Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKits and Trojans and Bugs.. OH MY!


  • This topic is locked This topic is locked
14 replies to this topic

#1 skitzo

skitzo

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 01:59 PM

My mother was having issues with her laptop, and she has since dropped it to me. Hopefully we can get this back to her sooner then later as it has some important documents on it. I have followed the start up instructions, and the following are the results of the logs generated.

Thanks for all your help and support!
-N
___________________________________________________


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sharon at 14:30:03.47 on 04/10/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3006.1323 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\System32\svchost.exe"
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Sharon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: moigh Object: {0bb2645f-9eac-491e-9fc2-47b6b1c63c4e} - c:\windows\system32\qhlsp.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: adShotHlpr Object: {d1f4bb13-1e36-4ff5-be28-7000881cdd45} - c:\windows\system32\uhlsp.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Vmatofi] rundll32.exe "c:\users\sharon\appdata\local\WMPI102.dll",Startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sta] rundll32 "uhlsp.dll",,Run
mRun: [MChk] c:\windows\system32\hhlsp.exe
mRun: [Myatifopa] rundll32.exe "c:\users\sharon\appdata\local\ubudulofo.dll",Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://firepass.caslondon.on.ca/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1010,310
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://firepass.caslondon.on.ca/vdesk/terminal/urTermProxy.cab#version=6020,2008,0717,1602
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://firepass.caslondon.on.ca/vdesk/terminal/urxhost.cab#version=6031,2009,1010,304
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\sharon\appdata\roaming\mozilla\firefox\profiles\2a5nsjp7.default\
FF - plugin: c:\users\sharon\appdata\roaming\mozilla\firefox\profiles\2a5nsjp7.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8} - c:\users\sharon\appdata\local\{571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-22 56816]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-7-20 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-7-20 24416]

=============== Created Last 30 ================

2010-10-04 18:24:41 0 ----a-w- c:\users\sharon\defogger_reenable
2010-09-29 01:14:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 00:45:06 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 00:44:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 00:44:48 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 00:44:21 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-10-04 18:30:10 768000 ----a-w- c:\windows\system32\drivers\miqcwwm.sys
2010-10-04 18:26:20 27934 ----a-w- c:\programdata\nvModes.dat
2010-07-21 03:56:55 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-01-08 00:59:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-08 00:59:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-08 00:59:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-08 00:59:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-20 13:43:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022020100221\index.dat

============= FINISH: 14:31:34.21 ===============

_____________________________________________________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/05/2008 12:42:35 AM
System Uptime: 10/03/2010 7:37:39 PM (4987 hours ago)

Motherboard: Quanta | | 30D1
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 80.274 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP295: 14/08/2010 - Scheduled Checkpoint
RP296: 14/08/2010 3:00:12 AM - Windows Update
RP297: 15/08/2010 - Scheduled Checkpoint
RP298: 22/08/2010 9:59:35 PM - Windows Update
RP299: 23/08/2010 9:57:05 PM - Windows Update
RP300: 02/09/2010 9:17:30 PM - Windows Update
RP301: 07/09/2010 10:06:35 PM - Windows Update
RP302: 08/09/2010 3:57:44 PM - Scheduled Checkpoint
RP303: 13/09/2010 9:35:48 PM - Windows Update
RP304: 14/09/2010 8:39:04 PM - Windows Update
RP305: 15/09/2010 3:00:31 AM - Windows Update
RP306: 17/09/2010 5:48:56 PM - Windows Update
RP307: 21/09/2010 6:43:34 PM - Windows Update
RP308: 24/09/2010 9:38:51 PM - Windows Update
RP309: 28/09/2010 9:13:54 PM - Windows Update
RP310: 29/09/2010 3:00:25 AM - Windows Update

==== Installed Programs ======================

"Nero SoundTrax Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player
Advertising Center
Atheros Driver Installation Program
µTorrent
Avira AntiVir Personal - Free Antivirus
Combined Community Codec Pack 2009-09-09
Conexant HD Audio
CyberLink YouCam
DolbyFiles
DVD Decrypter (Remove Only)
DVD Suite
EA Link
GoToMeeting 4.0.0.320
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Doc Viewer
HP QuickTouch 1.00 C4
HP User Guides 0088
HP Wireless Assistant
ImagXpress
Java™ 6 Update 2
LabelPrint
LightScribe System Software 1.14.17.1
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Movie Templates - Starter Kit
Mozilla Firefox (3.5.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NetWaiting
NVIDIA Drivers
Remote Control USB Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SoulSeek 157 NS 13c
SoundTrax
Spybot - Search & Destroy
Street-Ads Browser Enhancer
Synaptics Pointing Device Driver
The Sims™ Life Stories
UnHackMe 5.95 release
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
WeatherBug Gadget
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-04 14:57:30
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Sharon\AppData\Local\Temp\uxryrkob.sys


---- System - GMER 1.0.15 ----

SSDT 9BBC4F34 ZwCreateThread
SSDT 9BBC4F20 ZwOpenProcess
SSDT 9BBC4F25 ZwOpenThread
SSDT 9BBC4F2F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 822AC984 4 Bytes [34, 4F, BC, 9B]
.text ntkrnlpa.exe!KeSetEvent + 3F1 822ACB54 4 Bytes [20, 4F, BC, 9B] {AND [EDI-0x44], CL; WAIT }
.text ntkrnlpa.exe!KeSetEvent + 40D 822ACB70 4 Bytes [25, 4F, BC, 9B]
.text ntkrnlpa.exe!KeSetEvent + 621 822ACD84 4 Bytes [2F, 4F, BC, 9B]
? System32\Drivers\miqcwwm.sys A device attached to the system is not functioning. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E208340, 0x3FA057, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\svchost.exe[2560] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3564] kernel32.dll!SetUnhandledExceptionFilter 75F3A84F 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84B13A38

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] miqcwwm <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet006\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet006\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet006\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet006\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet007\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet007\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet007\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet007\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet008\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet008\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet008\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet008\Services\miqcwwm@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet009\Services\miqcwwm@Type 1
Reg HKLM\SYSTEM\ControlSet009\Services\miqcwwm@Start 0
Reg HKLM\SYSTEM\ControlSet009\Services\miqcwwm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet009\Services\miqcwwm@Group Boot Bus Extender

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid 65536 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 04 October 2010 - 02:24 PM

Hi skitzo,



Step1
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop.
  3. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  4. If an infected file is detected, the default action will be Cure, click on Continue.
  5. If a suspicious file is detected, the default action will be Skip, click on Continue.
  6. It may ask you to reboot the computer to complete the process. Click on Reboot Now
  7. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  8. If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  5. Click the "Quick Scan" button.
  6. The scan should take just a few minutes.
  7. OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  8. Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller log
2.MBAMn log
3.OTListIt.txt and Extra.txt Thanks


#3 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 03:15 PM

As requested:

2010/10/04 15:29:17.0206 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/04 15:29:17.0206 ================================================================================
2010/10/04 15:29:17.0206 SystemInfo:
2010/10/04 15:29:17.0206
2010/10/04 15:29:17.0206 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/04 15:29:17.0206 Product type: Workstation
2010/10/04 15:29:17.0222 ComputerName: SHARON-LAP
2010/10/04 15:29:17.0222 UserName: Sharon
2010/10/04 15:29:17.0222 Windows directory: C:\Windows
2010/10/04 15:29:17.0222 System windows directory: C:\Windows
2010/10/04 15:29:17.0222 Processor architecture: Intel x86
2010/10/04 15:29:17.0222 Number of processors: 2
2010/10/04 15:29:17.0222 Page size: 0x1000
2010/10/04 15:29:17.0222 Boot type: Normal boot
2010/10/04 15:29:17.0222 ================================================================================
2010/10/04 15:29:17.0596 Initialize success
2010/10/04 15:29:21.0294 ================================================================================
2010/10/04 15:29:21.0294 Scan started
2010/10/04 15:29:21.0294 Mode: Manual;
2010/10/04 15:29:21.0294 ================================================================================
2010/10/04 15:29:22.0136 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/04 15:29:22.0214 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/04 15:29:22.0292 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/04 15:29:22.0339 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/04 15:29:22.0417 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/04 15:29:22.0510 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/04 15:29:22.0557 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/04 15:29:22.0604 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/04 15:29:22.0666 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/04 15:29:22.0713 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/04 15:29:22.0776 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/04 15:29:22.0807 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/04 15:29:22.0838 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/04 15:29:22.0932 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/04 15:29:22.0994 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/04 15:29:23.0056 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/04 15:29:23.0119 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/04 15:29:23.0212 athr (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys
2010/10/04 15:29:23.0306 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/04 15:29:23.0353 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/04 15:29:23.0400 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/04 15:29:23.0478 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/04 15:29:23.0509 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/04 15:29:23.0587 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/04 15:29:23.0602 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/04 15:29:23.0665 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/04 15:29:23.0696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/04 15:29:23.0758 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/04 15:29:23.0805 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/04 15:29:23.0852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/04 15:29:23.0883 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/04 15:29:23.0930 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/04 15:29:23.0992 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/04 15:29:24.0039 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/04 15:29:24.0102 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/10/04 15:29:24.0148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/04 15:29:24.0211 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/04 15:29:24.0242 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/04 15:29:24.0304 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/10/04 15:29:24.0336 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/04 15:29:24.0367 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/04 15:29:24.0414 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/04 15:29:24.0507 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/04 15:29:24.0570 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/04 15:29:24.0663 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/04 15:29:24.0726 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/04 15:29:24.0788 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/04 15:29:24.0882 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/04 15:29:24.0960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/04 15:29:25.0022 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/04 15:29:25.0131 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/04 15:29:25.0162 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/04 15:29:25.0194 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/04 15:29:25.0256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/04 15:29:25.0303 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/04 15:29:25.0350 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/04 15:29:25.0396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/04 15:29:25.0474 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/04 15:29:25.0584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/04 15:29:25.0693 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2010/10/04 15:29:25.0771 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/04 15:29:25.0802 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/04 15:29:25.0833 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/04 15:29:25.0911 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/04 15:29:25.0989 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/04 15:29:26.0052 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/04 15:29:26.0130 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/10/04 15:29:26.0208 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/04 15:29:26.0270 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/04 15:29:26.0348 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/04 15:29:26.0426 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/04 15:29:26.0473 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/04 15:29:26.0520 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/04 15:29:26.0566 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/04 15:29:26.0644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/04 15:29:26.0707 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/04 15:29:26.0754 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/04 15:29:26.0816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/04 15:29:26.0894 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/04 15:29:26.0925 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/04 15:29:26.0972 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/04 15:29:27.0019 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/04 15:29:27.0066 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/04 15:29:27.0112 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/04 15:29:27.0159 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/04 15:29:27.0206 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/04 15:29:27.0268 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/04 15:29:27.0362 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/04 15:29:27.0456 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/04 15:29:27.0518 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/04 15:29:27.0580 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/04 15:29:27.0627 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/04 15:29:27.0658 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/04 15:29:27.0721 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/04 15:29:27.0768 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/04 15:29:27.0830 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/04 15:29:27.0861 Suspicious service (NoAccess): miqcwwm
2010/10/04 15:29:27.0924 miqcwwm (f86cf5b4eb1750270ad892c7943c61e4) C:\Windows\system32\drivers\miqcwwm.sys
2010/10/04 15:29:27.0924 Suspicious file (NoAccess): C:\Windows\system32\drivers\miqcwwm.sys. md5: f86cf5b4eb1750270ad892c7943c61e4
2010/10/04 15:29:27.0939 miqcwwm - detected Locked service (1)
2010/10/04 15:29:27.0970 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/04 15:29:28.0002 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/04 15:29:28.0033 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/04 15:29:28.0064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/04 15:29:28.0095 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/04 15:29:28.0158 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/04 15:29:28.0189 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/04 15:29:28.0267 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/04 15:29:28.0314 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/04 15:29:28.0376 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/04 15:29:28.0423 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/04 15:29:28.0454 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/04 15:29:28.0485 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/04 15:29:28.0516 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/04 15:29:28.0548 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/04 15:29:28.0594 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/04 15:29:28.0657 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/04 15:29:28.0704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/04 15:29:28.0750 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/04 15:29:28.0813 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/04 15:29:28.0860 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/04 15:29:28.0891 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/04 15:29:28.0922 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/04 15:29:29.0000 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/04 15:29:29.0062 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/04 15:29:29.0109 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/04 15:29:29.0140 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/04 15:29:29.0172 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/04 15:29:29.0203 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/04 15:29:29.0250 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/04 15:29:29.0312 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/04 15:29:29.0390 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/04 15:29:29.0452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/04 15:29:29.0499 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/04 15:29:29.0593 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/04 15:29:29.0640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/04 15:29:29.0702 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/04 15:29:29.0733 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/04 15:29:29.0811 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/10/04 15:29:30.0045 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/04 15:29:30.0232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/04 15:29:30.0295 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/10/04 15:29:30.0326 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/04 15:29:30.0373 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/04 15:29:30.0482 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/04 15:29:30.0560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/04 15:29:30.0638 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
2010/10/04 15:29:30.0669 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/04 15:29:30.0716 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/04 15:29:30.0763 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/04 15:29:30.0825 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/04 15:29:30.0872 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/04 15:29:30.0934 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/04 15:29:31.0059 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/04 15:29:31.0090 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/04 15:29:31.0184 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/04 15:29:31.0371 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/04 15:29:31.0418 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/04 15:29:31.0465 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/04 15:29:31.0496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/04 15:29:31.0543 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/04 15:29:31.0590 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/04 15:29:31.0652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/04 15:29:31.0699 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/04 15:29:31.0730 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/04 15:29:31.0777 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/04 15:29:31.0808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/04 15:29:31.0855 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/04 15:29:31.0917 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
2010/10/04 15:29:31.0995 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/04 15:29:32.0026 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/04 15:29:32.0058 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/04 15:29:32.0104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/04 15:29:32.0167 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/04 15:29:32.0245 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/04 15:29:32.0292 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/04 15:29:32.0338 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/04 15:29:32.0385 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/04 15:29:32.0416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/04 15:29:32.0479 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/10/04 15:29:32.0526 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/04 15:29:32.0572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/04 15:29:32.0619 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/04 15:29:32.0666 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/04 15:29:32.0697 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/04 15:29:32.0744 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/04 15:29:32.0806 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/04 15:29:32.0853 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/04 15:29:32.0916 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/04 15:29:32.0931 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/04 15:29:32.0994 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/04 15:29:33.0040 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/04 15:29:33.0087 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/04 15:29:33.0134 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/04 15:29:33.0274 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/04 15:29:33.0306 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/04 15:29:33.0352 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/04 15:29:33.0462 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/04 15:29:33.0508 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/04 15:29:33.0571 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/04 15:29:33.0602 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/04 15:29:33.0633 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/04 15:29:33.0696 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/04 15:29:33.0742 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/04 15:29:33.0836 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/04 15:29:33.0898 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/04 15:29:33.0930 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/04 15:29:33.0961 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/04 15:29:34.0008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/04 15:29:34.0054 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/04 15:29:34.0117 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/04 15:29:34.0164 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/04 15:29:34.0195 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/04 15:29:34.0242 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/04 15:29:34.0304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/04 15:29:34.0335 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/04 15:29:34.0366 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/04 15:29:34.0413 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/04 15:29:34.0444 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/04 15:29:34.0491 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/04 15:29:34.0538 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/04 15:29:34.0585 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/04 15:29:34.0616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/04 15:29:34.0663 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/04 15:29:34.0756 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/04 15:29:34.0788 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/04 15:29:34.0834 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/04 15:29:34.0881 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/04 15:29:34.0912 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/04 15:29:34.0959 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/04 15:29:35.0022 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/04 15:29:35.0068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/04 15:29:35.0131 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/04 15:29:35.0209 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/04 15:29:35.0240 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 15:29:35.0271 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 15:29:35.0318 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/04 15:29:35.0365 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/04 15:29:35.0490 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/04 15:29:35.0599 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/04 15:29:35.0692 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/04 15:29:35.0724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/04 15:29:35.0802 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/04 15:29:35.0848 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/04 15:29:35.0973 ================================================================================
2010/10/04 15:29:35.0973 Scan finished
2010/10/04 15:29:35.0973 ================================================================================
2010/10/04 15:29:36.0004 Detected object count: 1
2010/10/04 15:30:10.0866 Locked service(miqcwwm) - User select action: Skip
2010/10/04 15:30:17.0122 ================================================================================
2010/10/04 15:30:17.0122 Scan started
2010/10/04 15:30:17.0122 Mode: Manual;
2010/10/04 15:30:17.0122 ================================================================================
2010/10/04 15:30:17.0496 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/04 15:30:17.0559 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/04 15:30:17.0606 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/04 15:30:17.0668 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/04 15:30:17.0762 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/04 15:30:17.0840 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/04 15:30:17.0902 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/04 15:30:17.0949 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/04 15:30:17.0996 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/04 15:30:18.0027 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/04 15:30:18.0058 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/04 15:30:18.0105 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/04 15:30:18.0136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/04 15:30:18.0214 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/04 15:30:18.0276 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/04 15:30:18.0323 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/04 15:30:18.0386 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/04 15:30:18.0432 athr (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys
2010/10/04 15:30:18.0557 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/04 15:30:18.0588 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/04 15:30:18.0635 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/04 15:30:18.0713 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/04 15:30:18.0744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/04 15:30:18.0807 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/04 15:30:18.0822 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/04 15:30:18.0885 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/04 15:30:18.0916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/04 15:30:18.0963 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/04 15:30:19.0010 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/04 15:30:19.0056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/04 15:30:19.0088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/04 15:30:19.0119 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/04 15:30:19.0181 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/04 15:30:19.0228 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/04 15:30:19.0290 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/10/04 15:30:19.0368 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/04 15:30:19.0415 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/04 15:30:19.0462 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/04 15:30:19.0587 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/10/04 15:30:19.0618 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/04 15:30:19.0649 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/04 15:30:19.0696 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/04 15:30:19.0774 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/04 15:30:19.0821 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/04 15:30:19.0883 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/04 15:30:19.0946 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/04 15:30:19.0992 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/04 15:30:20.0070 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/04 15:30:20.0133 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/04 15:30:20.0195 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/04 15:30:20.0258 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/04 15:30:20.0320 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/04 15:30:20.0351 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/04 15:30:20.0414 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/04 15:30:20.0460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/04 15:30:20.0492 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/04 15:30:20.0538 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/04 15:30:20.0585 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/04 15:30:20.0632 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/04 15:30:20.0710 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2010/10/04 15:30:20.0788 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/04 15:30:20.0819 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/04 15:30:20.0866 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/04 15:30:20.0897 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/04 15:30:20.0975 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/04 15:30:21.0022 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/04 15:30:21.0053 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/10/04 15:30:21.0131 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/04 15:30:21.0194 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/04 15:30:21.0256 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/04 15:30:21.0318 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/04 15:30:21.0365 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/04 15:30:21.0412 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/04 15:30:21.0459 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/04 15:30:21.0537 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/04 15:30:21.0584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/04 15:30:21.0630 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/04 15:30:21.0693 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/04 15:30:21.0755 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/04 15:30:21.0802 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/04 15:30:21.0833 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/04 15:30:21.0880 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/04 15:30:21.0927 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/04 15:30:21.0974 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/04 15:30:22.0005 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/04 15:30:22.0052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/04 15:30:22.0114 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/04 15:30:22.0176 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/04 15:30:22.0254 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/04 15:30:22.0332 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/04 15:30:22.0379 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/04 15:30:22.0442 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/04 15:30:22.0488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/04 15:30:22.0535 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/04 15:30:22.0582 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/04 15:30:22.0629 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/04 15:30:22.0660 Suspicious service (NoAccess): miqcwwm
2010/10/04 15:30:22.0785 miqcwwm (f86cf5b4eb1750270ad892c7943c61e4) C:\Windows\system32\drivers\miqcwwm.sys
2010/10/04 15:30:22.0785 Suspicious file (NoAccess): C:\Windows\system32\drivers\miqcwwm.sys. md5: f86cf5b4eb1750270ad892c7943c61e4
2010/10/04 15:30:22.0785 miqcwwm - detected Locked service (1)
2010/10/04 15:30:22.0832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/04 15:30:22.0863 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/04 15:30:22.0894 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/04 15:30:22.0925 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/04 15:30:22.0956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/04 15:30:22.0988 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/04 15:30:23.0019 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/04 15:30:23.0066 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/04 15:30:23.0112 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/04 15:30:23.0175 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/04 15:30:23.0206 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/04 15:30:23.0237 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/04 15:30:23.0268 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/04 15:30:23.0300 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/04 15:30:23.0346 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/04 15:30:23.0393 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/04 15:30:23.0440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/04 15:30:23.0471 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/04 15:30:23.0502 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/04 15:30:23.0565 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/04 15:30:23.0596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/04 15:30:23.0643 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/04 15:30:23.0658 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/04 15:30:23.0736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/04 15:30:23.0799 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/04 15:30:23.0830 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/04 15:30:23.0861 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/04 15:30:23.0892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/04 15:30:23.0939 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/04 15:30:23.0970 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/04 15:30:24.0033 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/04 15:30:24.0111 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/04 15:30:24.0158 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/04 15:30:24.0204 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/04 15:30:24.0298 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/04 15:30:24.0345 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/04 15:30:24.0392 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/04 15:30:24.0423 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/04 15:30:24.0501 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/10/04 15:30:24.0750 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/04 15:30:24.0922 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/04 15:30:24.0984 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/10/04 15:30:25.0000 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/04 15:30:25.0047 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/04 15:30:25.0172 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/04 15:30:25.0250 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/04 15:30:25.0296 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
2010/10/04 15:30:25.0343 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/04 15:30:25.0374 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/04 15:30:25.0437 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/04 15:30:25.0468 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/04 15:30:25.0530 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/04 15:30:25.0577 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/04 15:30:25.0702 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/04 15:30:25.0733 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/04 15:30:25.0811 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/04 15:30:25.0874 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/04 15:30:25.0936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/04 15:30:25.0983 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/04 15:30:25.0998 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/04 15:30:26.0045 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/04 15:30:26.0092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/04 15:30:26.0139 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/04 15:30:26.0186 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/04 15:30:26.0217 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/04 15:30:26.0264 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/04 15:30:26.0279 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/04 15:30:26.0342 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/04 15:30:26.0388 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
2010/10/04 15:30:26.0451 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/04 15:30:26.0482 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/04 15:30:26.0513 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/04 15:30:26.0560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/04 15:30:26.0607 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/04 15:30:26.0700 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/04 15:30:26.0732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/04 15:30:26.0778 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/04 15:30:26.0825 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/04 15:30:26.0872 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/04 15:30:26.0950 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/10/04 15:30:26.0997 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/04 15:30:27.0028 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/04 15:30:27.0059 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/04 15:30:27.0106 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/04 15:30:27.0153 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/04 15:30:27.0200 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/04 15:30:27.0262 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/04 15:30:27.0309 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/04 15:30:27.0371 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/04 15:30:27.0402 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/04 15:30:27.0449 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/04 15:30:27.0496 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/04 15:30:27.0558 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/04 15:30:27.0605 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/04 15:30:27.0714 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/04 15:30:27.0777 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/04 15:30:27.0855 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/04 15:30:27.0948 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/04 15:30:27.0995 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/04 15:30:28.0058 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/04 15:30:28.0089 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/04 15:30:28.0136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/04 15:30:28.0182 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/04 15:30:28.0245 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/04 15:30:28.0338 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/04 15:30:28.0370 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/04 15:30:28.0432 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/04 15:30:28.0463 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/04 15:30:28.0510 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/04 15:30:28.0557 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/04 15:30:28.0619 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/04 15:30:28.0666 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/04 15:30:28.0697 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/04 15:30:28.0744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/04 15:30:28.0806 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/04 15:30:28.0838 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/04 15:30:28.0884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/04 15:30:28.0931 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/04 15:30:28.0962 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/04 15:30:29.0025 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/04 15:30:29.0072 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/04 15:30:29.0103 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/04 15:30:29.0150 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/04 15:30:29.0181 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/04 15:30:29.0243 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/04 15:30:29.0259 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/04 15:30:29.0321 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/04 15:30:29.0352 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/04 15:30:29.0399 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/04 15:30:29.0446 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/04 15:30:29.0493 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/04 15:30:29.0540 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/04 15:30:29.0586 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/04 15:30:29.0664 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/04 15:30:29.0711 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 15:30:29.0727 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 15:30:29.0789 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/04 15:30:29.0836 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/04 15:30:29.0945 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/04 15:30:30.0054 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/04 15:30:30.0148 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/04 15:30:30.0179 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/04 15:30:30.0242 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/04 15:30:30.0288 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/04 15:30:30.0413 ================================================================================
2010/10/04 15:30:30.0413 Scan finished
2010/10/04 15:30:30.0413 ================================================================================
2010/10/04 15:30:30.0429 Detected object count: 1
2010/10/04 15:30:46.0497 Locked service(miqcwwm) - User select action: Skip

___________________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4741

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

04/10/2010 4:00:31 PM
mbam-log-2010-10-04 (16-00-31).txt

Scan type: Quick scan
Objects scanned: 144644
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bb2645f-9eac-491e-9fc2-47b6b1c63c4e} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bb2645f-9eac-491e-9fc2-47b6b1c63c4e} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1f4bb13-1e36-4ff5-be28-7000881cdd45} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1f4bb13-1e36-4ff5-be28-7000881cdd45} (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vmatofi (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\host process for windows services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\myatifopa (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\system32\Drivers\miqcwwm.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.


#4 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 03:16 PM

OTL logfile created on: 04/10/2010 4:06:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.29 Gb Total Space | 79.09 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 2.01 Gb Free Space | 17.06% Space Free | Partition Type: NTFS
Drive E: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARON-LAP
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 16:05:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2010/09/17 20:22:26 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/07 10:14:04 | 000,594,200 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 16:27:22 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 16:05:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\xvdbvbuo.sys -- (xvdbvbuo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/07/20 23:57:00 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/07/20 23:55:48 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/01/25 04:02:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/01 09:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 09:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1846297269-884030038-2201495770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-1846297269-884030038-2201495770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-1846297269-884030038-2201495770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1846297269-884030038-2201495770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2009.1010.0304
FF - prefs.js..extensions.enabledItems: {571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8}: C:\Users\Sharon\AppData\Local\{571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8} [2010/07/20 23:03:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 20:22:28 | 000,000,000 | ---D | M]

[2008/12/06 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
[2010/10/04 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\2a5nsjp7.default\extensions
[2010/07/21 07:21:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\2a5nsjp7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/03 21:53:02 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\2a5nsjp7.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2008/12/06 20:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 21:57:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/22 21:57:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/22 21:57:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/22 21:57:31 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/01/18 09:59:07 | 000,291,283 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10029 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://firepass.caslondon.on.ca/vdesk/term...1,2009,1010,310 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://firepass.caslondon.on.ca/vdesk/term...,2008,0717,1602 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://firepass.caslondon.on.ca/vdesk/term...1,2009,1010,304 (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/01 23:53:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\Shell\AutoRun\command - "" = F:\driver\usb\usb_driver.exe -- File not found
O33 - MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\Shell\open\command - "" = F:\driver\usb\usb_driver.exe -- File not found
O33 - MountPoints2\{38687792-105f-11df-bb80-001e6829a3d3}\Shell\AutoRun\command - "" = F:\winlog.exe -- File not found
O33 - MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\Shell\AutoRun\command - "" = F:\driver\usb\usb_driver.exe -- File not found
O33 - MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\Shell\open\command - "" = F:\driver\usb\usb_driver.exe -- File not found
O33 - MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\Shell - "" = AutoRun
O33 - MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\Shell\AutoRun\command - "" = F:\DigitalPhotoKeychain.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 16:04:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2010/10/04 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Malwarebytes
[2010/10/04 15:36:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/04 15:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/04 15:36:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/04 15:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/04 15:28:58 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\TDSSKiller.exe
[2010/08/13 03:05:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/07/22 22:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/07/20 23:56:59 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/07/20 23:56:55 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/07/20 23:38:29 | 000,000,000 | ---D | C] -- C:\BackSys
[2010/07/20 23:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/07/20 23:05:52 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/07/20 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\RegRun2
[2010/07/20 23:04:15 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/07/20 23:04:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/07/20 23:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/20 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\{571F2C68-CFDD-4B5F-9B80-6F10F4CC83C8}
[2010/07/20 23:01:52 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\30BB8F9235AAE463BA3F1F952F5EC32F
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 16:08:43 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\miqcwwm.sys
[2010/10/04 16:06:04 | 007,077,888 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT
[2010/10/04 16:05:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2010/10/04 16:03:28 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/04 16:03:27 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/04 16:03:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 16:03:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 16:03:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 16:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 16:02:29 | 3152,871,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 16:01:34 | 000,524,288 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 16:01:34 | 000,065,536 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/04 16:01:14 | 006,291,456 | -H-- | M] () -- C:\Users\Sharon\AppData\Local\IconCache.db
[2010/10/04 15:36:11 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 14:25:38 | 000,525,824 | ---- | M] () -- C:\Users\Sharon\Desktop\dds.scr
[2010/10/04 14:24:41 | 000,000,000 | ---- | M] () -- C:\Users\Sharon\defogger_reenable
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\TDSSKiller.exe
[2010/09/29 22:23:20 | 000,002,657 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/09/27 20:40:11 | 000,002,651 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/09/19 20:06:46 | 000,010,752 | ---- | M] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 17:47:47 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/17 17:47:47 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/17 17:47:47 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/17 17:41:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/09/17 17:41:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/09/15 20:53:50 | 000,000,280 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/09/15 20:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/09/15 03:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/09/15 03:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/09/15 03:04:07 | 000,000,185 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/09/14 20:32:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/09/14 20:32:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/09/09 23:30:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/09/09 23:30:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/09/08 19:49:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/09/08 19:49:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/09/08 19:30:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/09/08 19:30:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/09/06 22:31:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/09/06 22:31:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/09/03 07:04:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/09/03 07:04:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/09/03 06:58:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/09/03 06:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/09/02 20:57:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/09/02 20:57:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/09/02 20:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Sharon\AppData\Local\Gsivubovisi.bin
[2010/08/27 22:23:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/08/27 22:23:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/08/23 22:34:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/08/23 22:34:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/08/23 22:33:40 | 000,000,120 | ---- | M] () -- C:\Users\Sharon\AppData\Local\Iducahukurubo.dat
[2010/08/23 00:03:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/08/23 00:03:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/08/15 21:13:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/15 21:13:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/14 03:19:03 | 000,398,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/13 03:21:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/13 03:21:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/09 21:57:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/09 21:57:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/05 13:28:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/05 13:28:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/02 23:16:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/02 23:16:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/01 23:38:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/08/01 23:38:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/20 23:57:00 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/07/20 23:56:55 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/07/20 23:55:48 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/07/20 23:38:29 | 000,000,270 | -H-- | M] () -- C:\regrun.war
[2010/07/20 23:18:03 | 000,001,781 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/07/20 23:04:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/20 23:04:41 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/07/20 23:04:41 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/07/20 23:02:00 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/07 10:14:14 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 15:36:11 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 14:32:32 | 000,293,376 | ---- | C] () -- C:\Users\Sharon\Desktop\gmer.exe
[2010/10/04 14:25:36 | 000,525,824 | ---- | C] () -- C:\Users\Sharon\Desktop\dds.scr
[2010/10/04 14:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\defogger_reenable
[2010/07/20 23:37:36 | 000,000,270 | -H-- | C] () -- C:\regrun.war
[2010/07/20 23:18:03 | 000,001,781 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/07/20 23:04:41 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/07/20 23:03:37 | 000,000,120 | ---- | C] () -- C:\Users\Sharon\AppData\Local\Iducahukurubo.dat
[2010/07/20 23:03:37 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\AppData\Local\Gsivubovisi.bin
[2010/07/20 23:02:13 | 000,768,000 | ---- | C] () -- C:\Windows\System32\drivers\miqcwwm.sys
[2010/07/20 23:01:59 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/05/15 17:51:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/15 13:45:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/02/08 12:49:07 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009/09/16 22:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/16 04:02:03 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/16 04:02:03 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/14 23:11:04 | 000,000,185 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/12/21 19:15:01 | 000,010,752 | ---- | C] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 23:50:58 | 000,027,934 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\nvModes.001
[2008/12/20 23:45:03 | 000,027,934 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\nvModes.dat
[2008/12/06 20:19:03 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{aa0c2ce6-c3ed-11dd-99e4-001e6829a3d3}.TMContainer00000000000000000002.regtrans-ms
[2008/12/06 20:19:03 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{aa0c2ce6-c3ed-11dd-99e4-001e6829a3d3}.TMContainer00000000000000000001.regtrans-ms
[2008/12/06 20:19:02 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{aa0c2ce6-c3ed-11dd-99e4-001e6829a3d3}.TM.blf
[2008/12/06 20:19:01 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/12/06 20:19:01 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008/12/06 20:19:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2008/12/06 19:41:15 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\AppData\Local\QSwitch.txt
[2008/12/06 19:41:15 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\AppData\Local\DSwitch.txt
[2008/12/06 19:41:15 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\AppData\Local\AtStart.txt
[2008/05/02 00:49:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/02 00:07:47 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/07/20 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\30BB8F9235AAE463BA3F1F952F5EC32F
[2010/05/15 08:15:54 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\muvee Technologies
[2010/07/21 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\uTorrent
[2008/12/20 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\WildTangent
[2010/10/04 16:01:23 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/10/04 16:12:00 | 000,768,000 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\miqcwwm.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/10/04 16:12:05 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\miqcwwm.sys
[2010/07/20 23:57:00 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/07/20 23:55:48 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/07/07 10:14:14 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
< End of report >

______________________________________________________________________

OTL Extras logfile created on: 04/10/2010 4:06:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.29 Gb Total Space | 79.09 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive D: | 11.76 Gb Total Space | 2.01 Gb Free Space | 17.06% Space Free | Partition Type: NTFS
Drive E: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARON-LAP
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1846297269-884030038-2201495770-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1846297269-884030038-2201495770-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"F:\driver\usb\usb_driver.exe" = F:\driver\usb\usb_driver.exe:*:Enabled:Host Process for Windows Services -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099F9472-6F1B-41F4-B1CF-86C5F0D4AC22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26CBC000-DC89-4C6E-B681-95B497935F39}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A2127E6-4442-4AFA-BCD2-D69015CBF57D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{33C8A4D6-1916-4654-8D4F-F823A123D8C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{383C3E2A-4289-4D5B-824A-1478EBDBA327}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C6DF919-F265-475A-80D7-B8458291C576}" = lport=445 | protocol=6 | dir=in | app=system |
"{420E61CE-68A2-4E70-B263-5D6B290723D2}" = rport=139 | protocol=6 | dir=out | app=system |
"{678FCDA7-AA7C-48A7-A430-9885C9CF6140}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6D4CBF23-A323-48AD-8854-5706AB960B0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{75C95CA8-295B-4118-A929-258B2ECA92B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{893F2BEE-5D82-45B9-964E-2F5718977212}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A689BFCC-0673-46B8-A227-766C64EEB072}" = lport=138 | protocol=17 | dir=in | app=system |
"{AE1F18D1-B684-48F7-A7C7-A8056AD5E405}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2259FB9-ED3D-4FCD-8203-A1AA3738F77B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FD544219-9676-4D95-B17F-5BA194E634E6}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01901DD4-7521-479D-AD72-D4B0C7AF965D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1525820F-809D-4C07-924A-9F1A536DBF62}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{1CD352B5-FC50-4FA6-B266-A0692E1591BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32D04A20-F865-49EC-8BC4-416805D9FF06}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{38A99086-CD36-489E-82F1-F8CC11F8E58B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{42E04069-DC1F-4283-9FF0-45B15FDAF2FF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{43411A89-F321-4862-BA16-DC2B7133A201}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5815572C-5659-41CE-BB5B-5E64FF090EB8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5825DD07-54FD-4918-BF40-A393EB008480}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6FFA88C8-95E0-47DE-A6D3-829B753C79AA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{72028F16-629D-4860-83C4-87A0C8CFCC6E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{79C85226-10E6-4953-BD92-5D9E7C815D8E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7BA4EDB4-CB7B-40AE-B62B-278E03A7F612}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7D461FC2-A1C1-4754-A593-275FB86B7509}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7E32ED04-10B5-4D9A-9D4F-99CDFEAEEF34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8C06459C-2A41-4755-8DCA-2EA6659F0B5C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8DE8791D-955D-41CE-ABAA-EDC69711EA41}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{95983D6A-50B9-4427-BA1D-6ACFA3107D3D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A3A5069D-40C8-4476-A2BB-902D61FBDBC7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B98A88E3-27E5-4EDB-A456-7964C24D4622}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CDBDE854-6EFE-45BE-9481-03B4CDCED2AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CDD1CAEA-544A-4924-A58E-0D31B9E58586}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DF8321AF-7916-49F2-8F41-7C5C530C795D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E58A9716-A56E-46CE-B010-EF4F48896FD2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E9183B8E-05ED-49F4-9DC7-5E7943B5E7AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5311F12-3AEB-42E7-9F8C-2988063F38EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{3947A7FD-05D1-4FD4-9BB2-52F68108D143}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{3F6425BB-622F-4221-8F2E-E1404C0FE463}C:\windows\lmiea6c.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmiea6c.tmp\lmi_rescue.exe |
"TCP Query User{521D9BDA-6754-4999-936F-4A31EDAB1A5F}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{5F1D7CD3-B568-41B4-8AED-9B8C762332DE}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{7E276B08-9C53-4868-8224-45F2B9EEB8A4}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{03DBF573-C715-47C4-9D11-0FCE87AA0BCB}C:\windows\lmiea6c.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmiea6c.tmp\lmi_rescue.exe |
"UDP Query User{315AACCD-A73D-45DD-80C0-FF329485D9DE}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{53B6A2C2-F832-47F9-AC53-B40C94BB198B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{6A3A1250-2715-4F6A-A71A-73077FD4A688}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{A4E33208-8CB9-4B3E-BD7E-02DDE78F5AD2}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{614e78c3-b948-4d0a-a345-fdf274f87cf2}" = Nero 9
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{fb65ab59-a886-4eec-a0bd-4afd621d25c2}" = Nero 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Soulseek2" = SoulSeek 157 NS 13c
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnHackMe_is1" = UnHackMe 5.95 release
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1846297269-884030038-2201495770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 7:40:39 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 5:55:35 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 7:48:04 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 09/09/2010 9:04:09 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 13/09/2010 9:29:35 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 14/09/2010 8:35:08 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 15/09/2010 3:01:22 AM | Computer Name = Sharon-Lap | Source = Windows Search Service | ID = 3006
Description =

Error - 15/09/2010 3:01:22 AM | Computer Name = Sharon-Lap | Source = Windows Search Service | ID = 3007
Description =

Error - 15/09/2010 3:23:22 AM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

Error - 15/09/2010 8:57:07 PM | Computer Name = Sharon-Lap | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15/09/2010 3:01:22 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 15/09/2010 3:04:32 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7009
Description =

Error - 15/09/2010 3:04:32 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 15/09/2010 3:05:15 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7009
Description =

Error - 15/09/2010 3:05:15 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 15/09/2010 3:23:23 AM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 15/09/2010 8:57:07 PM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 17/09/2010 5:44:37 PM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =

Error - 21/09/2010 9:52:31 PM | Computer Name = Sharon-Lap | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 04/10/2010 4:04:01 PM | Computer Name = Sharon-Lap | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 04 October 2010 - 03:20 PM

Hi skitzo,


The TDSSkiller log didn't look right. Please rerun it. If TDDSSiller alerts you Locked service(miqcwwm), you should select cure, not skip. After that, please post back the log in your next reply. Thanks


#6 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 03:22 PM

it is locking after about 11 seconds.
options are:
skip
quarentine
delete

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 04 October 2010 - 03:31 PM

Hi skitzo,


It's a rootkit. please select delete. Thanks

#8 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 03:42 PM

scanned as instructed. deleted the file in question and it asked me to restart the computer. i did and rescanned and this is the log:

2010/10/04 16:41:07.0703 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/04 16:41:07.0703 ================================================================================
2010/10/04 16:41:07.0703 SystemInfo:
2010/10/04 16:41:07.0703
2010/10/04 16:41:07.0703 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/04 16:41:07.0703 Product type: Workstation
2010/10/04 16:41:07.0703 ComputerName: SHARON-LAP
2010/10/04 16:41:07.0703 UserName: Sharon
2010/10/04 16:41:07.0703 Windows directory: C:\Windows
2010/10/04 16:41:07.0703 System windows directory: C:\Windows
2010/10/04 16:41:07.0703 Processor architecture: Intel x86
2010/10/04 16:41:07.0703 Number of processors: 2
2010/10/04 16:41:07.0703 Page size: 0x1000
2010/10/04 16:41:07.0703 Boot type: Normal boot
2010/10/04 16:41:07.0703 ================================================================================
2010/10/04 16:41:08.0062 Initialize success
2010/10/04 16:41:09.0544 ================================================================================
2010/10/04 16:41:09.0544 Scan started
2010/10/04 16:41:09.0544 Mode: Manual;
2010/10/04 16:41:09.0544 ================================================================================
2010/10/04 16:41:10.0558 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/04 16:41:10.0667 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/04 16:41:10.0714 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/04 16:41:10.0807 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/04 16:41:10.0854 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/04 16:41:10.0948 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/04 16:41:10.0995 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/04 16:41:11.0057 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/04 16:41:11.0104 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/04 16:41:11.0135 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/04 16:41:11.0166 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/04 16:41:11.0197 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/04 16:41:11.0229 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/04 16:41:11.0369 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/04 16:41:11.0463 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/04 16:41:11.0541 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/04 16:41:11.0634 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/04 16:41:11.0712 athr (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys
2010/10/04 16:41:11.0868 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/04 16:41:11.0993 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/04 16:41:12.0071 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/04 16:41:12.0165 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/04 16:41:12.0196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/04 16:41:12.0243 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/04 16:41:12.0336 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/04 16:41:12.0383 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/04 16:41:12.0414 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/04 16:41:12.0477 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/04 16:41:12.0508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/04 16:41:12.0570 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/04 16:41:12.0633 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/04 16:41:12.0664 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/04 16:41:12.0742 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/04 16:41:12.0804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/04 16:41:12.0851 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/10/04 16:41:12.0913 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/04 16:41:13.0007 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/04 16:41:13.0054 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/04 16:41:13.0101 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/10/04 16:41:13.0147 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/04 16:41:13.0194 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/04 16:41:13.0366 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/04 16:41:13.0459 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/04 16:41:13.0537 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/04 16:41:13.0631 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/04 16:41:13.0693 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/04 16:41:13.0787 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/04 16:41:13.0896 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/04 16:41:13.0990 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/04 16:41:14.0068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/04 16:41:14.0161 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/04 16:41:14.0349 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/04 16:41:14.0458 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/04 16:41:14.0551 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/04 16:41:14.0614 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/04 16:41:14.0707 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/04 16:41:14.0801 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/04 16:41:14.0895 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/04 16:41:14.0957 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/04 16:41:15.0035 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2010/10/04 16:41:15.0222 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/04 16:41:15.0425 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/04 16:41:16.0049 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/04 16:41:16.0221 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/04 16:41:16.0392 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/04 16:41:16.0439 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/04 16:41:16.0470 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/10/04 16:41:16.0533 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/04 16:41:16.0595 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/04 16:41:16.0704 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/04 16:41:16.0782 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/04 16:41:16.0845 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/04 16:41:16.0907 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/04 16:41:16.0938 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/04 16:41:16.0985 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/04 16:41:17.0047 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/04 16:41:17.0079 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/04 16:41:17.0110 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/04 16:41:17.0188 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/04 16:41:17.0235 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/04 16:41:17.0266 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/04 16:41:17.0328 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/04 16:41:17.0375 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/04 16:41:17.0437 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/04 16:41:17.0469 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/04 16:41:17.0500 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/04 16:41:17.0625 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/04 16:41:17.0718 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/04 16:41:17.0796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/04 16:41:17.0859 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/04 16:41:17.0890 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/04 16:41:17.0968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/04 16:41:17.0999 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/04 16:41:18.0124 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/04 16:41:18.0155 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/04 16:41:18.0249 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/04 16:41:18.0311 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/04 16:41:18.0342 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/04 16:41:18.0373 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/04 16:41:18.0436 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/04 16:41:18.0467 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/04 16:41:18.0514 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/04 16:41:18.0561 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/04 16:41:18.0623 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/04 16:41:18.0685 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/04 16:41:18.0795 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/04 16:41:18.0873 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/04 16:41:18.0919 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/04 16:41:19.0013 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/04 16:41:19.0060 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/04 16:41:19.0091 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/04 16:41:19.0138 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/04 16:41:19.0200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/04 16:41:19.0247 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/04 16:41:19.0263 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/04 16:41:19.0341 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/04 16:41:19.0387 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/04 16:41:19.0419 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/04 16:41:19.0450 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/04 16:41:19.0543 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/04 16:41:19.0621 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/04 16:41:19.0684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/04 16:41:19.0731 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/04 16:41:19.0777 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/04 16:41:19.0965 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/04 16:41:20.0074 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/04 16:41:20.0230 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/04 16:41:20.0323 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/04 16:41:20.0401 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/04 16:41:20.0464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/04 16:41:20.0651 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/04 16:41:20.0760 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/04 16:41:20.0823 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/04 16:41:20.0854 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/04 16:41:20.0932 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/10/04 16:41:21.0275 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/04 16:41:21.0696 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/04 16:41:21.0821 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/10/04 16:41:21.0977 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/04 16:41:22.0024 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/04 16:41:22.0180 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/04 16:41:22.0289 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/04 16:41:22.0351 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
2010/10/04 16:41:22.0414 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/04 16:41:22.0476 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/04 16:41:22.0554 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/04 16:41:22.0632 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/04 16:41:22.0710 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/04 16:41:22.0773 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/04 16:41:23.0412 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/04 16:41:23.0553 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/04 16:41:23.0724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/04 16:41:23.0865 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/04 16:41:23.0943 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/04 16:41:23.0974 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/04 16:41:24.0036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/04 16:41:24.0083 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/04 16:41:24.0177 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/04 16:41:24.0239 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/04 16:41:24.0301 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/04 16:41:24.0411 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/04 16:41:24.0535 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/04 16:41:24.0582 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/04 16:41:24.0738 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/04 16:41:24.0832 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
2010/10/04 16:41:24.0957 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/04 16:41:24.0988 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/04 16:41:25.0066 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/04 16:41:25.0159 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/04 16:41:25.0206 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/04 16:41:25.0347 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/04 16:41:25.0393 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/04 16:41:25.0440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/04 16:41:25.0503 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/04 16:41:25.0534 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/04 16:41:25.0643 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/10/04 16:41:25.0705 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/04 16:41:25.0737 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/04 16:41:25.0799 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/04 16:41:25.0877 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/04 16:41:25.0971 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/04 16:41:26.0064 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/04 16:41:26.0142 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/04 16:41:26.0329 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/04 16:41:26.0563 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/04 16:41:26.0595 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/04 16:41:26.0688 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/04 16:41:26.0751 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/04 16:41:26.0860 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/04 16:41:27.0000 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/04 16:41:27.0297 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/04 16:41:27.0437 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/04 16:41:27.0577 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/04 16:41:28.0030 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/04 16:41:28.0186 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/04 16:41:28.0264 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/04 16:41:28.0373 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/04 16:41:28.0404 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/04 16:41:28.0560 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/04 16:41:28.0607 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/04 16:41:28.0872 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/04 16:41:28.0966 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/04 16:41:29.0013 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/04 16:41:29.0122 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/04 16:41:29.0387 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/04 16:41:29.0574 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/04 16:41:29.0683 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/04 16:41:29.0746 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/04 16:41:29.0793 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/04 16:41:29.0949 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/04 16:41:30.0183 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/04 16:41:30.0245 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/04 16:41:30.0292 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/04 16:41:30.0370 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/04 16:41:30.0417 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/04 16:41:30.0463 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/04 16:41:30.0541 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/04 16:41:30.0604 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/04 16:41:30.0651 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/04 16:41:30.0697 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/04 16:41:30.0775 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/04 16:41:30.0853 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/04 16:41:30.0931 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/04 16:41:31.0009 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/04 16:41:31.0087 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/04 16:41:31.0165 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/04 16:41:31.0259 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/04 16:41:31.0306 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/04 16:41:31.0368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/04 16:41:31.0446 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/04 16:41:31.0477 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 16:41:31.0509 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 16:41:31.0555 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/04 16:41:31.0618 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/04 16:41:31.0805 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/04 16:41:32.0117 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/04 16:41:32.0289 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/04 16:41:32.0320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/04 16:41:32.0413 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/04 16:41:32.0601 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/04 16:41:32.0991 ================================================================================
2010/10/04 16:41:32.0991 Scan finished
2010/10/04 16:41:32.0991 ================================================================================


#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 04 October 2010 - 04:01 PM

Hi skitzo,



Looks good. thumbup2.gif Let's scan the remnants with Eset Online Scanner. It will take some time to run the course. Please be patient and do the following:


Step1

  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O33 - MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\Shell\AutoRun\command - "" = F:\driver\usb\usb_driver.exe -- File not found
    O33 - MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\Shell\open\command - "" = F:\driver\usb\usb_driver.exe -- File not found
    O33 - MountPoints2\{38687792-105f-11df-bb80-001e6829a3d3}\Shell\AutoRun\command - "" = F:\winlog.exe -- File not found
    O33 - MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\Shell\AutoRun\command - "" = F:\driver\usb\usb_driver.exe -- File not found
    O33 - MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\Shell\open\command - "" = F:\driver\usb\usb_driver.exe -- File not found
    O33 - MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\Shell - "" = AutoRun
    O33 - MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\Shell\AutoRun\command - "" = F:\DigitalPhotoKeychain.EXE -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (ootExecute settings...) - File not found
    O34 - HKLM BootExecute: (ount) - File not found

    :Files
    C:\Users\Sharon\AppData\Local\Gsivubovisi.bin
    C:\Users\Sharon\AppData\Local\Iducahukurubo.dat
    C:\Windows\winstart.bat

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.

Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 21 (JDK or JRE)".
  3. Click the "Download JRE" button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Click on the link to download Windows Offline Installation and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    Java™ 6 Update 2

  12. Click the Remove or Change/Remove button.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  16. After that, please clear your java cache as instructed in this thread .

Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4

Please run the ESET Online Scanner
Note: You will need to use Internet explorer for this scan
  1. Turn off the real time scanner of any existing antivirus program while performing the online scan
  2. Tick the box next to YES, I accept the Terms of Use.
  3. Click Start
  4. When asked, allow the activeX control to install
  5. Click Start
  6. Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  7. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  8. Click Scan
  9. Wait for the scan to finish
  10. Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  11. Copy and paste that log as a reply to this topic and also let me know how things are now.


In your next reply, please post back:

1.OTL delete log
2.Eset Online Scanner Report

Let me know if you have any remaining issues on your pc.

#10 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2010 - 10:18 PM

As requested:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242200b6-db9c-11dd-b362-001e6829a3d3}\ not found.
File F:\driver\usb\usb_driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242200b6-db9c-11dd-b362-001e6829a3d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242200b6-db9c-11dd-b362-001e6829a3d3}\ not found.
File F:\driver\usb\usb_driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38687792-105f-11df-bb80-001e6829a3d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38687792-105f-11df-bb80-001e6829a3d3}\ not found.
File F:\winlog.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\ not found.
File F:\driver\usb\usb_driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bee476-e0ee-11dd-ba43-001e6829a3d3}\ not found.
File F:\driver\usb\usb_driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c64c3e92-e272-11de-99a5-001e6829a3d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c64c3e92-e272-11de-99a5-001e6829a3d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c64c3e92-e272-11de-99a5-001e6829a3d3}\ not found.
File F:\DigitalPhotoKeychain.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ootExecute settings... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ount deleted successfully.
========== FILES ==========
C:\Users\Sharon\AppData\Local\Gsivubovisi.bin moved successfully.
C:\Users\Sharon\AppData\Local\Iducahukurubo.dat moved successfully.
C:\Windows\winstart.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ADMINI~1
->Temp folder emptied: 1240553 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sharon
->Temp folder emptied: 6813486 bytes
->Temporary Internet Files folder emptied: 69902649 bytes
->Java cache emptied: 9304304 bytes
->FireFox cache emptied: 105747446 bytes
->Flash cache emptied: 24549 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31258614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 586179832 bytes

Total Files Cleaned = 773.00 mb


[EMPTYFLASH]

User: ADMINI~1

User: All Users

User: Default

User: Default User

User: Public

User: Sharon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10042010_174616

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
_______________________________________________________________________

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1a7e7916c9309a40b29d18f7dd109172
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-05 01:42:56
# local_time=2010-10-04 09:42:56 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 0 57945203 0 0
# compatibility_mode=5892 16776573 100 100 0 122837816 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=168417
# found=2
# cleaned=0
# scan_time=12687
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan 00000000000000000000000000000000 I
C:\Users\Sharon\Desktop\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Setup\Nero-9.0.9.4.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I


#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 05 October 2010 - 01:54 AM

Hi skitzo,




Please delete the cracked file in the following filepath C:\Users\Sharon\Desktop\Nero.9.0.9.4.Ultra.Edition. I assume the AOL setup file is a false positive if you intentionally install it.

Other than that, your logs appear clean now. thumbup.gif If you have no remaining concerns on your pc, lets do some tidy up and we can send you on your way.


Step1

Start OTL from your desktop.
  1. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  2. After reboot, please do the following:
  3. Double click OTL and let it run
  4. Then Click the Cleanup button.
  5. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  6. Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!


#12 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 06 October 2010 - 10:18 AM

i deleted the requested file.
the whole AOL thing is a mystery, so what should i do there.
there is no AOL installed as far as I can tell unless it came with the computer. I check the programs list, and there is not installed AOL. should i delete the directory?

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 06 October 2010 - 11:47 AM

Hi skitzo,


QUOTE
there is no AOL installed as far as I can tell unless it came with the computer.

Yes, lots of computers accompany with AOL from the OEM factory default. You may keep or delete it as you wish. We are done here. Let me know if you still need assistance. smile.gif


#14 skitzo

skitzo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 06 October 2010 - 03:26 PM

ok great.
looks good. i will give mom her computer when i see her tonight. i will let her test to make sure all is good, if not they are back up on the weekend. close this for now, and i will shoot you a pm should further issues arise.

thanks a bunch!

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 AM

Posted 07 October 2010 - 10:46 PM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users