24.0115 1536 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:33:24.0115 1536 LSI_SCSI - ok

21:33:24.0146 1536 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:33:24.0146 1536 luafv - ok

21:33:24.0209 1536 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:33:24.0209 1536 megasas - ok

21:33:24.0240 1536 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:33:24.0256 1536 MegaSR - ok

21:33:24.0318 1536 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\Windows\system32\drivers\mfeapfk.sys

21:33:24.0318 1536 mfeapfk - ok

21:33:24.0380 1536 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\Windows\system32\drivers\mfeavfk.sys

21:33:24.0380 1536 mfeavfk - ok

21:33:24.0396 1536 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\Windows\system32\drivers\mfebopk.sys

21:33:24.0396 1536 mfebopk - ok

21:33:24.0474 1536 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\Windows\system32\drivers\mfefirek.sys

21:33:24.0474 1536 mfefirek - ok

21:33:24.0521 1536 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\Windows\system32\drivers\mfehidk.sys

21:33:24.0521 1536 mfehidk - ok

21:33:24.0568 1536 mfenlfk (3f9c3147c904fb4377ede0d9df06c789) C:\Windows\system32\DRIVERS\mfenlfk.sys

21:33:24.0568 1536 mfenlfk - ok

21:33:24.0583 1536 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\Windows\system32\drivers\mferkdet.sys

21:33:24.0583 1536 mferkdet - ok

21:33:24.0599 1536 mfewfpk (991069f1e220842c5f9742f6ec4b40a8) C:\Windows\system32\drivers\mfewfpk.sys

21:33:24.0599 1536 mfewfpk - ok

21:33:24.0630 1536 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:33:24.0630 1536 Modem - ok

21:33:24.0661 1536 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:33:24.0661 1536 monitor - ok

21:33:24.0677 1536 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:33:24.0677 1536 mouclass - ok

21:33:24.0692 1536 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:33:24.0692 1536 mouhid - ok

21:33:24.0708 1536 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:33:24.0708 1536 MountMgr - ok

21:33:24.0739 1536 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:33:24.0739 1536 mpio - ok

21:33:24.0755 1536 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:33:24.0755 1536 mpsdrv - ok

21:33:24.0786 1536 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:33:24.0786 1536 Mraid35x - ok

21:33:24.0817 1536 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:33:24.0817 1536 MRxDAV - ok

21:33:24.0864 1536 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:33:24.0864 1536 mrxsmb - ok

21:33:24.0911 1536 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:33:24.0911 1536 mrxsmb10 - ok

21:33:24.0926 1536 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:33:24.0926 1536 mrxsmb20 - ok

21:33:24.0942 1536 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

21:33:24.0942 1536 msahci - ok

21:33:24.0958 1536 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:33:24.0973 1536 msdsm - ok

21:33:25.0004 1536 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:33:25.0004 1536 Msfs - ok

21:33:25.0036 1536 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:33:25.0036 1536 msisadrv - ok

21:33:25.0067 1536 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:33:25.0067 1536 MSKSSRV - ok

21:33:25.0082 1536 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:33:25.0082 1536 MSPCLOCK - ok

21:33:25.0114 1536 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:33:25.0114 1536 MSPQM - ok

21:33:25.0160 1536 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:33:25.0160 1536 MsRPC - ok

21:33:25.0176 1536 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:33:25.0176 1536 mssmbios - ok

21:33:25.0207 1536 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:33:25.0207 1536 MSTEE - ok

21:33:25.0207 1536 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:33:25.0207 1536 Mup - ok

21:33:25.0254 1536 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:33:25.0270 1536 NativeWifiP - ok

21:33:25.0332 1536 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:33:25.0332 1536 NDIS - ok

21:33:25.0363 1536 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:33:25.0363 1536 NdisTapi - ok

21:33:25.0379 1536 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:33:25.0379 1536 Ndisuio - ok

21:33:25.0410 1536 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:33:25.0410 1536 NdisWan - ok

21:33:25.0426 1536 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:33:25.0426 1536 NDProxy - ok

21:33:25.0441 1536 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:33:25.0441 1536 NetBIOS - ok

21:33:25.0472 1536 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:33:25.0472 1536 netbt - ok

21:33:25.0504 1536 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:33:25.0504 1536 nfrd960 - ok

21:33:25.0535 1536 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:33:25.0535 1536 Npfs - ok

21:33:25.0550 1536 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:33:25.0550 1536 nsiproxy - ok

21:33:25.0613 1536 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:33:25.0628 1536 Ntfs - ok

21:33:25.0644 1536 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:33:25.0644 1536 ntrigdigi - ok

21:33:25.0660 1536 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:33:25.0660 1536 Null - ok

21:33:25.0691 1536 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:33:25.0691 1536 nvraid - ok

21:33:25.0706 1536 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:33:25.0706 1536 nvstor - ok

21:33:25.0738 1536 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:33:25.0738 1536 nv_agp - ok

21:33:25.0753 1536 NwlnkFlt - ok

21:33:25.0753 1536 NwlnkFwd - ok

21:33:25.0800 1536 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

21:33:25.0800 1536 ohci1394 - ok

21:33:25.0862 1536 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys

21:33:25.0862 1536 Packet - ok

21:33:25.0894 1536 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:33:25.0894 1536 Parport - ok

21:33:25.0909 1536 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:33:25.0909 1536 partmgr - ok

21:33:25.0956 1536 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:33:25.0956 1536 Parvdm - ok

21:33:26.0065 1536 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms

21:33:26.0128 1536 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok

21:33:26.0190 1536 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:33:26.0190 1536 pci - ok

21:33:26.0206 1536 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

21:33:26.0206 1536 pciide - ok

21:33:26.0252 1536 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:33:26.0252 1536 pcmcia - ok

21:33:26.0284 1536 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:33:26.0299 1536 PEAUTH - ok

21:33:26.0330 1536 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:33:26.0330 1536 PptpMiniport - ok

21:33:26.0362 1536 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

21:33:26.0362 1536 Processor - ok

21:33:26.0408 1536 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:33:26.0408 1536 PSched - ok

21:33:26.0455 1536 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

21:33:26.0455 1536 PxHelp20 - ok

21:33:26.0502 1536 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:33:26.0502 1536 ql2300 - ok

21:33:26.0533 1536 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:33:26.0533 1536 ql40xx - ok

21:33:26.0549 1536 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:33:26.0549 1536 QWAVEdrv - ok

21:33:26.0627 1536 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

21:33:26.0627 1536 R300 - ok

21:33:26.0642 1536 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:33:26.0642 1536 RasAcd - ok

21:33:26.0658 1536 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:33:26.0658 1536 Rasl2tp - ok

21:33:26.0705 1536 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:33:26.0705 1536 RasPppoe - ok

21:33:26.0736 1536 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:33:26.0736 1536 RasSstp - ok

21:33:26.0767 1536 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:33:26.0767 1536 rdbss - ok

21:33:26.0783 1536 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:33:26.0783 1536 RDPCDD - ok

21:33:26.0814 1536 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:33:26.0814 1536 rdpdr - ok

21:33:26.0830 1536 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:33:26.0830 1536 RDPENCDD - ok

21:33:26.0861 1536 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:33:26.0861 1536 RDPWD - ok

21:33:26.0892 1536 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

21:33:26.0892 1536 RimUsb - ok

21:33:26.0923 1536 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:33:26.0923 1536 rspndr - ok

21:33:26.0954 1536 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:33:26.0954 1536 sbp2port - ok

21:33:26.0986 1536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:33:26.0986 1536 secdrv - ok

21:33:27.0017 1536 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:33:27.0017 1536 Serenum - ok

21:33:27.0032 1536 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:33:27.0032 1536 Serial - ok

21:33:27.0064 1536 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:33:27.0064 1536 sermouse - ok

21:33:27.0095 1536 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:33:27.0095 1536 sffdisk - ok

21:33:27.0110 1536 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:33:27.0110 1536 sffp_mmc - ok

21:33:27.0126 1536 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:33:27.0126 1536 sffp_sd - ok

21:33:27.0142 1536 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:33:27.0142 1536 sfloppy - ok

21:33:27.0188 1536 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:33:27.0188 1536 sisagp - ok

21:33:27.0220 1536 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:33:27.0220 1536 SiSRaid2 - ok

21:33:27.0235 1536 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:33:27.0235 1536 SiSRaid4 - ok

21:33:27.0266 1536 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:33:27.0266 1536 Smb - ok

21:33:27.0298 1536 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:33:27.0298 1536 spldr - ok

21:33:27.0329 1536 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:33:27.0344 1536 srv - ok

21:33:27.0376 1536 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:33:27.0376 1536 srv2 - ok

21:33:27.0407 1536 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:33:27.0407 1536 srvnet - ok

21:33:27.0454 1536 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:33:27.0454 1536 swenum - ok

21:33:27.0469 1536 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:33:27.0469 1536 Symc8xx - ok

21:33:27.0485 1536 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:33:27.0485 1536 Sym_hi - ok

21:33:27.0500 1536 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:33:27.0500 1536 Sym_u3 - ok

21:33:27.0578 1536 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

21:33:27.0594 1536 Tcpip - ok

21:33:27.0625 1536 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

21:33:27.0625 1536 Tcpip6 - ok

21:33:27.0688 1536 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:33:27.0688 1536 tcpipreg - ok

21:33:27.0703 1536 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:33:27.0703 1536 TDPIPE - ok

21:33:27.0719 1536 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:33:27.0719 1536 TDTCP - ok

21:33:27.0766 1536 tdx (352ee245831c8cc021e0499981dc9e70) C:\Windows\system32\DRIVERS\tdx.sys

21:33:27.0766 1536 tdx ( Rootkit.Win32.ZAccess.e ) - infected

21:33:27.0766 1536 tdx - detected Rootkit.Win32.ZAccess.e (0)

21:33:27.0797 1536 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:33:27.0797 1536 TermDD - ok

21:33:27.0828 1536 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:33:27.0828 1536 tssecsrv - ok

21:33:27.0859 1536 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:33:27.0859 1536 tunmp - ok

21:33:27.0890 1536 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:33:27.0890 1536 tunnel - ok

21:33:27.0922 1536 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:33:27.0922 1536 uagp35 - ok

21:33:27.0953 1536 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:33:27.0953 1536 udfs - ok

21:33:28.0000 1536 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:33:28.0000 1536 uliagpkx - ok

21:33:28.0015 1536 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:33:28.0015 1536 uliahci - ok

21:33:28.0046 1536 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:33:28.0046 1536 UlSata - ok

21:33:28.0062 1536 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:33:28.0062 1536 ulsata2 - ok

21:33:28.0093 1536 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:33:28.0093 1536 umbus - ok

21:33:28.0156 1536 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

21:33:28.0156 1536 USBAAPL - ok

21:33:28.0202 1536 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

21:33:28.0202 1536 usbaudio - ok

21:33:28.0249 1536 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:33:28.0249 1536 usbccgp - ok

21:33:28.0265 1536 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:33:28.0265 1536 usbcir - ok

21:33:28.0296 1536 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:33:28.0296 1536 usbehci - ok

21:33:28.0343 1536 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:33:28.0343 1536 usbhub - ok

21:33:28.0374 1536 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:33:28.0374 1536 usbohci - ok

21:33:28.0405 1536 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:33:28.0405 1536 usbprint - ok

21:33:28.0468 1536 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:33:28.0468 1536 usbscan - ok

21:33:28.0499 1536 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:33:28.0499 1536 USBSTOR - ok

21:33:28.0546 1536 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:33:28.0546 1536 usbuhci - ok

21:33:28.0577 1536 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:33:28.0577 1536 vga - ok

21:33:28.0577 1536 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:33:28.0577 1536 VgaSave - ok

21:33:28.0608 1536 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:33:28.0608 1536 viaagp - ok

21:33:28.0624 1536 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:33:28.0624 1536 ViaC7 - ok

21:33:28.0639 1536 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:33:28.0639 1536 viaide - ok

21:33:28.0655 1536 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:33:28.0655 1536 volmgr - ok

21:33:28.0702 1536 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:33:28.0702 1536 volmgrx - ok

21:33:28.0748 1536 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:33:28.0748 1536 volsnap - ok

21:33:28.0780 1536 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:33:28.0780 1536 vsmraid - ok

21:33:28.0795 1536 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:33:28.0795 1536 WacomPen - ok

21:33:28.0811 1536 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:33:28.0811 1536 Wanarp - ok

21:33:28.0826 1536 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:33:28.0826 1536 Wanarpv6 - ok

21:33:28.0858 1536 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:33:28.0858 1536 Wd - ok

21:33:28.0873 1536 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:33:28.0873 1536 Wdf01000 - ok

21:33:28.0951 1536 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys

21:33:28.0951 1536 WmiAcpi - ok

21:33:29.0014 1536 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:33:29.0014 1536 WpdUsb - ok

21:33:29.0045 1536 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:33:29.0045 1536 ws2ifsl - ok

21:33:29.0092 1536 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:33:29.0092 1536 WUDFRd - ok

21:33:29.0123 1536 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

21:33:29.0138 1536 \Device\Harddisk0\DR0 - ok

21:33:29.0154 1536 Boot (0x1200) (5f5795ecbe826b1b1b2a80a52a646388) \Device\Harddisk0\DR0\Partition0

21:33:29.0154 1536 \Device\Harddisk0\DR0\Partition0 - ok

21:33:29.0154 1536 Boot (0x1200) (0acc14ed84f7df8b90e0b9e3d4fe27da) \Device\Harddisk0\DR0\Partition1

21:33:29.0154 1536 \Device\Harddisk0\DR0\Partition1 - ok

21:33:29.0170 1536 ============================================================

21:33:29.0170 1536 Scan finished

21:33:29.0170 1536 ============================================================

21:33:29.0170 1740 Detected object count: 3

21:33:29.0170 1740 Actual detected object count: 3

21:33:53.0272 1740 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813

21:33:59.0371 1740 Backup copy found, using it..

21:33:59.0371 1740 C:\Windows\system32\drivers\afd.sys - will be cured on reboot

21:33:59.0371 1740 AFD ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

21:33:59.0371 1740 eb289bdd ( HiddenFile.Multi.Generic ) - skipped by user

21:33:59.0371 1740 eb289bdd ( HiddenFile.Multi.Generic ) - User select action: Skip

21:33:59.0480 1740 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813

21:33:59.0730 1740 Backup copy found, using it..

21:33:59.0730 1740 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot

21:33:59.0730 1740 tdx ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

21:34:28.0793 1936 Deinitialize success

Jimcat · October 19, 2011

In terms of describing my computer's current behavior: it boots up normally and networking has now been successful since running TDSSKiller last night. However, there are still a few issues that have been going on for a few days. When it boots, the system gives some messages that certain services stopped working and were shut down. There are fewer of them now than there were before I ran the anti-malware programs, but I still get messages saying that the current things were shut down:

iPod 32-bit service module
Microsoft LiveID
Microsoft .NET Optimization Service

Also, there is still a problem with Google search redirects. If I run a search from Google.com and click on one of the results, instead of being taken to the destination page, it brings up some bogus pseudo-search engine page. During the infection, I also used to have a problem with these fake search engines opening up automatically - without any input from me and sometimes even if I didn't have any browser open. I haven't seen one of these in a while but it is hard to tell if this problem is really gone.

LDTate · October 19, 2011

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Jimcat · October 19, 2011

Thanks again - I am at work now but will run this in the evening.

One item that could use some clarification:

Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

Even if autorun is disbled, I can still access the devices (for example, via "My Computer"), right?

Is this a permanent condition? Or will the autorun capabilities be restored after Combofix finishes its repairs?

LDTate · October 19, 2011

Even if autorun is disbled, I can still access the devices (for example, via "My Computer"), right?

Yes.

http://en.wikipedia.org/wiki/AutoRun

Jimcat · October 20, 2011

Combofix has run, but I don't think I'm out of the woods yet.

During the scan, I noticed that Combofix replaced several infected files, but there was at least one that it failed to replace. I wrote down the path and filename:

C:\Program Files\Dell\DellDock\Docklogin.exe

It took a long time attempting to replace this file and then went on to the next operation.

Also, at one point during the run, I got a message that said "Freeware execution of [some program, unfortunately I didn't write it down or remember] has terminated and was shut down". I decided to let Combofix keep running.

Some time after that, I got another error message that I did write down:

A pop-up box labeled "pev.3XE - corrupt file". Within the box was a message that said "the file \$Mft is corrupt and unreadable. Please run the chkdsk utility."

After that the Combofix program ran for some time (I let it run overnight) and this morning the system had rebooted. I brought the computer back up and it generated the Combofix log. However, I was getting odd error messages every few seconds saying:

C:\Windows\sminst\dslauincher.exe

Illegal operation attempted on a registry key that has been marked for deletion.

I also found that when I attempted to run any program (Google Chrome, IE, even Notepad to make a copy of the Combofix log), I got another "Illegal operation attempted..." error. I copied the Combofix log to a thumb drive so that I could download it here. After getting those errors, I tried restarting the system. After the first restart I was no longer getting "Illegal Operation" errors, but the machine had no Internet connectivity. I restarted one more time - the operating system and programs seem to be running properly but still no Internet access.

Here are the contents of the Combofix log:

ComboFix 11-10-19.06 - Jim Kasprzak 4 10/19/2011 20:58:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1222 [GMT -4:00]

Running from: c:\users\Jim Kasprzak 4\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Jim Kasprzak 2\AppData\Roaming\Adobe\plugs

c:\users\Jim Kasprzak 2\AppData\Roaming\Adobe\plugs\mmc154

c:\users\Jim Kasprzak 2\AppData\Roaming\Adobe\shed

c:\users\Jim Kasprzak 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk

c:\users\Jim Kasprzak 2\Desktop\System Repair.lnk

c:\users\Jim Kasprzak 2\Taskmgr.exe

c:\users\Jim Kasprzak 3\AppData\Local\eb289bdd

c:\users\Jim Kasprzak 3\AppData\Local\eb289bdd\@

c:\users\Jim Kasprzak 3\AppData\Local\eb289bdd\U\80000000.@

c:\users\Jim Kasprzak 3\AppData\Local\eb289bdd\X

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc114.exe

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc154

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc159.exe

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc259084838.txt

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc259096163.txt

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc259114821.txt

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\plugs\mmc96.exe

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\shed

c:\users\Jim Kasprzak 3\AppData\Roaming\Adobe\shed\thr1.chm

c:\users\Jim Kasprzak 3\Desktop\System Repair.lnk

c:\windows\$NtUninstallKB36618$\2478657605

c:\windows\$NtUninstallKB36618$\3945307101\@

c:\windows\$NtUninstallKB36618$\3945307101\L\qnbwvoto

c:\windows\$NtUninstallKB36618$\3945307101\loader.tlb

c:\windows\$NtUninstallKB36618$\3945307101\U\@00000001

c:\windows\$NtUninstallKB36618$\3945307101\U\@000000c0

c:\windows\$NtUninstallKB36618$\3945307101\U\@000000cb

c:\windows\$NtUninstallKB36618$\3945307101\U\@000000cf

c:\windows\$NtUninstallKB36618$\3945307101\U\@80000000

c:\windows\$NtUninstallKB36618$\3945307101\U\@800000c0

c:\windows\$NtUninstallKB36618$\3945307101\U\@800000cb

c:\windows\$NtUninstallKB36618$\3945307101\U\@800000cf

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

D:\Autorun.inf

c:\windows\$NtUninstallKB36618$ . . . . Failed to delete

.

Infected copy of c:\windows\system32\AERTSrv.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\hdadell.inf_11aff128\AERTSrv.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Apple!Mobile Device Support!AppleMobileDeviceService.exe

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Bonjour!mDNSResponder.exe

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

c:\program files\Dell\DellDock\DockLogin.exe . . . is infected!!

c:\program files\Dell\DellDock\DockLogin.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe . . . is infected!!

c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\WildTangent Games\App\GamesAppService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!WildTangent Games!App!GamesAppService.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Google!Update!GoogleUpdate.exe

.

Infected copy of c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Dell!Advanced Networking Service!hnm_svc.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!iPod!bin!iPodService.exe

.

Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!McAfee!McSvcHost!McSvHost.exe

.

Infected copy of c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!McAfee Security Scan!2.0.181!McCHSvc.exe

.

Infected copy of c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!McAfee!SystemCore!mfevtps.exe

.

Infected copy of c:\windows\sminst\sftservice.EXE was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!sminst!SftService.exe

.

Infected copy of c:\program files\Dell Support Center\bin\sprtsvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Dell Support Center!bin!sprtsvc.exe

.

Infected copy of c:\program files\Common Files\Steam\SteamService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Steam!SteamService.exe

.

Infected copy of c:\programdata\UltraVNC\winvnc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!ProgramData!UltraVNC!winvnc.exe

.

Infected copy of c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!microsoft shared!Windows Live!WLIDSVC.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_.afd

-------\Service_eb289bdd

.

((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))

.

2011-10-20 05:58 . 2011-10-20 05:58 41680 ----a-w- c:\windows\system32\drivers\pibbcaht.sys

2011-10-20 03:12 . 2011-10-20 03:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll

2011-10-20 03:03 . 2011-10-20 03:03 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2011-10-20 03:03 . 2011-10-20 03:03 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp

2011-10-20 03:03 . 2011-10-20 03:03 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp

2011-10-20 03:02 . 2011-10-20 03:02 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp

2011-10-20 03:01 . 2011-10-20 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe

2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll

2011-10-18 22:40 . 2011-10-19 01:35 48016 --sha-w- c:\windows\system32\c_15244.nl_

2011-10-15 11:08 . 2011-10-15 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-15 10:09 . 2011-10-15 10:22 -------- d-----w- C:\a006e82503421d9c66

2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes

2011-10-13 09:42 . 2011-10-13 09:42 -------- d-----w- C:\57a8a4e03131d83c7239cf6079d8cec4

2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-11 09:59 . 2011-10-11 10:00 -------- d-----w- c:\users\Jim Kasprzak 4

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity

2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM

2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM

2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon

2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe

2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes

2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee

2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst

2011-09-23 11:08 . 2011-09-23 11:08 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-23 11:08 . 2011-09-23 11:08 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-09-23 11:08 . 2011-09-23 11:08 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin

2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]

.

c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]

R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job

- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]

.

2011-10-20 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job

- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]

.

2011-10-18 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]

.

------- Supplementary Scan -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-15799875.sys

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-20 05:30

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

[0] 0x61002000

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=hex:51,66,7a,6c,4c,1d,38,12,0b,28,3b,

6b,8d,18,bf,0e,d7,a4,e7,04,9f,5b,c2,29

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,

0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,

b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb

"{CB0D163C-E9F4-4236-9496-0597E24B23A5}"=hex:51,66,7a,6c,4c,1d,38,12,52,15,1e,

cf,c6,a7,58,07,eb,80,46,d7,e7,15,67,b1

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programdata\UltraVNC\winvnc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\programdata\UltraVNC\winvnc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\vssvc.exe

c:\windows\SMINST\Components\scheduler\STService.exe

c:\windows\RtHDVCpl.exe

c:\program files\Dell Remote Access\ezi_ra.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2011-10-20 05:34:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-20 09:34

.

Pre-Run: 57,163,284,480 bytes free

Post-Run: 58,829,508,608 bytes free

.

- - End Of File - - 705CDCC8F13ACC3005B84E46E80E7D8F

LDTate · October 20, 2011

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.



File::
c:\windows\system32\c_15244.nl_
c:\windows\system32\drivers\pibbcaht.sys

Folder::
C:\a006e82503421d9c66
C:\57a8a4e03131d83c7239cf6079d8cec4

Driver::
pibbcaht

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Jimcat · October 21, 2011

Running Combofix now. Will post results tonight or tomorrow.

Jimcat · October 21, 2011

This time Combofix took a lot less time to run and didn't get any nasty pop-ups during the scan.

I manually rebooted after the log was generated. No error messages on startup (first time that has happened in days!) but unfortunately, the system still has no Internet connectivity. It doesn't seem to be recognizing the Ethernet card.

Here are the log results:

ComboFix 11-10-20.08 - Jim Kasprzak 4 10/20/2011 21:29:23.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.848 [GMT -4:00]

Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe

Command switches used :: c:\users\Jim Kasprzak 4\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\c_15244.nl_"

"c:\windows\system32\drivers\pibbcaht.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\57a8a4e03131d83c7239cf6079d8cec4

c:\57a8a4e03131d83c7239cf6079d8cec4\$shtdwn$.req

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1025\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1028\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1029\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1030\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1031\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1032\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1033\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1035\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1036\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1037\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1038\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1040\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1041\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1042\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1043\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1044\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1045\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1046\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1049\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1053\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\1055\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\2052\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\2070\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\3076\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\eula.rtf

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\LocalizedData.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\3082\SetupResources.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\DHtmlHeader.html

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Print.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate1.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate2.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate3.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate4.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate5.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate6.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate7.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Rotate8.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Save.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\Setup.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\stop.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqMet.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\SysReqNotMet.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\Graphics\warn.ico

c:\57a8a4e03131d83c7239cf6079d8cec4\header.bmp

c:\57a8a4e03131d83c7239cf6079d8cec4\NDP40-KB2572078.msp

c:\57a8a4e03131d83c7239cf6079d8cec4\ParameterInfo.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\Setup.exe

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupEngine.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\SetupUi.xsd

c:\57a8a4e03131d83c7239cf6079d8cec4\SplashScreen.bmp

c:\57a8a4e03131d83c7239cf6079d8cec4\sqmapi.dll

c:\57a8a4e03131d83c7239cf6079d8cec4\Strings.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\UiInfo.xml

c:\57a8a4e03131d83c7239cf6079d8cec4\watermark.bmp

C:\a006e82503421d9c66

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome.manifest

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\_cfg.js

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\chrome\content\overlay.xul

c:\users\Jim Kasprzak 2\AppData\Local\{398B368D-62AD-456E-9182-E1CDDDBBABE6}\install.rdf

c:\windows\system32\c_15244.nl_

.

((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))

.

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp

2011-10-21 01:45 . 2011-10-21 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-20 22:46 . 2011-10-20 22:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll