Page 1 of 15 1234511 ... LastLast
Results 1 to 10 of 144

Thread: A dirty little bug is in my house

  1. #1
    Member
    Join Date
    Oct 2011
    Posts
    81

    Default A dirty little bug is in my house

    Hi All! I've something that an antibiotic won't do anything for. I'd love some help. I've read through and am pretty sure I've followed all the steps correctly. I have a slightly above average understanding of pc's but am by no means an xpert and these logs, mean very little to me. As such, I don't want to break my life-line, my best buddy, my co-hort in the outside world! . I ran the ERU last night but have the laptop continuously crashing...might have to give you the logs in additional posts.....

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
    Run by Family at 14:16:54 on 2011-10-26
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.764 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\2129821162:360844673.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe
    C:\Windows\system32\CSHelper.exe
    C:\Windows\system32\dlbxcoms.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\System32\WerFault.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\ProgramData\Clickfree\C2NPlus\Reminder\SacReminder.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    "C:\Windows\system32\svchost.exe"
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar =
    mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071122
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant =
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uWinlogon: Shell=c:\users\family\appdata\local\ea7df27e\X
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - McAfee Phishing Filter
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [SacReminderHDDV2N] c:\programdata\clickfree\c2nplus\reminder\SacReminder.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    StartupFolder: c:\users\family\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableStartupSound = 1 (0x1)
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{764E5182-D195-4A9C-8CDE-86780F3355D6} : DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\family\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\family\appdata\roaming\mozilla\firefox\profiles\85q3ua9k.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
    FF - plugin: c:\users\family\program files\dna\plugins\npbtdna.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Canadian English Dictionary: - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
    FF - Ext: Ancestry.com Advanced Image Viewer: - %profile%\extensions\support@ancestry.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-6 64288]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2010-11-27 22312]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-6 101720]
    R2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\clickfree\c2nplus\UACProxy.exe [2011-4-3 87368]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-20 266240]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
    R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\clickfree\c2nplus\reminder\SacNetAgent.exe [2011-4-3 157296]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-23 1153368]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-22 179712]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-8 246600]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-23 1025352]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-17 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-9-9 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-22 73728]
    .
    =============== File Associations ===============
    .
    regfile=regedit.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-10-25 23:55:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{460a1ddd-02b4-43e1-8a2d-b57b1c65334a}\offreg.dll
    2011-10-25 23:55:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{460a1ddd-02b4-43e1-8a2d-b57b1c65334a}\mpengine.dll
    2011-10-25 22:48:06 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-24 17:56:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-24 17:36:43 163840 ----a-w- c:\users\family\taskmgr.exe
    2011-10-24 17:36:42 25088 --sha-w- c:\users\family\wevtapi.dll
    2011-10-24 17:36:42 -------- d-sh--w- c:\users\family\appdata\local\ea7df27e
    2011-10-12 15:35:57 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 15:35:56 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 15:35:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 15:35:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-08 14:44:33 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-10-08 14:44:28 -------- d-----w- c:\program files\AVG Secure Search
    2011-10-08 14:41:06 -------- d-----w- c:\users\family\appdata\roaming\AVG2012
    2011-10-08 14:39:59 -------- d-----w- c:\programdata\AVG2012
    .
    ==================== Find3M ====================
    .
    2011-10-25 23:46:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
    2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-24 11:57:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-11 04:09:49 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    .
    ============= FINISH: 14:19:31.82 ===============
    Last edited by tashi; 2011-10-26 at 22:06. Reason: Merged two posts

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Having said that....Let's get going!! :thumbup:
    ----------

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

    What you have on your system is called the ZeroAccess rootkit. It is an extremely nasty infection! I would highly recommend to format and reinstall your operating system entirely. This infection, even after being cleaned has even shown to destroy internet connections completely.

    If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

    If you would like to continue with the cleaning, please let me know and I will be more than happy to help.
    ----------

  3. #3
    Member
    Join Date
    Oct 2011
    Posts
    81

    Default

    Ohhhhhh JEFF!!!! Are you going to say, "Trick or Treat" soon???? UGH....ok....here's the scoop. I've been away from home for 7 weeks and did a clickfree back up before I left. Is there any way to determine or estimate when this little parasite found it's way into my computer? If we can't. I'd like to try to clean or disable or whatever we can do, so that I can safely save the newer files before the format and make a list of ALL the programs I'd need to gather and download again UGHHHHH....this is worse than a root canal while having one's toe nails pulled!!!!! Also, I'd need to find the disks for computer in order to do this work. FINALLY, are you able to walk me though a format and re-install of windows...it's been forever since i've done it....ummmmm.....Windows 1...maybe 2 None of this new fangled, high tech stuff!

    I do completely and utterly appreciate your assistance. I will be back in the home saddle this weekend and raring to fix up my 'puter! Please advise. :D

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi mnyyoungs,

    Ohhhhhh JEFF!!!! Are you going to say, "Trick or Treat" soon????
    I wish that I were kidding. There is no way to accurately determine when this infection got onto your system unfortunately.

    If you want we can attempt to clean the system, but we MAY end up having to reformat. If you want to give it a go please do the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

  5. #5
    Member
    Join Date
    Oct 2011
    Posts
    81

    Default

    Jeff...here is the NON Trick or Treat log....it would NOT let me select Cure for the second mal. item found....delete was what came up, no Cure. I chose quarantine. I have NOT run this a second time. Please advise. I am in airport h e double hockey sticks now and have been for the past 24 hours....I'm not doing much, so here's hoping you get a chance to look at it while I'm in this purgatory...lol... Thanks again!


    10:36:17.0148 2828 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
    10:36:17.0301 2828 ============================================================
    10:36:17.0301 2828 Current date / time: 2011/10/30 10:36:17.0301
    10:36:17.0301 2828 SystemInfo:
    10:36:17.0301 2828
    10:36:17.0301 2828 OS Version: 6.0.6002 ServicePack: 2.0
    10:36:17.0301 2828 Product type: Workstation
    10:36:17.0301 2828 ComputerName: FAMILY-PC
    10:36:17.0302 2828 UserName: Family
    10:36:17.0302 2828 Windows directory: C:\Windows
    10:36:17.0302 2828 System windows directory: C:\Windows
    10:36:17.0302 2828 Processor architecture: Intel x86
    10:36:17.0302 2828 Number of processors: 2
    10:36:17.0302 2828 Page size: 0x1000
    10:36:17.0302 2828 Boot type: Normal boot
    10:36:17.0302 2828 ============================================================
    10:36:18.0190 2828 Initialize success
    10:36:25.0661 1228 ============================================================
    10:36:25.0661 1228 Scan started
    10:36:25.0661 1228 Mode: Manual;
    10:36:25.0662 1228 ============================================================
    10:36:26.0745 1228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    10:36:26.0753 1228 ACPI - ok
    10:36:26.0980 1228 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    10:36:27.0004 1228 adp94xx - ok
    10:36:27.0374 1228 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    10:36:27.0383 1228 adpahci - ok
    10:36:27.0818 1228 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    10:36:27.0822 1228 adpu160m - ok
    10:36:28.0370 1228 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    10:36:28.0375 1228 adpu320 - ok
    10:36:28.0518 1228 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    10:36:28.0525 1228 AFD - ok
    10:36:28.0711 1228 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
    10:36:28.0746 1228 agp440 - ok
    10:36:29.0077 1228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    10:36:29.0090 1228 aic78xx - ok
    10:36:29.0547 1228 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
    10:36:29.0549 1228 aliide - ok
    10:36:29.0753 1228 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
    10:36:29.0756 1228 amdagp - ok
    10:36:29.0961 1228 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
    10:36:29.0990 1228 amdide - ok
    10:36:30.0090 1228 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    10:36:30.0093 1228 AmdK7 - ok
    10:36:30.0202 1228 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    10:36:30.0228 1228 AmdK8 - ok
    10:36:30.0366 1228 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    10:36:30.0371 1228 ApfiltrService - ok
    10:36:30.0506 1228 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    10:36:30.0509 1228 arc - ok
    10:36:30.0632 1228 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    10:36:30.0664 1228 arcsas - ok
    10:36:30.0780 1228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:36:30.0782 1228 AsyncMac - ok
    10:36:30.0909 1228 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    10:36:30.0911 1228 atapi - ok
    10:36:31.0126 1228 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    10:36:31.0130 1228 AVGIDSDriver - ok
    10:36:31.0233 1228 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    10:36:31.0235 1228 AVGIDSEH - ok
    10:36:31.0287 1228 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    10:36:31.0289 1228 AVGIDSFilter - ok
    10:36:31.0392 1228 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    10:36:31.0394 1228 AVGIDSShim - ok
    10:36:31.0622 1228 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
    10:36:31.0634 1228 Avgldx86 - ok
    10:36:31.0704 1228 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    10:36:31.0707 1228 Avgmfx86 - ok
    10:36:31.0850 1228 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    10:36:31.0853 1228 Avgrkx86 - ok
    10:36:32.0095 1228 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    10:36:32.0104 1228 Avgtdix - ok
    10:36:32.0341 1228 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
    10:36:32.0346 1228 b57nd60x - ok
    10:36:32.0451 1228 BCM43XX (559db7c7d958c6262cc3efee4ad95cce) C:\Windows\system32\DRIVERS\bcmwl6.sys
    10:36:32.0496 1228 BCM43XX - ok
    10:36:32.0708 1228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    10:36:32.0709 1228 Beep - ok
    10:36:32.0771 1228 blbdrive - ok
    10:36:32.0839 1228 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    10:36:32.0842 1228 bowser - ok
    10:36:32.0925 1228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    10:36:32.0927 1228 BrFiltLo - ok
    10:36:33.0007 1228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    10:36:33.0009 1228 BrFiltUp - ok
    10:36:33.0092 1228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    10:36:33.0095 1228 Brserid - ok
    10:36:33.0155 1228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    10:36:33.0159 1228 BrSerWdm - ok
    10:36:33.0282 1228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    10:36:33.0284 1228 BrUsbMdm - ok
    10:36:33.0375 1228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    10:36:33.0377 1228 BrUsbSer - ok
    10:36:33.0548 1228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    10:36:33.0550 1228 BTHMODEM - ok
    10:36:33.0696 1228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    10:36:33.0700 1228 cdfs - ok
    10:36:33.0768 1228 cdrom (17ad374538e70b02e38949a93f15d646) C:\Windows\system32\DRIVERS\cdrom.sys
    10:36:33.0772 1228 cdrom ( Rootkit.Win32.ZAccess.g ) - infected
    10:36:33.0772 1228 cdrom - detected Rootkit.Win32.ZAccess.g (0)
    10:36:33.0932 1228 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    10:36:33.0934 1228 circlass - ok
    10:36:34.0069 1228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    10:36:34.0103 1228 CLFS - ok
    10:36:34.0397 1228 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    10:36:34.0399 1228 CmBatt - ok
    10:36:34.0521 1228 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
    10:36:34.0523 1228 cmdide - ok
    10:36:34.0577 1228 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    10:36:34.0580 1228 Compbatt - ok
    10:36:34.0624 1228 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    10:36:34.0626 1228 crcdisk - ok
    10:36:34.0699 1228 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    10:36:34.0701 1228 Crusoe - ok
    10:36:34.0845 1228 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    10:36:34.0849 1228 DfsC - ok
    10:36:34.0967 1228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    10:36:34.0969 1228 disk - ok
    10:36:35.0107 1228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    10:36:35.0109 1228 drmkaud - ok
    10:36:35.0202 1228 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    10:36:35.0204 1228 DSproct - ok
    10:36:35.0265 1228 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
    10:36:35.0266 1228 dsunidrv - ok
    10:36:35.0491 1228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    10:36:35.0536 1228 DXGKrnl - ok
    10:36:35.0652 1228 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
    10:36:35.0688 1228 e1express - ok
    10:36:35.0855 1228 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    10:36:35.0860 1228 E1G60 - ok
    10:36:35.0921 1228 ea7df27e (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2129821162:360844673.exe
    10:36:35.0923 1228 Suspicious file (Hidden): C:\Windows\2129821162:360844673.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    10:36:35.0924 1228 ea7df27e ( Rootkit.Win32.PMax.gen ) - infected
    10:36:35.0924 1228 ea7df27e - detected Rootkit.Win32.PMax.gen (0)
    10:36:36.0043 1228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    10:36:36.0048 1228 Ecache - ok
    10:36:36.0175 1228 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
    10:36:36.0202 1228 ElRawDisk - ok
    10:36:36.0358 1228 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    10:36:36.0368 1228 elxstor - ok
    10:36:36.0574 1228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    10:36:36.0579 1228 exfat - ok
    10:36:36.0665 1228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    10:36:36.0670 1228 fastfat - ok
    10:36:36.0767 1228 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    10:36:36.0769 1228 fdc - ok
    10:36:36.0905 1228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    10:36:36.0908 1228 FileInfo - ok
    10:36:36.0987 1228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    10:36:36.0989 1228 Filetrace - ok
    10:36:37.0032 1228 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    10:36:37.0034 1228 flpydisk - ok
    10:36:37.0204 1228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    10:36:37.0232 1228 FltMgr - ok
    10:36:37.0414 1228 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
    10:36:37.0418 1228 fssfltr - ok
    10:36:37.0522 1228 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    10:36:37.0524 1228 Fs_Rec - ok
    10:36:37.0596 1228 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
    10:36:37.0599 1228 FTDIBUS - ok
    10:36:37.0729 1228 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
    10:36:37.0733 1228 FTSER2K - ok
    10:36:37.0931 1228 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    10:36:37.0944 1228 gagp30kx - ok
    10:36:38.0034 1228 GEARAspiWDM - ok
    10:36:38.0382 1228 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:36:38.0405 1228 HDAudBus - ok
    10:36:38.0480 1228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    10:36:38.0482 1228 HidBth - ok
    10:36:38.0584 1228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    10:36:38.0587 1228 HidIr - ok
    10:36:38.0750 1228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    10:36:38.0761 1228 HidUsb - ok
    10:36:39.0061 1228 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    10:36:39.0063 1228 HpCISSs - ok
    10:36:39.0198 1228 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    10:36:39.0276 1228 HSF_DPV - ok
    10:36:39.0495 1228 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    10:36:39.0534 1228 HSXHWAZL - ok
    10:36:39.0822 1228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    10:36:39.0845 1228 HTTP - ok
    10:36:39.0953 1228 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    10:36:39.0956 1228 i2omp - ok
    10:36:40.0085 1228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    10:36:40.0119 1228 i8042prt - ok
    10:36:40.0208 1228 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
    10:36:40.0213 1228 iaStor - ok
    10:36:40.0335 1228 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    10:36:40.0343 1228 iaStorV - ok
    10:36:40.0689 1228 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
    10:36:40.0793 1228 igfx - ok
    10:36:40.0902 1228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    10:36:40.0904 1228 iirsp - ok
    10:36:41.0011 1228 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
    10:36:41.0013 1228 intelide - ok
    10:36:41.0076 1228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    10:36:41.0078 1228 intelppm - ok
    10:36:41.0283 1228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:36:41.0285 1228 IpFilterDriver - ok
    10:36:41.0323 1228 IpInIp - ok
    10:36:41.0379 1228 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    10:36:41.0382 1228 IPMIDRV - ok
    10:36:41.0503 1228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    10:36:41.0508 1228 IPNAT - ok
    10:36:41.0597 1228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    10:36:41.0599 1228 IRENUM - ok
    10:36:41.0666 1228 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
    10:36:41.0669 1228 isapnp - ok
    10:36:41.0749 1228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    10:36:41.0754 1228 iScsiPrt - ok
    10:36:42.0030 1228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    10:36:42.0032 1228 iteatapi - ok
    10:36:42.0084 1228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    10:36:42.0087 1228 iteraid - ok
    10:36:42.0154 1228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    10:36:42.0157 1228 kbdclass - ok
    10:36:42.0316 1228 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    10:36:42.0351 1228 kbdhid - ok
    10:36:42.0464 1228 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    10:36:42.0487 1228 KSecDD - ok
    10:36:42.0573 1228 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
    10:36:42.0576 1228 Lbd - ok
    10:36:42.0739 1228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    10:36:42.0741 1228 lltdio - ok
    10:36:42.0833 1228 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    10:36:42.0837 1228 LSI_FC - ok
    10:36:42.0937 1228 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    10:36:42.0940 1228 LSI_SAS - ok
    10:36:43.0240 1228 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    10:36:43.0243 1228 LSI_SCSI - ok
    10:36:43.0320 1228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    10:36:43.0323 1228 luafv - ok
    10:36:43.0385 1228 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    10:36:43.0388 1228 LVPr2Mon - ok
    10:36:43.0558 1228 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
    10:36:43.0603 1228 LVRS - ok
    10:36:44.0331 1228 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
    10:36:44.0579 1228 LVUVC - ok
    10:36:44.0727 1228 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    10:36:44.0730 1228 mdmxsdk - ok
    10:36:44.0782 1228 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    10:36:44.0784 1228 megasas - ok
    10:36:45.0089 1228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    10:36:45.0091 1228 Modem - ok
    10:36:45.0333 1228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    10:36:45.0335 1228 monitor - ok
    10:36:45.0401 1228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    10:36:45.0403 1228 mouclass - ok
    10:36:45.0441 1228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    10:36:45.0444 1228 mouhid - ok
    10:36:45.0827 1228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    10:36:45.0869 1228 MountMgr - ok
    10:36:45.0954 1228 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    10:36:45.0958 1228 mpio - ok
    10:36:46.0294 1228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    10:36:46.0331 1228 mpsdrv - ok
    10:36:46.0400 1228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    10:36:46.0402 1228 Mraid35x - ok
    10:36:46.0489 1228 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    10:36:46.0492 1228 MREMP50 - ok
    10:36:46.0572 1228 MREMP50a64 - ok
    10:36:46.0603 1228 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    10:36:46.0605 1228 MRESP50 - ok
    10:36:46.0645 1228 MRESP50a64 - ok
    10:36:46.0706 1228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    10:36:46.0711 1228 MRxDAV - ok
    10:36:46.0776 1228 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:36:46.0782 1228 mrxsmb - ok
    10:36:46.0898 1228 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:36:46.0938 1228 mrxsmb10 - ok
    10:36:46.0998 1228 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:36:47.0002 1228 mrxsmb20 - ok
    10:36:47.0063 1228 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
    10:36:47.0065 1228 msahci - ok
    10:36:47.0155 1228 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    10:36:47.0159 1228 msdsm - ok
    10:36:47.0251 1228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    10:36:47.0253 1228 Msfs - ok
    10:36:47.0316 1228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    10:36:47.0319 1228 msisadrv - ok
    10:36:47.0451 1228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    10:36:47.0453 1228 MSKSSRV - ok
    10:36:47.0579 1228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:36:47.0581 1228 MSPCLOCK - ok
    10:36:47.0631 1228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    10:36:47.0633 1228 MSPQM - ok
    10:36:47.0752 1228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    10:36:47.0758 1228 MsRPC - ok
    10:36:47.0894 1228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    10:36:47.0929 1228 mssmbios - ok
    10:36:48.0070 1228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    10:36:48.0106 1228 MSTEE - ok
    10:36:48.0275 1228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    10:36:48.0278 1228 Mup - ok
    10:36:48.0422 1228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    10:36:48.0427 1228 NativeWifiP - ok
    10:36:48.0988 1228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    10:36:49.0023 1228 NDIS - ok
    10:36:49.0137 1228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:36:49.0140 1228 NdisTapi - ok
    10:36:49.0218 1228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:36:49.0220 1228 Ndisuio - ok
    10:36:49.0286 1228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:36:49.0290 1228 NdisWan - ok
    10:36:49.0420 1228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    10:36:49.0423 1228 NDProxy - ok
    10:36:49.0676 1228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    10:36:49.0679 1228 NetBIOS - ok
    10:36:49.0753 1228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    10:36:49.0759 1228 netbt - ok
    10:36:49.0879 1228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    10:36:49.0882 1228 nfrd960 - ok
    10:36:50.0210 1228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    10:36:50.0212 1228 Npfs - ok
    10:36:50.0267 1228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    10:36:50.0269 1228 nsiproxy - ok
    10:36:50.0344 1228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    10:36:50.0390 1228 Ntfs - ok
    10:36:50.0501 1228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    10:36:50.0503 1228 ntrigdigi - ok
    10:36:50.0614 1228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    10:36:50.0616 1228 Null - ok
    10:36:50.0681 1228 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    10:36:50.0685 1228 nvraid - ok
    10:36:50.0759 1228 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    10:36:50.0762 1228 nvstor - ok
    10:36:51.0044 1228 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
    10:36:51.0048 1228 nv_agp - ok
    10:36:51.0090 1228 NwlnkFlt - ok
    10:36:51.0124 1228 NwlnkFwd - ok
    10:36:51.0219 1228 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    10:36:51.0221 1228 ohci1394 - ok
    10:36:51.0335 1228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    10:36:51.0338 1228 Parport - ok
    10:36:51.0395 1228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    10:36:51.0466 1228 partmgr - ok
    10:36:51.0533 1228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    10:36:51.0536 1228 Parvdm - ok
    10:36:51.0700 1228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    10:36:51.0740 1228 pci - ok
    10:36:51.0812 1228 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    10:36:51.0814 1228 pciide - ok
    10:36:51.0958 1228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    10:36:51.0964 1228 pcmcia - ok
    10:36:52.0114 1228 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    10:36:52.0117 1228 pcouffin - ok
    10:36:52.0217 1228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    10:36:52.0252 1228 PEAUTH - ok
    10:36:52.0488 1228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    10:36:52.0491 1228 PptpMiniport - ok
    10:36:52.0668 1228 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    10:36:52.0670 1228 Processor - ok
    10:36:52.0754 1228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    10:36:52.0757 1228 PSched - ok
    10:36:52.0878 1228 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
    10:36:52.0880 1228 PxHelp20 - ok
    10:36:53.0017 1228 qgdttjh - ok
    10:36:53.0134 1228 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    10:36:53.0212 1228 ql2300 - ok
    10:36:53.0367 1228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    10:36:53.0371 1228 ql40xx - ok
    10:36:53.0491 1228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    10:36:53.0494 1228 QWAVEdrv - ok
    10:36:53.0693 1228 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    10:36:53.0781 1228 R300 - ok
    10:36:53.0867 1228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    10:36:53.0870 1228 RasAcd - ok
    10:36:54.0166 1228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:36:54.0170 1228 Rasl2tp - ok
    10:36:54.0293 1228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:36:54.0296 1228 RasPppoe - ok
    10:36:54.0401 1228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    10:36:54.0405 1228 RasSstp - ok
    10:36:54.0573 1228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    10:36:54.0611 1228 rdbss - ok
    10:36:54.0689 1228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:36:54.0692 1228 RDPCDD - ok
    10:36:54.0906 1228 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
    10:36:54.0914 1228 rdpdr - ok
    10:36:54.0947 1228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    10:36:54.0950 1228 RDPENCDD - ok
    10:36:55.0025 1228 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    10:36:55.0031 1228 RDPWD - ok
    10:36:55.0144 1228 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
    10:36:55.0147 1228 rimmptsk - ok
    10:36:55.0251 1228 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
    10:36:55.0253 1228 rimsptsk - ok
    10:36:55.0303 1228 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    10:36:55.0306 1228 rismxdp - ok
    10:36:55.0436 1228 RPSKT - ok
    10:36:55.0514 1228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    10:36:55.0518 1228 rspndr - ok
    10:36:55.0785 1228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    10:36:55.0789 1228 sbp2port - ok
    10:36:55.0876 1228 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
    10:36:55.0880 1228 SBRE - ok
    10:36:56.0381 1228 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    10:36:56.0385 1228 sdbus - ok
    10:36:56.0527 1228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    10:36:56.0529 1228 secdrv - ok
    10:36:56.0769 1228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    10:36:56.0801 1228 Serenum - ok
    10:36:56.0880 1228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    10:36:56.0884 1228 Serial - ok
    10:36:57.0079 1228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    10:36:57.0081 1228 sermouse - ok
    10:36:57.0294 1228 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    10:36:57.0296 1228 sffdisk - ok
    10:36:57.0375 1228 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    10:36:57.0377 1228 sffp_mmc - ok
    10:36:57.0518 1228 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    10:36:57.0520 1228 sffp_sd - ok
    10:36:57.0595 1228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    10:36:57.0597 1228 sfloppy - ok
    10:36:57.0762 1228 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
    10:36:57.0765 1228 sisagp - ok
    10:36:57.0847 1228 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    10:36:57.0850 1228 SiSRaid2 - ok
    10:36:58.0081 1228 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    10:36:58.0109 1228 SiSRaid4 - ok
    10:36:58.0215 1228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    10:36:58.0299 1228 Smb - ok
    10:36:58.0448 1228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    10:36:58.0450 1228 spldr - ok
    10:36:58.0570 1228 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    10:36:58.0579 1228 srv - ok
    10:36:58.0706 1228 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    10:36:58.0712 1228 srv2 - ok
    10:36:58.0791 1228 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    10:36:58.0795 1228 srvnet - ok
    10:36:58.0866 1228 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
    10:36:58.0901 1228 sscdbus - ok
    10:36:59.0025 1228 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    10:36:59.0028 1228 sscdmdfl - ok
    10:36:59.0132 1228 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
    10:36:59.0136 1228 sscdmdm - ok
    10:36:59.0312 1228 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
    10:36:59.0351 1228 sscdserd - ok
    10:36:59.0495 1228 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
    10:36:59.0506 1228 STHDA - ok
    10:36:59.0585 1228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    10:36:59.0587 1228 swenum - ok
    10:36:59.0655 1228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    10:36:59.0657 1228 Symc8xx - ok
    10:36:59.0703 1228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    10:36:59.0735 1228 Sym_hi - ok
    10:36:59.0836 1228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    10:36:59.0839 1228 Sym_u3 - ok
    10:36:59.0975 1228 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    10:37:00.0009 1228 Tcpip - ok
    10:37:00.0720 1228 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    10:37:00.0734 1228 Tcpip6 - ok
    10:37:00.0864 1228 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    10:37:00.0868 1228 tcpipreg - ok
    10:37:00.0952 1228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    10:37:00.0954 1228 TDPIPE - ok
    10:37:01.0013 1228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    10:37:01.0015 1228 TDTCP - ok
    10:37:01.0118 1228 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    10:37:01.0121 1228 tdx - ok
    10:37:01.0254 1228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    10:37:01.0258 1228 TermDD - ok
    10:37:01.0388 1228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:37:01.0391 1228 tssecsrv - ok
    10:37:01.0610 1228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    10:37:01.0612 1228 tunmp - ok
    10:37:01.0689 1228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    10:37:01.0691 1228 tunnel - ok
    10:37:01.0760 1228 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    10:37:01.0764 1228 uagp35 - ok
    10:37:01.0887 1228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    10:37:01.0896 1228 udfs - ok
    10:37:02.0092 1228 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
    10:37:02.0095 1228 uliagpkx - ok
    10:37:02.0177 1228 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    10:37:02.0185 1228 uliahci - ok
    10:37:02.0240 1228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    10:37:02.0245 1228 UlSata - ok
    10:37:02.0432 1228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    10:37:02.0437 1228 ulsata2 - ok
    10:37:02.0566 1228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    10:37:02.0568 1228 umbus - ok
    10:37:02.0645 1228 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    10:37:02.0647 1228 USBAAPL - ok
    10:37:02.0727 1228 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    10:37:02.0731 1228 usbaudio - ok
    10:37:02.0816 1228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    10:37:02.0820 1228 usbccgp - ok
    10:37:02.0943 1228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    10:37:02.0947 1228 usbcir - ok
    10:37:03.0040 1228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    10:37:03.0043 1228 usbehci - ok
    10:37:03.0102 1228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    10:37:03.0109 1228 usbhub - ok
    10:37:03.0248 1228 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    10:37:03.0251 1228 usbohci - ok
    10:37:03.0329 1228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    10:37:03.0331 1228 usbprint - ok
    10:37:03.0434 1228 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    10:37:03.0437 1228 usbscan - ok
    10:37:03.0594 1228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:37:03.0597 1228 USBSTOR - ok
    10:37:03.0675 1228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    10:37:03.0678 1228 usbuhci - ok
    10:37:03.0760 1228 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    10:37:03.0766 1228 usbvideo - ok
    10:37:03.0840 1228 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
    10:37:03.0842 1228 usb_rndisx - ok
    10:37:03.0958 1228 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:37:03.0961 1228 vga - ok
    10:37:04.0076 1228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    10:37:04.0078 1228 VgaSave - ok
    10:37:04.0125 1228 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
    10:37:04.0128 1228 viaagp - ok
    10:37:04.0191 1228 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    10:37:04.0194 1228 ViaC7 - ok
    10:37:04.0268 1228 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
    10:37:04.0270 1228 viaide - ok
    10:37:04.0379 1228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    10:37:04.0382 1228 volmgr - ok
    10:37:04.0479 1228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    10:37:04.0488 1228 volmgrx - ok
    10:37:04.0566 1228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    10:37:04.0573 1228 volsnap - ok
    10:37:04.0686 1228 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    10:37:04.0691 1228 vsmraid - ok
    10:37:04.0788 1228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    10:37:04.0791 1228 WacomPen - ok
    10:37:04.0865 1228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    10:37:04.0868 1228 Wanarp - ok
    10:37:04.0893 1228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    10:37:04.0895 1228 Wanarpv6 - ok
    10:37:05.0014 1228 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    10:37:05.0017 1228 Wd - ok
    10:37:05.0114 1228 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    10:37:05.0148 1228 Wdf01000 - ok
    10:37:05.0383 1228 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    10:37:05.0416 1228 winachsf - ok
    10:37:05.0582 1228 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    10:37:05.0584 1228 WmiAcpi - ok
    10:37:05.0682 1228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    10:37:05.0685 1228 WpdUsb - ok
    10:37:05.0749 1228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    10:37:05.0752 1228 ws2ifsl - ok
    10:37:05.0885 1228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:37:05.0889 1228 WUDFRd - ok
    10:37:05.0967 1228 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    10:37:05.0970 1228 XAudio - ok
    10:37:06.0092 1228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    10:37:06.0136 1228 \Device\Harddisk0\DR0 - ok
    10:37:06.0158 1228 Boot (0x1200) (b36b2b1cf28f89c9eb2043708663ea66) \Device\Harddisk0\DR0\Partition0
    10:37:06.0161 1228 \Device\Harddisk0\DR0\Partition0 - ok
    10:37:06.0170 1228 Boot (0x1200) (bf8884cc45984339a36a4361ad4c2dbd) \Device\Harddisk0\DR0\Partition1
    10:37:06.0172 1228 \Device\Harddisk0\DR0\Partition1 - ok
    10:37:06.0176 1228 ============================================================
    10:37:06.0176 1228 Scan finished
    10:37:06.0176 1228 ============================================================
    10:37:06.0203 3064 Detected object count: 2
    10:37:06.0203 3064 Actual detected object count: 2
    10:38:19.0714 3064 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
    10:38:20.0355 3064 Backup copy found, using it..
    10:38:20.0371 3064 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
    10:38:20.0371 3064 cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
    10:38:20.0515 3064 C:\Windows\2129821162:360844673.exe - copied to quarantine
    10:38:20.0516 3064 ea7df27e ( Rootkit.Win32.PMax.gen ) - User select action: Quarantine

  6. #6
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi mnyyoungs,

    LOL!! I hate sitting waiting on flights hahahaha!! Lets get this going and try to knock this out.

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

  7. #7
    Member
    Join Date
    Oct 2011
    Posts
    81

    Default

    my laptop starts up fine, but the mouse seems to be frozen, as such, I need some help! :( Any suggestions. I've tried cont/alt/del..nadda...pulled the battery out to restart...same thing...is that the nasty bug? :( or driver error....lol

  8. #8
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi mnyyoungs,

    It is hard to tell just yet what might be causing the mouse problem, but it is likely the virus. Try to boot into Safe Mode with Networking and follow the earlier instructions for ComboFix. When ComboFix completes there will be a log produced I will need in your next reply.

    If you still have a problem let me know. I have provided the instructions below for how to boot into Safe Mode.

    Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode
    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode with Networking menu item
    • Press Enter.

  9. #9
    Member
    Join Date
    Oct 2011
    Posts
    81

    Default

    External mouse working on the infected computer, but keyboard and mouse pad aren't working...however, here is the Combo Fix scan....is it good news?!?!?!


    ComboFix 11-10-30.03 - Family 31/10/2011 13:44:20.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1225 [GMT -4:00]
    Running from: c:\users\Family\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Family\AppData\Local\ea7df27e
    c:\users\Family\AppData\Local\ea7df27e\@
    c:\users\Family\AppData\Local\ea7df27e\U\80000000.@
    c:\users\Family\AppData\Local\ea7df27e\U\800000cb.@
    c:\users\Family\AppData\Local\ea7df27e\X
    c:\users\Family\Documents\~WRL0001.tmp
    c:\users\Family\Documents\~WRL3224.tmp
    c:\users\Family\g2mdlhlpx.exe
    c:\users\Family\wevtapi.dll
    c:\windows\$NtUninstallKB59388$
    c:\windows\$NtUninstallKB59388$\2762484775
    c:\windows\$NtUninstallKB59388$\3934122622\@
    c:\windows\$NtUninstallKB59388$\3934122622\L\qnbwvoto
    c:\windows\$NtUninstallKB59388$\3934122622\loader.tlb
    c:\windows\$NtUninstallKB59388$\3934122622\U\@00000001
    c:\windows\$NtUninstallKB59388$\3934122622\U\@000000c0
    c:\windows\$NtUninstallKB59388$\3934122622\U\@000000cb
    c:\windows\$NtUninstallKB59388$\3934122622\U\@000000cf
    c:\windows\$NtUninstallKB59388$\3934122622\U\@80000000
    c:\windows\$NtUninstallKB59388$\3934122622\U\@800000c0
    c:\windows\$NtUninstallKB59388$\3934122622\U\@800000cb
    c:\windows\$NtUninstallKB59388$\3934122622\U\@800000cf
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\
    c:\windows\system32\c_41644.nls
    c:\windows\system32\drivers\
    .
    Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
    Restored copy from - The cat found it
    Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected
    Restored copy from - c:\program files\AVG\AVG2012\
    .
    Infected copy of c:\programdata\Clickfree\C2NPlus\UACProxy.exe was found and disinfected
    Restored copy from - c:\programdata\Clickfree\C2NPlus\
    .
    c:\windows\system32\CSHelper.exe . . . is infected!!
    c:\windows\system32\CSHelper.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\windows\system32\dlbxcoms.exe . . . is infected!!
    c:\windows\system32\dlbxcoms.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\windows\2129821162:360844673.exe . . . is infected!!
    c:\windows\2129821162:360844673.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Program Files!Google!Update!GoogleUpdate.exe
    .
    Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected
    Restored copy from - c:\program files\Google\Common\Google Updater\
    .
    Infected copy of c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe was found and disinfected
    Restored copy from - c:\program files\Common Files\LogiShrd\LVMVFM\
    .
    Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
    Restored copy from - c:\program files\Common Files\Motive\
    .
    Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected
    Restored copy from - c:\program files\Common Files\microsoft shared\Source Engine\
    .
    Infected copy of c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe was found and disinfected
    Restored copy from - c:\program files\Common Files\Intuit\QuickBooks\
    .
    .
    c:\windows\system32\STacSV.exe . . . is infected!!
    c:\windows\system32\STacSV.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe was found and disinfected
    Restored copy from - c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\
    .
    Infected copy of c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE was found and disinfected
    Restored copy from - c:\program files\Common Files\microsoft shared\Windows Live\
    .
    Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\del000fz.inf_291182ff\XAudio.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_ea7df27e
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-31 18:23 . 2011-10-31 18:23 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-10-31 18:23 . 2011-10-31 18:23 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-10-31 18:23 . 2011-10-31 18:23 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-10-31 18:23 . 2011-10-31 18:23 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-10-31 18:23 . 2011-10-31 18:23 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-10-31 18:23 . 2011-10-31 18:23 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-10-31 18:23 . 2011-10-31 18:23 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-10-31 18:18 . 2011-10-31 18:18 1529728 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2011-10-31 18:13 . 2011-10-31 18:13 145184 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    2011-10-30 14:44 . 2011-10-30 14:44 48016 --sha-w- c:\windows\system32\c_41644.nl_
    2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-28 08:13 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D208FC11-8E7A-4DE4-917E-F39D40F22D8F}\mpengine.dll
    2011-10-26 02:11 . 2011-10-26 02:11 -------- d-----w- c:\program files\ERUNT
    2011-10-25 22:48 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-10-24 17:56 . 2011-10-24 17:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-24 17:36 . 2008-01-19 07:33 163840 ----a-w- c:\users\Family\taskmgr.exe
    2011-10-12 15:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 15:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 15:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 15:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-08 14:44 . 2011-10-08 14:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2011-10-08 14:44 . 2011-10-08 14:44 -------- d-----w- c:\program files\AVG Secure Search
    2011-10-08 14:41 . 2011-10-08 14:41 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012
    2011-10-08 14:39 . 2011-10-13 07:58 -------- d-----w- c:\programdata\AVG2012
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-30 14:43 . 2009-07-26 02:26 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2011-10-25 23:46 . 2008-07-19 16:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-31 21:00 . 2008-05-06 03:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-24 11:57 . 2011-08-24 11:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-11 04:09 . 2011-08-11 04:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2011-09-10 00:46 . 2011-09-10 00:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2011-04-14 18:01 . 2010-10-25 17:37 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
    .
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
    .
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
    .
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\Clickfree\C2NPlus\reminder\SacReminder.exe" [2011-01-20 870224]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
    "DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-10 30192]
    .
    c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-10-13 984408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableStartupSound"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2008-12-20 04:48 342848 ----a-w- c:\users\Family\Program Files\DNA\btdna.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-11-22 12:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R0 qgdttjh;qgdttjh;c:\windows\System32\drivers\bpfvii.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]
    R2 gupdate1c9834ebde52a90;Google Update Service (gupdate1c9834ebde52a90);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-10 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-07-09 47360]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-10-31 192776]
    S2 CFUACProxy_c2nplus;CFUACProxy_c2nplus;c:\programdata\Clickfree\C2NPlus\UACProxy.exe [2011-10-31 87368]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2011-10-25 157296]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2011-10-31 1153368]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-31 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-31 18:10]
    .
    2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{1A27E350-4EB9-4A64-8D25-115B91043FBF}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.2.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\85q3ua9k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e2b35e5&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=ca&lng=en-GB&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
    FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
    HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
    SafeBoot-86822721.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-31 14:23
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass]
    "ImagePath"="\*"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,f0,d9,f8,d9,92,fd,4d,ae,29,ae,\
    .
    [HKEY_USERS\S-1-5-21-2740605613-3585765697-2305856818-1000\Software\SecuROM\License information*]
    "datasecu"=hex:cb,cc,19,08,d8,6d,2e,40,1a,65,bb,68,0a,b9,d8,3d,ed,1e,80,69,df,
    e9,de,db,27,4a,44,51,86,72,49,6f,cd,da,71,56,3c,29,57,35,4a,5a,58,0d,a3,ce,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-31 14:34:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-31 18:34
    .
    Pre-Run: 66,512,236,544 bytes free
    Post-Run: 65,855,041,536 bytes free
    .
    - - End Of File - - 2B2AE00A9DEEF47EF37C81E0E8BC7EE4

  10. #10
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi mnyyoungs,

    Good job getting that log. About how good it is the jury is still out, but I will look it over.

    Please run TDSSKiller once again and post that log while I am looking over the ComboFix log.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •