Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think computer has virus or trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 wants2hvfunwthu

wants2hvfunwthu

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 07 July 2011 - 09:16 PM

Hi, I had a problem with computer were I was unable to do anything. It was not froze but had been taken over where I could not load any programs or even run my anti virus program. I ended up just resetting it back to factory new, like when you first get it. This helped for a while but now it seems sluggish and some programs are not wanting to run again. When trying to surf the web sometimes it will load pages and other times it is lost in limbo, with just a blank page and the curser in the busy mode. I have an Acer Aspire AX1200-B1601A with Windows Vista Home Premium. Can someone help? Thanks so much , Susan

Hi here is the hijackthis.log, and thanks for taking a look at it



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:02 AM, on 7/9/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Windows\Explorer.exe
C:\Users\susan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=10555&bi=400
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10555&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files\InboxDollars\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: InboxDollars - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\lsp3.2.2.4\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_25) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7740 bytes

EDIT: Posts merged ~Budapest

Edited by Budapest, 10 July 2011 - 05:34 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 23 July 2011 - 02:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 24 July 2011 - 09:27 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 25 July 2011 - 01:12 AM

Hi and thanks for helping, Windows was preinstalled , but I do have a copy of the recovery disks.

I install Iolo System Shield , did the scan on 7-17-11 said file C:\Windows\System32\MFC45.dll was infected with W32/LdPinch.N.gen!Eldorado . This was quaratined and removed.

I used the Microsoft one scan which stated infected with VirTool:JS/Obfuscator.Bt

I do not remember what scan I used but it listed infected with Win32.BiFrost and it stated it had been removed

Win32.Netsky and Zlob Trojan were also detected

I downloaded and ran SmitFraudFix for the removal of Win32.Netsky, not sure if it worked or not




DDS.LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2011 2:57:40 PM
System Uptime: 7/24/2011 9:09:59 PM (3 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: Athlon™ Dual Core Processor 4050e | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 91.879 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 133.09 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_01531025&REV_A2\3&2411E6FE&0&50
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100/1000 Mbps Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_01531025&REV_A2\3&2411E6FE&0&50
Service: NVNET
.
==== System Restore Points ===================
.
RP544: 7/23/2011 8:56:07 PM - Scheduled Checkpoint
RP546: 7/24/2011 9:51:53 AM - Installed MediaShow
.
==== Installed Programs ======================
.
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer SlideShow DVD
Acer VideoMagician
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
aioprnt
aioscnnr
Amazon Games & Software Downloader
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
AV Input Selection
AVSDK5
center
Conduit Engine
Coupon Printer for Windows
CyberLink MediaShow
D3DX10
eSobi v2
essentials
Free Download Manager 3.0
Free DVD ISO Burner version 2.5
Free Studio version 5.0.10
Freecorder 5
Freecorder Toolbar
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IcoFX 1.6.4
Inpaint 3.0
Internet Explorer (Enable DEP)
iolo technologies' System Mechanic
iolo technologies' System Shield
Java™ 6 Update 25
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LightScribe 1.4.142.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Fix it Center
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update 1.3.5
NVIDIA Update Components
ocr
PreReq
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Segoe UI
Shockwave
SPG MP3 Splitter 1.0
Spybot - Search & Destroy
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/25/2011 12:04:09 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
7/25/2011 12:00:55 AM, Error: Service Control Manager [7034] - The vseqrts service terminated unexpectedly. It has done this 1 time(s).
7/25/2011 12:00:48 AM, Error: Service Control Manager [7034] - The vsedsps service terminated unexpectedly. It has done this 1 time(s).
7/25/2011 12:00:43 AM, Error: Service Control Manager [7034] - The vseamps service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 9:59:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user susan-PC\susan SID (S-1-5-21-2002657863-697677634-2126282679-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/24/2011 9:11:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
7/24/2011 9:10:33 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.
7/24/2011 9:10:22 PM, Error: EventLog [6008] - The previous system shutdown at 9:07:02 PM on 7/24/2011 was unexpected.
7/24/2011 9:10:18 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/24/2011 7:17:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
7/24/2011 7:17:01 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2011 7:17:01 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
7/24/2011 7:17:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/24/2011 7:17:01 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2011 7:16:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/24/2011 7:16:05 PM, Error: EventLog [6008] - The previous system shutdown at 4:56:23 PM on 7/24/2011 was unexpected.
7/24/2011 3:55:15 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147500053.
7/24/2011 3:54:49 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 1722. The printer cannot be used by others on the network.
7/24/2011 1:27:36 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2011 1:26:59 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:55 AM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:50 AM, Error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:41 AM, Error: Service Control Manager [7034] - The eDataSecurity Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:37 AM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:27 AM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Backup Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:26:24 AM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Agent Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2011 9:41:38 AM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer system using any of the configured protocols.
7/23/2011 8:44:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/23/2011 6:48:34 PM, Error: Service Control Manager [7034] - The Windows Backup service terminated unexpectedly. It has done this 2 time(s).
7/23/2011 6:47:50 PM, Error: Service Control Manager [7034] - The Windows Backup service terminated unexpectedly. It has done this 1 time(s).
7/22/2011 2:35:31 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
7/22/2011 2:28:00 PM, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: The I/O operation has been aborted because of either a thread exit or an application request.
7/22/2011 2:28:00 PM, Error: Service Control Manager [7023] - The Wired AutoConfig service terminated with the following error: The I/O operation has been aborted because of either a thread exit or an application request.
7/22/2011 2:28:00 PM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 995
7/22/2011 2:26:00 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Wired AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:26:00 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 2:25:37 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
7/22/2011 2:25:32 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
7/22/2011 2:24:56 PM, Error: Service Control Manager [7034] - The Office Source Engine service terminated unexpectedly. It has done this 1 time(s).
7/20/2011 9:22:40 PM, Error: Service Control Manager [7030] - The VideoAcceleratorService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/20/2011 5:06:30 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
7/20/2011 5:06:27 PM, Error: volsnap [20] - The shadow copies of volume D: were aborted because of a failed free space computation.
7/20/2011 5:06:22 PM, Error: volsnap [20] - The shadow copies of volume \\?...be-11e0-8c1f-806e6f6e6963} were aborted because of a failed free space computation.
7/20/2011 3:13:31 AM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
7/20/2011 10:28:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user susan-PC\susan SID (S-1-5-21-2002657863-697677634-2126282679-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/19/2011 9:18:18 AM, Error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 9:18:14 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 9:17:08 AM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 8:53:47 AM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 4 time(s).
7/19/2011 8:52:44 AM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 3 time(s).
7/19/2011 8:04:13 AM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 2 time(s).
7/19/2011 8:03:21 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/19/2011 8:03:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
7/19/2011 7:18:50 AM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 7:17:10 AM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
7/19/2011 7:16:57 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2011 9:11:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:09:00 PM, Error: Service Control Manager [7001] - The Terminal Services Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:08:59 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147952450.
7/18/2011 9:07:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/18/2011 9:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/18/2011 9:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/18/2011 9:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/18/2011 9:07:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
7/18/2011 9:06:59 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
7/18/2011 9:06:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7001] - The Active Malware Protection Support Driver service depends on the Active Malware Protection Minifilter Driver service which failed to start because of the following error: The driver was not loaded because the system is booting into safe mode.
7/18/2011 9:06:47 PM, Error: Service Control Manager [7000] - The Active Malware Protection Minifilter Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
7/18/2011 4:14:53 PM, Error: Service Control Manager [7034] - The Spybot-S&D 2 Hooks Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2011 3:54:18 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2011 3:37:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/18/2011 3:36:37 PM, Error: EventLog [6008] - The previous system shutdown at 3:32:08 PM on 7/18/2011 was unexpected.
7/18/2011 11:07:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================





GMER LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-25 00:38:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD32 rev.01.0
Running: gmer.exe; Driver: C:\Users\susan\AppData\Local\Temp\pwdoypow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1340] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 758AB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts@DisplayNameFile C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts@DisplayNameID 102
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts@MaxSize 131072
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts@PrimaryModule OAlerts
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts@Retention 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts@EventMessageFile C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts@DisplayNameFile C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts@DisplayNameID 102
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts@MaxSize 131072
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts@PrimaryModule OAlerts
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts@Retention 0
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts@EventMessageFile C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\OAlerts\Microsoft Office 14 Alerts@TypesSupported 7

---- EOF - GMER 1.0.15 ----




I am not sure if I did this correctly, if I didn't please explain what I need to do to get you the correct info. Thanks again, susan











#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 25 July 2011 - 06:42 PM

Hello,


You gave me the Attach.txt portion of the DDS log. Please post the DDS.txt portion.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 25 July 2011 - 08:47 PM

sorry about that here is the one you need



Attached File  7-25-11DDS.txt   16.01KB   1 downloads

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 26 July 2011 - 03:21 PM

Hello wants2hvfunwthu ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


4.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSKILLER log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 27 July 2011 - 02:26 PM

Microsoft Works will not work.. says filles missing...also Microsoft Works Task Launcher not working.

MsMpSvc <Failed to Read Description. Error Code: 2 >

Nissv <Failed to Read Description. Error Code: 2 >

it is acting really weird the computer seemed to be ok for about 45 mins and then it rebooted. would not let me access files or even my documents said something like i had no access to that area. so i rebooted in safe mode in able to edit this into the post



ComboFix 11-07-25.02 - susan 07/27/2011 12:57:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1769 [GMT -5:00]
Running from: c:\users\susan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\susan\AppData\Roaming\lhttseng.exe
c:\users\susan\Documents\regbackup.reg
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 18:07 . 2011-07-27 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 17:23 . 2011-07-27 17:23 -------- d-----w- c:\users\susan\AppData\Local\Deployment
2011-07-27 08:53 . 2011-07-27 08:53 6288 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-07-26 17:01 . 2011-07-27 02:00 -------- d-----w- c:\users\susan\AppData\Roaming\1st Read It Aloud
2011-07-26 17:01 . 2005-10-11 20:40 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-07-26 17:01 . 2003-06-06 17:21 81920 ----a-w- c:\windows\eSellerateControl350.dll
2011-07-26 17:01 . 2011-07-26 17:01 -------- d-----w- c:\program files\1st Read It Aloud!
2011-07-26 09:42 . 2011-07-27 10:48 -------- d-----w- c:\windows\lhsp
2011-07-26 06:38 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0820CA2B-3F88-4A4F-A903-A972CABB2A88}\mpengine.dll
2011-07-25 19:46 . 2011-07-25 19:46 -------- d-sh--w- c:\windows\ftpcache
2011-07-25 04:40 . 2011-07-27 02:57 -------- d-----w- c:\program files\Microsoft Works
2011-07-23 23:54 . 2008-05-26 18:54 81704 ----a-w- c:\windows\system32\drivers\WSVD.sys
2011-07-22 21:48 . 2011-07-22 21:48 -------- d-----w- c:\programdata\VirtualizedApplications
2011-07-22 11:31 . 2011-07-22 11:31 -------- d-----w- c:\users\susan\AppData\Local\SoftGrid Client
2011-07-22 11:24 . 2011-07-27 01:57 -------- d-----w- c:\users\susan\AppData\Roaming\SoftGrid Client
2011-07-22 11:22 . 2011-07-23 08:00 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-07-22 11:17 . 2011-07-22 11:25 -------- d-----w- c:\users\susan\AppData\Roaming\TP
2011-07-22 10:29 . 2011-07-26 16:29 -------- d-----w- c:\users\susan\AppData\Roaming\Free Download Manager
2011-07-22 10:29 . 2011-07-23 01:49 -------- d-----w- c:\program files\Free Download Manager
2011-07-20 18:28 . 2011-07-20 18:28 -------- d-----w- c:\program files\Common Files\SpeedBit
2011-07-20 18:28 . 2011-07-20 18:28 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2011-07-20 18:28 . 2011-07-20 18:28 90784 ----a-w- c:\windows\system32\EasyHook32.dll
2011-07-20 16:12 . 2011-07-20 16:12 -------- d-----w- c:\program files\Conduit
2011-07-20 16:12 . 2011-07-27 02:00 -------- d-----w- c:\users\susan\AppData\Local\Conduit
2011-07-20 16:11 . 2011-07-20 16:12 -------- d-----w- c:\program files\Freecorder
2011-07-19 22:05 . 2011-07-19 22:05 -------- d-----w- c:\program files\Inpaint
2011-07-19 19:14 . 2011-07-20 15:27 -------- d-----w- c:\program files\Coupons
2011-07-19 11:11 . 2011-07-25 06:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-07-19 08:59 . 2011-07-19 08:59 -------- d-----w- c:\users\susan\AppData\Roaming\Malwarebytes
2011-07-19 08:59 . 2011-07-19 08:59 -------- d-----w- c:\programdata\Malwarebytes
2011-07-19 02:08 . 2011-07-19 02:19 691 ----a-w- c:\users\susan\AppData\Roaming\GetValue.vbs
2011-07-19 02:08 . 2011-07-19 02:19 35 ----a-w- c:\users\susan\AppData\Roaming\SetValue.bat
2011-07-19 01:29 . 2011-07-19 01:29 -------- d-----w- c:\users\susan\AppData\Local\Acer VideoMagician
2011-07-19 01:20 . 2011-07-19 01:20 -------- d-----w- c:\users\susan\AppData\Local\Acer HomeMedia Trial Creator
2011-07-19 01:20 . 2011-07-19 01:20 -------- d-----w- c:\users\susan\AppData\Local\Acer HomeMedia Connect
2011-07-19 01:17 . 2011-07-19 01:17 -------- d-----w- c:\users\susan\AppData\Local\PowerCinema
2011-07-18 00:52 . 2011-07-18 00:52 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-07-17 18:49 . 2011-01-21 17:33 1171776 ----a-r- c:\windows\system32\drivers\ampse.sys
2011-07-17 18:49 . 2011-07-17 18:49 -------- d-----w- c:\programdata\Authentium
2011-07-17 18:49 . 2011-07-17 18:49 -------- d-----w- c:\program files\Common Files\Authentium
2011-07-17 18:49 . 2009-12-02 20:30 118784 ----a-w- c:\windows\system32\iavlsp.dll
2011-07-17 11:50 . 2011-07-17 11:50 -------- d-----w- c:\users\susan\AppData\Local\NextUp
2011-07-17 00:58 . 2011-07-14 20:14 133208 ----a-w- c:\windows\system32\drivers\07384246.sys
2011-07-15 21:46 . 2011-07-27 08:09 -------- d-----w- c:\users\susan\AppData\Local\FLVService
2011-07-14 11:48 . 2011-07-14 11:48 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-13 16:02 . 2011-07-13 16:02 -------- d-----w- c:\users\susan\AppData\Local\Nova Development
2011-07-13 03:10 . 2011-07-13 03:10 -------- d-----w- c:\program files\MSSOAP
2011-07-13 02:26 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 02:25 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 02:25 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-10 11:30 . 2011-05-21 11:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-07-09 18:21 . 2011-07-10 10:52 -------- d-----w- c:\users\UpdatusUser
2011-07-04 13:52 . 2011-07-10 10:48 -------- d-----w- c:\users\susan\AppData\Local\RapidSolution
2011-06-29 00:32 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 21:52 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-07-05 15:27 . 2011-05-25 11:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 10:23 . 2011-06-20 10:23 68608 ----a-w- c:\windows\system32\CONNMGR.OCX
2011-06-20 10:23 . 2003-11-21 22:09 133904 ----a-w- c:\windows\system32\mfcans32.dll
2011-06-14 03:09 . 2011-06-14 03:09 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2011-06-03 10:04 . 2008-04-30 18:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-03 10:04 . 2008-04-30 18:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-01 01:05 . 2011-06-01 01:05 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-01 01:05 . 2011-06-01 01:05 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-01 01:05 . 2011-06-01 01:05 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-05-25 00:14 . 2011-05-03 21:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 17:32 . 2011-05-24 17:32 61440 ----a-w- c:\windows\wnUninstall.exe
2011-05-21 11:01 . 2011-05-21 11:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 11:01 . 2011-05-21 11:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 11:01 . 2011-05-21 11:01 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 11:01 . 2011-05-21 11:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 11:01 . 2011-05-21 11:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 11:01 . 2011-05-21 11:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 11:01 . 2011-05-21 11:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-21 11:01 . 2011-05-21 11:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 11:01 . 2011-05-21 11:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 11:01 . 2011-05-21 11:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-21 11:01 . 2011-05-21 11:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 11:01 . 2011-02-23 06:41 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-21 11:01 . 2011-02-23 06:40 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 11:01 . 2011-02-23 06:39 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-21 11:01 . 2011-02-23 06:38 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 11:01 . 2011-02-23 06:38 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 11:01 . 2011-02-23 06:38 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 11:01 . 2010-07-10 10:37 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-21 11:01 . 2008-04-30 02:28 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-17 20:53 . 2011-05-17 20:53 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-09 03:10 . 2011-05-09 03:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-09 02:50 . 2011-05-09 02:50 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-09 02:50 . 2011-05-09 02:50 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-09 02:50 . 2011-05-09 02:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-09 02:50 . 2011-05-09 02:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-09 02:50 . 2011-05-09 02:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-09 02:50 . 2011-05-09 02:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-09 02:50 . 2011-05-09 02:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-09 02:50 . 2011-05-09 02:50 367104 ----a-w- c:\windows\system32\html.iec
2011-05-09 02:50 . 2011-05-09 02:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-09 02:50 . 2011-05-09 02:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-09 02:50 . 2011-05-09 02:50 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-09 02:50 . 2011-05-09 02:50 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-09 02:50 . 2011-05-09 02:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-09 02:50 . 2011-05-09 02:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-09 02:50 . 2011-05-09 02:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-09 02:50 . 2011-05-09 02:50 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-09 02:50 . 2011-05-09 02:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-09 02:50 . 2011-05-09 02:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-09 02:50 . 2011-05-09 02:50 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-06 14:40 . 2011-05-06 14:40 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-05-06 14:40 . 2011-05-06 14:40 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-05-06 14:40 . 2011-05-06 14:40 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-05-06 14:40 . 2011-05-06 14:40 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-06 14:40 . 2011-05-06 14:40 586240 ----a-w- c:\windows\system32\stobject.dll
2011-05-06 14:40 . 2011-05-06 14:40 2873344 ----a-w- c:\windows\system32\mf.dll
2011-05-06 14:40 . 2011-05-06 14:40 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-06 14:40 . 2011-05-06 14:40 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-05-06 14:40 . 2011-05-06 14:40 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-06 14:40 . 2011-05-06 14:40 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-05-06 14:40 . 2011-05-06 14:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-06 14:40 . 2011-05-06 14:40 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-06 14:40 . 2011-05-06 14:40 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-06 14:40 . 2011-05-06 14:40 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-06 14:40 . 2011-05-06 14:40 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-06 14:40 . 2011-05-06 14:40 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-06 14:40 . 2011-05-06 14:40 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-05-06 14:40 . 2011-05-06 14:40 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-05-06 14:40 . 2011-05-06 14:40 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-06 14:40 . 2011-05-06 14:40 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-05-06 14:40 . 2011-05-06 14:40 37376 ----a-w- c:\windows\system32\cdd.dll
2011-05-06 14:40 . 2011-05-06 14:40 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-05-06 14:40 . 2011-05-06 14:40 258048 ----a-w- c:\windows\system32\winspool.drv
2011-05-06 14:40 . 2011-05-06 14:40 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-05-06 14:39 . 2011-05-06 14:39 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-05-06 14:39 . 2011-05-06 14:39 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-05-06 14:39 . 2011-05-06 14:39 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-05-06 14:39 . 2011-05-06 14:39 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-05-06 14:39 . 2011-05-06 14:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-06 14:39 . 2011-05-06 14:39 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-05-06 14:39 . 2011-05-06 14:39 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-06 14:39 . 2011-05-06 14:39 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-03 21:41 . 2011-05-03 21:41 8892928 ----a-w- c:\programdata\atscie.msi
2011-05-02 17:16 . 2011-06-15 13:51 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 13:52 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 13:52 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 13:51 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 13:51 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 13:51 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"1stReadItAloud"="c:\program files\1st Read It Aloud!\ReadItAloud.exe" [2010-09-11 1430528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-03 273544]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]
.
c:\users\susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
System Shield.lnk - c:\program files\iolo\Common\Lib\ioloLManager.exe [2011-5-4 434872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\users\susan\AppData\Roaming\iolo\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA30XX Device Manager.lnk]
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-03-03 12:50 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 05:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-06-13 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-03 10:04 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EKIJ5000StatusMonitor"=c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl092e9512;MpKsl092e9512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E25B399-5644-455B-863E-9A53B3ADE510}\MpKsl092e9512.sys [x]
R1 MpKsl2053a574;MpKsl2053a574;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{639B325B-C2DF-46ED-8E90-8602B99D9745}\MpKsl2053a574.sys [x]
R1 MpKsl331a0375;MpKsl331a0375;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C0BD961-8E26-4FE3-B697-0D8CDE05B1AA}\MpKsl331a0375.sys [x]
R1 MpKsl33ef4cd5;MpKsl33ef4cd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4610F93-7EA4-4AA5-B2AF-B0225D15B7CE}\MpKsl33ef4cd5.sys [x]
R1 MpKsl7812f146;MpKsl7812f146;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F23B301B-81AC-40C4-A1F7-48DD32CAF1C6}\MpKsl7812f146.sys [x]
R1 MpKsl843fd824;MpKsl843fd824;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E275CE3F-7DD5-413E-9CA9-9F3A5B0C7048}\MpKsl843fd824.sys [x]
R1 MpKsl92c8efde;MpKsl92c8efde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04B08478-13CB-41C2-B21C-F19A94CF7E4D}\MpKsl92c8efde.sys [x]
R1 MpKslc86f35a0;MpKslc86f35a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04B08478-13CB-41C2-B21C-F19A94CF7E4D}\MpKslc86f35a0.sys [x]
R1 MpKsle76e686e;MpKsle76e686e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E1FECBF-A854-41AB-A3F8-01D62FA02490}\MpKsle76e686e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-06-21 722616]
R2 MpKsl625f3eac;MpKsl625f3eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A446CEC-59B1-4FDB-BE50-79AC9C54967F}\MpKsl625f3eac.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 267568]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;NisSrv; [x]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S0 07384246;07384246;c:\windows\system32\DRIVERS\07384246.sys [2011-07-14 133208]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2011-01-21 138048]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2011-01-21 1171776]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17408104
*NewlyCreated* - NISSRV
*NewlyCreated* - WSCSVC
*Deregistered* - 17408104
*Deregistered* - ElRawDisk
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 21:01]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://en.us.acer.yahoo.com
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll
TCP: DhcpNameServer = 192.168.2.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
SafeBoot-AMP
SafeBoot-AMPSE
MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-Acer GameZone Console_is1 - c:\program files\Acer GameZone\GameConsole\unins000.exe
AddRemove-Acer Registration - c:\program files\Acer\Acer Registration\uninstall.exe
AddRemove-Burger Shop_is1 - c:\program files\Burger Shop\unins000.exe
AddRemove-Granny In Paradise_is1 - c:\program files\Granny In Paradise\unins000.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-SpeedBit Video Accelerator - c:\program files\SpeedBit Video Accelerator\VARemove.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750} - c:\program files\Acer GameZone\Cake Mania\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 13:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-27 13:11:23
ComboFix-quarantined-files.txt 2011-07-27 18:11
.
Pre-Run: 85,490,192,384 bytes free
Post-Run: 85,420,445,696 bytes free
.
- - End Of File - - 8196EE5EFE2D17BDBBA620881B302990


2011/07/27 12:29:27.0536 0936 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 12:29:27.0989 0936 ================================================================================
2011/07/27 12:29:27.0989 0936 SystemInfo:
2011/07/27 12:29:27.0989 0936
2011/07/27 12:29:27.0989 0936 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/27 12:29:27.0989 0936 Product type: Workstation
2011/07/27 12:29:27.0989 0936 ComputerName: SUSAN-PC
2011/07/27 12:29:27.0989 0936 UserName: susan
2011/07/27 12:29:27.0989 0936 Windows directory: C:\Windows
2011/07/27 12:29:27.0989 0936 System windows directory: C:\Windows
2011/07/27 12:29:27.0989 0936 Processor architecture: Intel x86
2011/07/27 12:29:27.0989 0936 Number of processors: 2
2011/07/27 12:29:27.0989 0936 Page size: 0x1000
2011/07/27 12:29:27.0989 0936 Boot type: Normal boot
2011/07/27 12:29:27.0989 0936 ================================================================================
2011/07/27 12:29:28.0847 0936 Initialize success
2011/07/27 12:29:52.0715 1640 ================================================================================
2011/07/27 12:29:52.0715 1640 Scan started
2011/07/27 12:29:52.0715 1640 Mode: Manual;
2011/07/27 12:29:52.0715 1640 ================================================================================
2011/07/27 12:29:53.0354 1640 07384246 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\07384246.sys
2011/07/27 12:29:53.0432 1640 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 12:29:53.0510 1640 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 12:29:53.0557 1640 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 12:29:53.0588 1640 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 12:29:53.0635 1640 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 12:29:53.0713 1640 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 12:29:53.0838 1640 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/27 12:29:53.0900 1640 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/27 12:29:53.0947 1640 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 12:29:53.0978 1640 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/27 12:29:54.0025 1640 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 12:29:54.0056 1640 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/27 12:29:54.0103 1640 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 12:29:54.0134 1640 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/27 12:29:54.0181 1640 AMP (cb21d653faf607a0509e80edf3dfcb28) C:\Windows\system32\Drivers\amp.sys
2011/07/27 12:29:54.0275 1640 AMPSE (b63192b0cf2281defb8c1cab0274c371) C:\Windows\system32\Drivers\ampse.sys
2011/07/27 12:29:54.0431 1640 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/27 12:29:54.0477 1640 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 12:29:54.0524 1640 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 12:29:54.0587 1640 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 12:29:54.0649 1640 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 12:29:54.0696 1640 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/27 12:29:54.0743 1640 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 12:29:55.0148 1640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 12:29:55.0195 1640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 12:29:55.0242 1640 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 12:29:55.0289 1640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 12:29:55.0335 1640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 12:29:55.0382 1640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 12:29:55.0429 1640 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/27 12:29:55.0476 1640 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 12:29:55.0538 1640 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 12:29:55.0585 1640 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/27 12:29:55.0647 1640 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 12:29:55.0679 1640 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 12:29:55.0710 1640 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/27 12:29:55.0772 1640 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 12:29:55.0803 1640 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 12:29:55.0881 1640 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 12:29:55.0944 1640 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 12:29:55.0991 1640 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 12:29:56.0053 1640 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 12:29:56.0115 1640 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 12:29:56.0209 1640 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 12:29:56.0287 1640 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
2011/07/27 12:29:56.0318 1640 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 12:29:56.0365 1640 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/27 12:29:56.0427 1640 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 12:29:56.0490 1640 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 12:29:56.0537 1640 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 12:29:56.0599 1640 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 12:29:56.0615 1640 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 12:29:56.0646 1640 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 12:29:56.0677 1640 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 12:29:56.0739 1640 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/27 12:29:56.0786 1640 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 12:29:56.0817 1640 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 12:29:56.0895 1640 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 12:29:56.0973 1640 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 12:29:57.0036 1640 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 12:29:57.0067 1640 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/27 12:29:57.0129 1640 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 12:29:57.0161 1640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 12:29:57.0207 1640 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 12:29:57.0254 1640 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 12:29:57.0285 1640 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 12:29:57.0332 1640 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 12:29:57.0379 1640 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 12:29:57.0441 1640 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
2011/07/27 12:29:57.0519 1640 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/27 12:29:57.0675 1640 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/27 12:29:57.0707 1640 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 12:29:57.0738 1640 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 12:29:57.0816 1640 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 12:29:57.0847 1640 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 12:29:57.0878 1640 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 12:29:57.0909 1640 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 12:29:57.0972 1640 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 12:29:58.0003 1640 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 12:29:58.0034 1640 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 12:29:58.0065 1640 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 12:29:58.0097 1640 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 12:29:58.0159 1640 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 12:29:58.0253 1640 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 12:29:58.0299 1640 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 12:29:58.0331 1640 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 12:29:58.0377 1640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 12:29:58.0409 1640 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 12:29:58.0455 1640 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/27 12:29:58.0518 1640 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/27 12:29:58.0580 1640 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 12:29:58.0611 1640 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 12:29:58.0643 1640 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 12:29:58.0674 1640 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 12:29:58.0705 1640 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 12:29:58.0767 1640 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/27 12:29:59.0064 1640 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 12:29:59.0111 1640 mr97310c (229528a08747a4af3c572dde995c6ca1) C:\Windows\system32\DRIVERS\mr97310c.sys
2011/07/27 12:29:59.0189 1640 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 12:29:59.0235 1640 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 12:29:59.0282 1640 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 12:29:59.0329 1640 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 12:29:59.0376 1640 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 12:29:59.0423 1640 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/27 12:29:59.0454 1640 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 12:29:59.0516 1640 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 12:29:59.0547 1640 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 12:29:59.0594 1640 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 12:29:59.0657 1640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 12:29:59.0688 1640 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 12:29:59.0750 1640 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 12:29:59.0766 1640 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 12:29:59.0797 1640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 12:29:59.0844 1640 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 12:29:59.0906 1640 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 12:29:59.0937 1640 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 12:29:59.0984 1640 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 12:30:00.0015 1640 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 12:30:00.0062 1640 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 12:30:00.0093 1640 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 12:30:00.0125 1640 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 12:30:00.0171 1640 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 12:30:00.0249 1640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 12:30:00.0312 1640 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 12:30:00.0343 1640 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 12:30:00.0437 1640 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 12:30:00.0515 1640 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/27 12:30:00.0546 1640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 12:30:00.0593 1640 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 12:30:00.0655 1640 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/27 12:30:00.0717 1640 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/07/27 12:30:00.0967 1640 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 12:30:01.0685 1640 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/27 12:30:01.0716 1640 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/27 12:30:01.0747 1640 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/27 12:30:01.0778 1640 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 12:30:01.0825 1640 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/27 12:30:01.0856 1640 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 12:30:01.0950 1640 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 12:30:02.0012 1640 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/27 12:30:02.0059 1640 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 12:30:02.0075 1640 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/27 12:30:02.0137 1640 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 12:30:02.0168 1640 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/27 12:30:02.0231 1640 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 12:30:02.0309 1640 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 12:30:02.0433 1640 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 12:30:02.0465 1640 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/07/27 12:30:02.0543 1640 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 12:30:02.0589 1640 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/27 12:30:02.0605 1640 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/07/27 12:30:02.0636 1640 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/07/27 12:30:02.0714 1640 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 12:30:02.0792 1640 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 12:30:02.0839 1640 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 12:30:02.0886 1640 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 12:30:02.0917 1640 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 12:30:02.0979 1640 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 12:30:03.0011 1640 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 12:30:03.0057 1640 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 12:30:03.0073 1640 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 12:30:03.0120 1640 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/27 12:30:03.0151 1640 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 12:30:03.0213 1640 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 12:30:03.0276 1640 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/07/27 12:30:03.0323 1640 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 12:30:03.0385 1640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 12:30:03.0463 1640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 12:30:03.0494 1640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/27 12:30:03.0525 1640 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/27 12:30:03.0557 1640 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 12:30:03.0619 1640 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 12:30:03.0650 1640 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 12:30:03.0681 1640 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 12:30:03.0713 1640 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 12:30:03.0775 1640 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/27 12:30:03.0822 1640 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/27 12:30:03.0884 1640 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/27 12:30:03.0915 1640 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/27 12:30:03.0993 1640 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 12:30:04.0025 1640 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 12:30:04.0056 1640 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 12:30:04.0118 1640 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 12:30:04.0196 1640 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 12:30:04.0243 1640 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 12:30:04.0305 1640 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 12:30:04.0337 1640 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 12:30:04.0415 1640 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 12:30:04.0461 1640 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 12:30:04.0493 1640 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 12:30:04.0524 1640 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 12:30:04.0617 1640 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 12:30:04.0664 1640 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 12:30:04.0711 1640 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 12:30:04.0742 1640 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 12:30:04.0773 1640 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 12:30:04.0820 1640 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 12:30:04.0867 1640 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 12:30:04.0929 1640 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 12:30:04.0976 1640 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 12:30:04.0992 1640 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 12:30:05.0023 1640 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 12:30:05.0085 1640 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/07/27 12:30:05.0132 1640 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 12:30:05.0195 1640 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 12:30:05.0241 1640 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 12:30:05.0273 1640 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 12:30:05.0304 1640 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 12:30:05.0335 1640 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 12:30:05.0397 1640 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 12:30:05.0429 1640 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 12:30:05.0460 1640 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 12:30:05.0507 1640 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 12:30:05.0553 1640 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/27 12:30:05.0600 1640 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/27 12:30:05.0647 1640 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/27 12:30:05.0678 1640 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 12:30:05.0741 1640 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 12:30:05.0787 1640 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 12:30:05.0834 1640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 12:30:05.0865 1640 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 12:30:05.0897 1640 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/27 12:30:05.0928 1640 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/27 12:30:05.0975 1640 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 12:30:06.0006 1640 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 12:30:06.0084 1640 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 12:30:06.0131 1640 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 12:30:06.0193 1640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 12:30:06.0255 1640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 12:30:06.0287 1640 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 12:30:06.0318 1640 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/27 12:30:06.0365 1640 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 12:30:06.0505 1640 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/27 12:30:06.0567 1640 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 12:30:06.0630 1640 WSVD (084e0d335481c3c5172b2ae0ba5bb455) C:\Windows\system32\drivers\WSVD.sys
2011/07/27 12:30:06.0677 1640 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 12:30:06.0770 1640 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/27 12:30:06.0786 1640 Boot (0x1200) (176ecb0d11092d97ec14b706d32ecba6) \Device\Harddisk0\DR0\Partition0
2011/07/27 12:30:06.0833 1640 Boot (0x1200) (5ac36822cb2e339eae44a7a4d0ee2d72) \Device\Harddisk0\DR0\Partition1
2011/07/27 12:30:06.0833 1640 ================================================================================
2011/07/27 12:30:06.0833 1640 Scan finished
2011/07/27 12:30:06.0833 1640 ================================================================================
2011/07/27 12:30:06.0848 5836 Detected object count: 0
2011/07/27 12:30:06.0848 5836 Actual detected object count: 0
2011/07/27 12:32:06.0323 4376 Deinitialize success

Edited by wants2hvfunwthu, 27 July 2011 - 03:48 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 27 July 2011 - 05:15 PM

Hello,

You may have to Uninstall and reinstall Microsoft Works. I don't see any signs of malware in your logs. Lets go ahead and run a couple other scanners to see what they come up with.


1.Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


2.
Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

3.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


4.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 1 (SCAN) then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Things to include in your next reply::
MBAM log
Kaspersky log
aswMBR log
Rkreport log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 29 July 2011 - 05:21 AM

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: Scan -- Date : 07/29/2011 01:59:00

Bad processes: 2
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: Remove -- Date : 07/29/2011 02:00:18

Bad processes: 2
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: HOSTSFix -- Date : 07/29/2011 02:00:58

Bad processes: 1
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: ProxyFix -- Date : 07/29/2011 02:01:36

Bad processes: 1
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: DNSFix -- Date : 07/29/2011 02:02:07

Bad processes: 1
[SUSP PATH] FLVSrvLib.dll -- C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

Registry Entries: 0

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating
System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: susan [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/29/2011 02:02:37

Bad processes: 0

File attributes restored:
Desktop: Success 27 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 18 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 336 / Fail 0
My documents: Success 30 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 214 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 179 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt



QuarantineReport


Time : 29/07/2011 01:59:00
--------------------------
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll


Time : 29/07/2011 02:00:18
--------------------------
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll


Time : 29/07/2011 02:00:58
--------------------------
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll


Time : 29/07/2011 02:01:36
--------------------------
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll


Time : 29/07/2011 02:02:07
--------------------------
[FLVSrvLib.dll.vir] -> C:\Users\susan\AppData\Local\FLVService\lib\FLVSrvLib.dll


Time : 29/07/2011 02:02:37
--------------------------



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database
version: 7313

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/28/2011 9:09:06 PM
mbam-log-2011-07-28 (21-09-06).txt

Scan type: Quick scan
Objects scanned: 184441
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-29 05:13:57
-----------------------------
05:13:57.119 OS Version: Windows 6.0.6002 Service Pack 2
05:13:57.119 Number of processors: 2 586 0x6B02
05:13:57.121 ComputerName: SUSAN-PC UserName: susan
05:13:58.283 Initialize success
05:25:31.639 AVAST engine defs: 11072900
06:00:10.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
06:00:10.009 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
06:00:10.024 Disk 0 MBR read successfully
06:00:10.027 Disk 0 MBR scan
06:00:10.050 Disk 0 Windows VISTA default MBR code
06:00:10.055 Disk 0 scanning sectors +625137345
06:00:10.137 Disk 0 scanning C:\Windows\system32\drivers
06:00:22.905 Service scanning
06:00:24.452 Modules scanning
06:00:29.502 Disk 0 trace - called modules:
06:00:29.539 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
06:00:29.543 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672dac8]
06:00:29.548 3 CLASSPNP.SYS[8a39e8b3] -> nt!IofCallDriver -> [0x859d4700]
06:00:29.553 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\0000005e[0x8595b3f0]
06:00:30.396 AVAST engine scan C:\Windows
06:00:57.013 AVAST engine scan C:\Windows\system32
06:06:43.563 AVAST engine scan C:\Windows\system32\drivers
06:07:03.172 AVAST engine scan C:\Users\susan
06:15:03.995 AVAST engine scan C:\ProgramData
06:15:57.176 Scan finished successfully
13:52:57.270 Disk 0 MBR has been saved successfully to "C:\Users\susan\Documents\MBR.dat"
13:52:57.286 The log file has been saved successfully to "C:\Users\susan\Documents\aswMBR.txt"










Edited by wants2hvfunwthu, 29 July 2011 - 03:20 PM.


#11 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 29 July 2011 - 03:33 PM

for some reason i couldn't copy and paste KASPERSKY LOG i also tried to attached it but had no luck the log came back with no problems. computer is running a lot better, but there is "2" explorer.exe running in task manager the 2nd one is separate,/idlist,:49805:4224. Microsoft answers said to go to regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Separate Process and change the value for that to "0" , which i did but "2" still running. i got works reinstalled an it is now working too. other than that it is a vast improvement from before....thanks so much for your help!!!!

Edited by wants2hvfunwthu, 29 July 2011 - 03:37 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 31 July 2011 - 09:15 AM

"2" explorer.exe running in task manager


Here is another option you can try.

1)open Explorer
2)goto Tools
3)goto Folder Options
4)goto View
5)Is there a tick in Launch folder windows in a seperate process?
6)If yes,untickthat setting.
7) Now restart your machine.


Be aware that this also happens:

You will have 1 instance of explorer.exe for the shell - this is the desktop and taskbar. When you open My Computer to browse folder contents, another instance will appear. No matter how many folders you have open, there will only be 2 instances of explorer.exe in the Task Manager.

To verify this, close all open applications. Open the Task Manager and note that there is only 1 instance of explorer.exe running. Now open 1 or more folders. You should now have 2 instances running. Right-click on the one that has just come up and select End Process. All the folders you have had open should close, and you should be back to just the 1 instance of this process in the Task Manager.



Congratulations! You now appear clean! :cool:



Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Edited by fireman4it, 31 July 2011 - 09:15 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 03 August 2011 - 04:49 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 wants2hvfunwthu

wants2hvfunwthu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 AM

Posted 03 August 2011 - 06:46 PM

hi, sorry about that i have had a sick child and not been able to have chance to get back to you. as far as i can tell i do think that everything is running better, really haven't had any problems, but like i said i haven't been on the computer much the last few days. anyways i thank you so very much for the help that you have given me .... and hope you have a wonderful evening!!!:thumbsup:

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 AM

Posted 03 August 2011 - 07:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users