Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black background, no icons, no programs


  • This topic is locked This topic is locked
13 replies to this topic

#1 JL2005

JL2005

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 14 October 2011 - 09:56 PM

Hello,

A couple of days ago I believe I got infected with some spyware called Cloud Protection. It was the only thing that would load up when I started my computer and I could not do anything on my computer. Luckily, I came across a bleepingcomputer.com forum post that had a resolution to the problem and (I believe) it removed the software. It had me start up in safe mode and run R Kill then Malwarebytes. This removed that spyware when I restarted my computer.

Now, my wallpaper is black, with none of my icons (except for Rkill and Malwarebytes). When I click the start button it does not show any programs. I have to search for "Firefox" to look for solutions, and ultimately, post this. I have tried Ctrl Alt Del and running "explorer" or "explorer.exe" as I was told this would solve the problem. When I do that, it opens up a window (with all of the folders on the side C:, Computer, ect.) but says empty at the top.

I finally downloaded trend micro hijack and got this log that I will post. Any help is GREATLY appreciated. I have invested so many hours trying to fix my computer and now I will turn it over to you guys and ask for help. Below is my hijack log and let me know if you need any other information. Thank you so much.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:25 PM, on 10/14/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10892 bytes

Edited by Orange Blossom, 15 October 2011 - 08:40 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 15 October 2011 - 10:20 AM

Orange Blossom, thank you for moving this to the correct forum. I can't believe I missed it this one. I'd like to add that my system is running on Windows Vista.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 19 October 2011 - 05:46 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
+++


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs ans let me know what problems persists.

#4 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 October 2011 - 07:13 PM

Nasdaq, thank you very much for your time. I am looking forward to working with you. Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Jake at 19:49:01 on 2011-10-22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.801 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\dlcxcoms.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\consent.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070816
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\jake\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\corel\corel mediaone\Corel PhotoDownloader.exe" -startup
mRun: [Corel File Shell Monitor] c:\program files\corel\corel mediaone\CorelIOMonitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\jake\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{85728A96-185A-42BA-8349-5E1DA3DE43D9} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{92158FB9-024E-44B2-A5E6-70FA515F984B} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jake\appdata\roaming\mozilla\firefox\profiles\8f3urcc8.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\jake\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\jake\appdata\roaming\mozilla\firefox\profiles\8f3urcc8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-1 165456]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-15 201320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-1 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-1 50256]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-20 359248]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-15 33832]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-22 144704]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-15 30192]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-22 695624]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-15 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-15 35240]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-15 40488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-15 02:38:38 388096 ----a-r- c:\users\jake\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-15 02:38:37 -------- d-----w- c:\program files\Trend Micro
2011-10-15 01:43:43 -------- d-----w- C:\rei
2011-10-15 01:43:34 -------- d-----w- c:\program files\Reimage
2011-10-13 21:59:13 -------- d--h--w- c:\users\jake\appdata\roaming\Malwarebytes
2011-10-13 21:59:04 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 21:59:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 21:58:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 21:17:43 -------- d--h--w- c:\users\jake\appdata\roaming\lrlONtxP0c2b
2011-10-13 21:17:42 -------- d--h--w- c:\users\jake\appdata\roaming\jkUVelOtxySi3n4
2011-10-13 20:58:30 -------- d--h--w- c:\users\jake\appdata\roaming\i9gTXqjUCk
2011-10-13 20:58:30 -------- d--h--w- c:\users\jake\appdata\roaming\HrzPNyxA1v2b4m5
2011-10-13 20:53:23 -------- d--h--w- c:\users\jake\appdata\roaming\oK7fRL9gTqUeIrP
2011-10-13 20:53:11 -------- d--h--w- c:\users\jake\appdata\roaming\qekIBrzONx1v2b4
2011-10-13 20:48:58 -------- d--h--w- c:\users\jake\appdata\roaming\qF3pmG5sQ6E8R9Y
2011-10-13 20:48:57 -------- d--h--w- c:\users\jake\appdata\roaming\VZqjYCekIrOyAuS
2011-10-13 20:42:55 -------- d--h--w- c:\users\jake\appdata\roaming\FwUVOBD3oGaHsKf
2011-10-13 20:42:49 -------- d--h--w- c:\users\jake\appdata\roaming\LlIBrzPNyAuDoF
2011-10-13 20:13:45 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
2011-10-13 20:13:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-13 15:57:37 58368 ---ha-w- c:\program files\internet explorer\4B38.tmp
.
==================== Find3M ====================
.
2011-10-13 22:13:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-13 22:13:00 227896 ----a-w- c:\windows\system32\drivers\volsnap.sys
.
============= FINISH: 19:49:27.32 ===============


aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-22 19:53:34
-----------------------------
19:53:34.407 OS Version: Windows 6.0.6001 Service Pack 1
19:53:34.408 Number of processors: 2 586 0x6801
19:53:34.411 ComputerName: JAKE-PC UserName: Jake
19:53:35.598 Initialize success
19:53:36.555 AVAST engine defs: 11070301
19:53:48.942 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
19:53:48.945 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
19:53:50.970 Disk 0 MBR read successfully
19:53:50.975 Disk 0 MBR scan
19:53:51.010 Disk 0 Windows VISTA default MBR code
19:53:51.017 Disk 0 scanning sectors +234438656
19:53:51.094 Disk 0 scanning C:\Windows\system32\drivers
19:54:11.024 Service scanning
19:54:13.687 Modules scanning
19:54:23.183 Disk 0 trace - called modules:
19:54:23.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
19:54:23.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8576e7c0]
19:54:23.221 3 CLASSPNP.SYS[835a0745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x8577c030]
19:54:23.931 AVAST engine scan C:\Windows
19:54:27.141 AVAST engine scan C:\Windows\system32
19:57:02.774 AVAST engine scan C:\Windows\system32\drivers
19:57:17.088 AVAST engine scan C:\Users\Jake
20:01:46.148 Disk 0 MBR has been saved successfully to "C:\Users\Jake\Desktop\MBR.dat"
20:01:46.165 The log file has been saved successfully to "C:\Users\Jake\Desktop\aswMBR.txt"

TDSS Log:

20:05:28.0935 5176 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
20:05:29.0977 5176 ============================================================
20:05:29.0978 5176 Current date / time: 2011/10/22 20:05:29.0977
20:05:29.0978 5176 SystemInfo:
20:05:29.0978 5176
20:05:29.0978 5176 OS Version: 6.0.6001 ServicePack: 1.0
20:05:29.0978 5176 Product type: Workstation
20:05:29.0978 5176 ComputerName: JAKE-PC
20:05:29.0978 5176 UserName: Jake
20:05:29.0978 5176 Windows directory: C:\Windows
20:05:29.0978 5176 System windows directory: C:\Windows
20:05:29.0978 5176 Processor architecture: Intel x86
20:05:29.0978 5176 Number of processors: 2
20:05:29.0978 5176 Page size: 0x1000
20:05:29.0978 5176 Boot type: Normal boot
20:05:29.0978 5176 ============================================================
20:05:32.0197 5176 Initialize success
20:05:37.0326 5620 ============================================================
20:05:37.0326 5620 Scan started
20:05:37.0326 5620 Mode: Manual;
20:05:37.0326 5620 ============================================================
20:05:39.0893 5620 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:05:39.0912 5620 ACPI - ok
20:05:40.0224 5620 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:05:40.0241 5620 adp94xx - ok
20:05:40.0604 5620 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:05:40.0634 5620 adpahci - ok
20:05:40.0807 5620 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:05:40.0808 5620 adpu160m - ok
20:05:41.0000 5620 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:05:41.0019 5620 adpu320 - ok
20:05:41.0280 5620 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:05:41.0300 5620 AFD - ok
20:05:41.0442 5620 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:05:41.0444 5620 agp440 - ok
20:05:41.0743 5620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:05:41.0745 5620 aic78xx - ok
20:05:41.0890 5620 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
20:05:41.0891 5620 aliide - ok
20:05:42.0120 5620 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:05:42.0121 5620 amdagp - ok
20:05:42.0322 5620 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
20:05:42.0323 5620 amdide - ok
20:05:42.0545 5620 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:05:42.0547 5620 AmdK7 - ok
20:05:42.0763 5620 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:05:42.0784 5620 AmdK8 - ok
20:05:43.0230 5620 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:05:43.0232 5620 arc - ok
20:05:43.0400 5620 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:05:43.0405 5620 arcsas - ok
20:05:43.0724 5620 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys
20:05:43.0726 5620 aswFsBlk - ok
20:05:43.0834 5620 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys
20:05:43.0836 5620 aswMonFlt - ok
20:05:44.0150 5620 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys
20:05:44.0152 5620 aswRdr - ok
20:05:44.0344 5620 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys
20:05:44.0361 5620 aswSP - ok
20:05:44.0691 5620 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys
20:05:44.0693 5620 aswTdi - ok
20:05:45.0011 5620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:45.0013 5620 AsyncMac - ok
20:05:45.0260 5620 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:05:45.0262 5620 atapi - ok
20:05:45.0867 5620 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:05:45.0869 5620 AtiPcie - ok
20:05:46.0828 5620 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:05:46.0871 5620 BCM43XX - ok
20:05:47.0211 5620 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:05:47.0213 5620 bcm4sbxp - ok
20:05:47.0519 5620 bdc26a22 (73a5de007b448e9d1955545e36726cde) C:\Windows\577422013:1111332317.exe
20:05:47.0522 5620 Suspicious file (Hidden): C:\Windows\577422013:1111332317.exe. md5: 73a5de007b448e9d1955545e36726cde
20:05:47.0523 5620 bdc26a22 ( Rootkit.Win32.PMax.gen ) - infected
20:05:47.0523 5620 bdc26a22 - detected Rootkit.Win32.PMax.gen (0)
20:05:47.0779 5620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:05:47.0782 5620 Beep - ok
20:05:47.0952 5620 blbdrive - ok
20:05:48.0285 5620 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:05:48.0288 5620 bowser - ok
20:05:48.0719 5620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:05:48.0721 5620 BrFiltLo - ok
20:05:48.0988 5620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:05:48.0989 5620 BrFiltUp - ok
20:05:49.0173 5620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:05:49.0175 5620 Brserid - ok
20:05:49.0352 5620 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
20:05:49.0355 5620 BrSerIf - ok
20:05:49.0488 5620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:05:49.0491 5620 BrSerWdm - ok
20:05:49.0534 5620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:05:49.0535 5620 BrUsbMdm - ok
20:05:49.0651 5620 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
20:05:49.0653 5620 BrUsbSer - ok
20:05:49.0909 5620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:05:49.0911 5620 BTHMODEM - ok
20:05:50.0144 5620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:05:50.0146 5620 cdfs - ok
20:05:50.0374 5620 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:05:50.0381 5620 cdrom - ok
20:05:50.0627 5620 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:05:50.0630 5620 circlass - ok
20:05:50.0861 5620 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:05:50.0872 5620 CLFS - ok
20:05:51.0191 5620 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:51.0193 5620 CmBatt - ok
20:05:51.0295 5620 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
20:05:51.0296 5620 cmdide - ok
20:05:51.0422 5620 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:05:51.0423 5620 Compbatt - ok
20:05:51.0687 5620 cpuz134 - ok
20:05:51.0955 5620 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:05:51.0956 5620 crcdisk - ok
20:05:52.0218 5620 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:05:52.0219 5620 Crusoe - ok
20:05:52.0373 5620 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:05:52.0375 5620 DfsC - ok
20:05:52.0724 5620 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:05:52.0726 5620 disk - ok
20:05:53.0027 5620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:05:53.0027 5620 drmkaud - ok
20:05:53.0210 5620 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:05:53.0232 5620 DSproct - ok
20:05:53.0494 5620 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
20:05:53.0495 5620 dsunidrv - ok
20:05:53.0710 5620 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:05:53.0747 5620 DXGKrnl - ok
20:05:54.0012 5620 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:05:54.0021 5620 e1express - ok
20:05:54.0283 5620 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:05:54.0284 5620 E1G60 - ok
20:05:54.0513 5620 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:05:54.0516 5620 Ecache - ok
20:05:54.0762 5620 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:05:54.0773 5620 elxstor - ok
20:05:55.0035 5620 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:05:55.0043 5620 exfat - ok
20:05:55.0213 5620 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:05:55.0233 5620 fastfat - ok
20:05:55.0483 5620 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:05:55.0484 5620 fdc - ok
20:05:55.0663 5620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:05:55.0664 5620 FileInfo - ok
20:05:55.0876 5620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:05:55.0877 5620 Filetrace - ok
20:05:56.0044 5620 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:56.0045 5620 flpydisk - ok
20:05:56.0297 5620 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:05:56.0302 5620 FltMgr - ok
20:05:56.0453 5620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:05:56.0454 5620 Fs_Rec - ok
20:05:56.0581 5620 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:05:56.0582 5620 gagp30kx - ok
20:05:56.0944 5620 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:05:56.0946 5620 GEARAspiWDM - ok
20:05:57.0277 5620 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:05:57.0306 5620 HdAudAddService - ok
20:05:57.0463 5620 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:05:57.0465 5620 HDAudBus - ok
20:05:57.0712 5620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:05:57.0713 5620 HidBth - ok
20:05:57.0831 5620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:05:57.0832 5620 HidIr - ok
20:05:57.0913 5620 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:05:57.0914 5620 HidUsb - ok
20:05:58.0139 5620 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:05:58.0140 5620 HpCISSs - ok
20:05:58.0483 5620 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:05:58.0581 5620 HSF_DPV - ok
20:05:58.0881 5620 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:05:58.0888 5620 HSXHWAZL - ok
20:05:59.0066 5620 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:05:59.0123 5620 HTTP - ok
20:05:59.0338 5620 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:05:59.0339 5620 i2omp - ok
20:05:59.0556 5620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:05:59.0559 5620 i8042prt - ok
20:05:59.0770 5620 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:05:59.0818 5620 iaStorV - ok
20:06:00.0004 5620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:06:00.0005 5620 iirsp - ok
20:06:00.0216 5620 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
20:06:00.0217 5620 intelide - ok
20:06:00.0331 5620 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:06:00.0333 5620 intelppm - ok
20:06:00.0429 5620 IpInIp - ok
20:06:00.0586 5620 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:06:00.0587 5620 IPMIDRV - ok
20:06:00.0679 5620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:06:00.0681 5620 IPNAT - ok
20:06:00.0762 5620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:06:00.0763 5620 IRENUM - ok
20:06:00.0893 5620 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:06:00.0894 5620 isapnp - ok
20:06:01.0154 5620 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:06:01.0160 5620 iScsiPrt - ok
20:06:01.0255 5620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:06:01.0263 5620 iteatapi - ok
20:06:01.0337 5620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:06:01.0338 5620 iteraid - ok
20:06:01.0609 5620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:01.0609 5620 kbdclass - ok
20:06:01.0766 5620 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:06:01.0766 5620 kbdhid - ok
20:06:01.0977 5620 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:06:01.0993 5620 KSecDD - ok
20:06:02.0272 5620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:06:02.0274 5620 lltdio - ok
20:06:02.0547 5620 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:06:02.0548 5620 LSI_FC - ok
20:06:02.0795 5620 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:06:02.0796 5620 LSI_SAS - ok
20:06:02.0949 5620 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:06:02.0950 5620 LSI_SCSI - ok
20:06:03.0133 5620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:06:03.0135 5620 luafv - ok
20:06:03.0461 5620 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:06:03.0462 5620 mdmxsdk - ok
20:06:03.0624 5620 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:06:03.0625 5620 megasas - ok
20:06:03.0856 5620 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
20:06:03.0871 5620 mfeavfk - ok
20:06:04.0007 5620 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
20:06:04.0028 5620 mfebopk - ok
20:06:04.0250 5620 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
20:06:04.0276 5620 mfehidk - ok
20:06:04.0427 5620 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
20:06:04.0434 5620 mferkdk - ok
20:06:04.0615 5620 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
20:06:04.0639 5620 mfesmfk - ok
20:06:04.0869 5620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:06:04.0870 5620 Modem - ok
20:06:05.0121 5620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:06:05.0127 5620 monitor - ok
20:06:05.0268 5620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:06:05.0269 5620 mouclass - ok
20:06:05.0488 5620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:06:05.0489 5620 mouhid - ok
20:06:05.0793 5620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:06:05.0795 5620 MountMgr - ok
20:06:05.0994 5620 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
20:06:06.0004 5620 MPFP - ok
20:06:06.0282 5620 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:06:06.0283 5620 mpio - ok
20:06:06.0606 5620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:06:06.0608 5620 mpsdrv - ok
20:06:06.0838 5620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:06:06.0839 5620 Mraid35x - ok
20:06:07.0098 5620 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:06:07.0100 5620 MRxDAV - ok
20:06:07.0323 5620 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:07.0325 5620 mrxsmb - ok
20:06:07.0539 5620 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:07.0556 5620 mrxsmb10 - ok
20:06:07.0744 5620 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:07.0746 5620 mrxsmb20 - ok
20:06:08.0005 5620 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
20:06:08.0006 5620 msahci - ok
20:06:08.0207 5620 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:06:08.0209 5620 msdsm - ok
20:06:08.0388 5620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:06:08.0389 5620 Msfs - ok
20:06:08.0630 5620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:06:08.0630 5620 msisadrv - ok
20:06:08.0842 5620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:06:08.0843 5620 MSKSSRV - ok
20:06:09.0079 5620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:09.0080 5620 MSPCLOCK - ok
20:06:09.0336 5620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:06:09.0337 5620 MSPQM - ok
20:06:09.0542 5620 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:06:09.0561 5620 MsRPC - ok
20:06:09.0861 5620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:06:09.0869 5620 mssmbios - ok
20:06:10.0139 5620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:06:10.0140 5620 MSTEE - ok
20:06:10.0278 5620 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:06:10.0281 5620 Mup - ok
20:06:10.0495 5620 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:06:10.0504 5620 NativeWifiP - ok
20:06:10.0771 5620 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:06:10.0858 5620 NDIS - ok
20:06:11.0099 5620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:11.0100 5620 NdisTapi - ok
20:06:11.0281 5620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:11.0300 5620 Ndisuio - ok
20:06:11.0518 5620 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:11.0523 5620 NdisWan - ok
20:06:11.0673 5620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:06:11.0675 5620 NDProxy - ok
20:06:11.0952 5620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:06:11.0954 5620 NetBIOS - ok
20:06:12.0147 5620 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:06:12.0156 5620 netbt - ok
20:06:12.0519 5620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:06:12.0522 5620 nfrd960 - ok
20:06:12.0731 5620 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:06:12.0734 5620 Npfs - ok
20:06:12.0962 5620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:06:12.0963 5620 nsiproxy - ok
20:06:13.0240 5620 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:06:13.0375 5620 Ntfs - ok
20:06:13.0564 5620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:06:13.0566 5620 ntrigdigi - ok
20:06:13.0724 5620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:06:13.0725 5620 Null - ok
20:06:13.0987 5620 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:06:13.0989 5620 nvraid - ok
20:06:14.0135 5620 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:06:14.0137 5620 nvstor - ok
20:06:14.0429 5620 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:06:14.0431 5620 nv_agp - ok
20:06:14.0497 5620 NwlnkFlt - ok
20:06:14.0594 5620 NwlnkFwd - ok
20:06:14.0852 5620 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:06:14.0854 5620 ohci1394 - ok
20:06:14.0992 5620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:06:14.0993 5620 Parport - ok
20:06:15.0258 5620 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:06:15.0261 5620 partmgr - ok
20:06:15.0367 5620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:06:15.0368 5620 Parvdm - ok
20:06:15.0530 5620 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:06:15.0539 5620 pci - ok
20:06:15.0760 5620 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:06:15.0762 5620 pciide - ok
20:06:15.0959 5620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:06:15.0965 5620 pcmcia - ok
20:06:16.0215 5620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:06:16.0357 5620 PEAUTH - ok
20:06:16.0665 5620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:06:16.0668 5620 PptpMiniport - ok
20:06:16.0781 5620 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:06:16.0782 5620 Processor - ok
20:06:17.0087 5620 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:06:17.0093 5620 PSched - ok
20:06:17.0207 5620 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
20:06:17.0209 5620 PxHelp20 - ok
20:06:17.0646 5620 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:06:17.0746 5620 ql2300 - ok
20:06:18.0021 5620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:06:18.0022 5620 ql40xx - ok
20:06:18.0152 5620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:06:18.0153 5620 QWAVEdrv - ok
20:06:18.0731 5620 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
20:06:19.0216 5620 R300 - ok
20:06:19.0468 5620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:06:19.0469 5620 RasAcd - ok
20:06:19.0669 5620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:19.0671 5620 Rasl2tp - ok
20:06:19.0878 5620 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:19.0881 5620 RasPppoe - ok
20:06:20.0009 5620 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:06:20.0010 5620 RasSstp - ok
20:06:20.0268 5620 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:06:20.0285 5620 rdbss - ok
20:06:20.0371 5620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:20.0372 5620 RDPCDD - ok
20:06:20.0579 5620 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:06:20.0589 5620 rdpdr - ok
20:06:20.0816 5620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:06:20.0817 5620 RDPENCDD - ok
20:06:20.0991 5620 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:06:21.0032 5620 RDPWD - ok
20:06:21.0459 5620 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:06:21.0462 5620 rimmptsk - ok
20:06:21.0586 5620 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\drivers\rimsptsk.sys
20:06:21.0587 5620 rimsptsk - ok
20:06:21.0853 5620 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\drivers\rixdptsk.sys
20:06:21.0854 5620 rismxdp - ok
20:06:22.0066 5620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:06:22.0069 5620 rspndr - ok
20:06:22.0298 5620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:06:22.0299 5620 sbp2port - ok
20:06:22.0482 5620 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:06:22.0486 5620 sdbus - ok
20:06:22.0701 5620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:06:22.0702 5620 secdrv - ok
20:06:22.0826 5620 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:06:22.0828 5620 Serenum - ok
20:06:23.0085 5620 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:06:23.0088 5620 Serial - ok
20:06:23.0193 5620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:06:23.0194 5620 sermouse - ok
20:06:23.0431 5620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:06:23.0432 5620 sffdisk - ok
20:06:23.0613 5620 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:06:23.0614 5620 sffp_mmc - ok
20:06:23.0794 5620 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:06:23.0797 5620 sffp_sd - ok
20:06:23.0973 5620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:06:23.0975 5620 sfloppy - ok
20:06:24.0176 5620 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:06:24.0179 5620 sisagp - ok
20:06:24.0275 5620 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:06:24.0278 5620 SiSRaid2 - ok
20:06:24.0476 5620 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:06:24.0478 5620 SiSRaid4 - ok
20:06:24.0725 5620 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:06:24.0727 5620 Smb - ok
20:06:24.0874 5620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:06:24.0875 5620 spldr - ok
20:06:25.0167 5620 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:06:25.0210 5620 srv - ok
20:06:25.0414 5620 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:06:25.0429 5620 srv2 - ok
20:06:25.0677 5620 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:06:25.0681 5620 srvnet - ok
20:06:25.0990 5620 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
20:06:26.0068 5620 STHDA - ok
20:06:26.0359 5620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:06:26.0361 5620 swenum - ok
20:06:26.0516 5620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:06:26.0517 5620 Symc8xx - ok
20:06:26.0770 5620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:06:26.0772 5620 Sym_hi - ok
20:06:26.0919 5620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:06:26.0920 5620 Sym_u3 - ok
20:06:27.0178 5620 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
20:06:27.0185 5620 SynTP - ok
20:06:27.0487 5620 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:06:27.0585 5620 Tcpip - ok
20:06:27.0989 5620 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:06:27.0997 5620 Tcpip6 - ok
20:06:28.0251 5620 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:06:28.0253 5620 tcpipreg - ok
20:06:28.0380 5620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:06:28.0381 5620 TDPIPE - ok
20:06:28.0619 5620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:06:28.0621 5620 TDTCP - ok
20:06:28.0757 5620 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:06:28.0759 5620 tdx - ok
20:06:29.0105 5620 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:06:29.0108 5620 TermDD - ok
20:06:29.0301 5620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:29.0302 5620 tssecsrv - ok
20:06:29.0581 5620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:06:29.0583 5620 tunmp - ok
20:06:29.0721 5620 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:06:29.0726 5620 tunnel - ok
20:06:29.0984 5620 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:06:29.0987 5620 uagp35 - ok
20:06:30.0138 5620 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:06:30.0168 5620 udfs - ok
20:06:30.0437 5620 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:06:30.0439 5620 uliagpkx - ok
20:06:30.0560 5620 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:06:30.0585 5620 uliahci - ok
20:06:30.0815 5620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:06:30.0816 5620 UlSata - ok
20:06:30.0939 5620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:06:30.0942 5620 ulsata2 - ok
20:06:31.0041 5620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:06:31.0042 5620 umbus - ok
20:06:31.0359 5620 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
20:06:31.0361 5620 USBAAPL - ok
20:06:31.0493 5620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:31.0496 5620 usbccgp - ok
20:06:31.0757 5620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:06:31.0759 5620 usbcir - ok
20:06:31.0965 5620 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:06:31.0966 5620 usbehci - ok
20:06:32.0092 5620 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:06:32.0115 5620 usbhub - ok
20:06:32.0308 5620 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
20:06:32.0311 5620 usbohci - ok
20:06:32.0388 5620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:06:32.0389 5620 usbprint - ok
20:06:32.0741 5620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:06:32.0742 5620 usbscan - ok
20:06:32.0842 5620 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:32.0843 5620 USBSTOR - ok
20:06:33.0097 5620 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:33.0099 5620 usbuhci - ok
20:06:33.0258 5620 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:06:33.0263 5620 usbvideo - ok
20:06:33.0642 5620 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:33.0644 5620 vga - ok
20:06:33.0791 5620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:06:33.0793 5620 VgaSave - ok
20:06:34.0029 5620 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:06:34.0032 5620 viaagp - ok
20:06:34.0104 5620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:06:34.0106 5620 ViaC7 - ok
20:06:34.0196 5620 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
20:06:34.0198 5620 viaide - ok
20:06:34.0468 5620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:06:34.0470 5620 volmgr - ok
20:06:34.0637 5620 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:06:34.0643 5620 volmgrx - ok
20:06:34.0949 5620 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:06:34.0976 5620 volsnap - ok
20:06:35.0153 5620 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:06:35.0157 5620 vsmraid - ok
20:06:35.0368 5620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:06:35.0371 5620 WacomPen - ok
20:06:35.0533 5620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:35.0535 5620 Wanarp - ok
20:06:35.0557 5620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:35.0558 5620 Wanarpv6 - ok
20:06:35.0797 5620 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:06:35.0798 5620 Wd - ok
20:06:36.0000 5620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:06:36.0078 5620 Wdf01000 - ok
20:06:36.0492 5620 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:06:36.0539 5620 winachsf - ok
20:06:36.0885 5620 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:06:36.0886 5620 WmiAcpi - ok
20:06:37.0061 5620 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:06:37.0079 5620 WpdUsb - ok
20:06:37.0333 5620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:06:37.0335 5620 ws2ifsl - ok
20:06:37.0494 5620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:37.0496 5620 WUDFRd - ok
20:06:37.0787 5620 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:06:37.0788 5620 XAudio - ok
20:06:37.0877 5620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:06:37.0937 5620 \Device\Harddisk0\DR0 - ok
20:06:37.0990 5620 Boot (0x1200) (5247817ff3ae9200cec76a7c04155962) \Device\Harddisk0\DR0\Partition0
20:06:37.0994 5620 \Device\Harddisk0\DR0\Partition0 - ok
20:06:38.0004 5620 Boot (0x1200) (5c783e08ff7e5cc15fa7943acecc221d) \Device\Harddisk0\DR0\Partition1
20:06:38.0009 5620 \Device\Harddisk0\DR0\Partition1 - ok
20:06:38.0010 5620 ============================================================
20:06:38.0010 5620 Scan finished
20:06:38.0010 5620 ============================================================
20:06:38.0029 4380 Detected object count: 1
20:06:38.0029 4380 Actual detected object count: 1
20:07:26.0385 4380 HKLM\SYSTEM\ControlSet001\services\bdc26a22 - will be deleted on reboot
20:07:26.0451 4380 HKLM\SYSTEM\ControlSet010\services\bdc26a22 - will be deleted on reboot
20:07:26.0508 4380 C:\Windows\577422013:1111332317.exe - will be deleted on reboot
20:07:26.0509 4380 bdc26a22 ( Rootkit.Win32.PMax.gen ) - User select action: Delete


Nasdaq, at the present time I have not noticed any changes. I still have my black screen with the only icons I have being what I have downloaded. Let me reboot and I will post if anything has changed. (TdSS did not ask for a reboot) Also, the tdss brought up one file that said "Malware" but it gave me the option to delete instead of cure and that's what I did. I'll post again after reboot.

THANK YOU!!

Attached Files



#5 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 October 2011 - 07:25 PM

Nasdaq, actually it did prompt me to reboot. I didn't see it because I had so many windows open. However, after my reply I did a reboot through the tdss command. My situation still looks the same. My background is black, the only icons on my desktop are what I have downloaded, and when I click Start all I can see is "Computer". To access this internet browser I just have to search for "Firefox". It seems that my programs (that were formally on my desktop) are still saved because I can find them in a search.

I tried to do a print screen to show you my view but unfortunately I could not find "Paint" or "Microsoft Paint" in a search or through looking through "Computer".

I hope this is helpful information to you.

Thanks,

JL

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 23 October 2011 - 08:29 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

As this infection changes your desktop background to a solid black color, we now want to change it back to the default Windows theme or to modify it to your preferences. If you are using Windows XP, please click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Display icon. From this screen you can now change your Theme and desktop background so that it no longer shows the black background.

If you are using Windows Vista or Windows 7, please click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Appearance and Personalization category. Then select Change the Theme or Change Desktop Background to revert back to your original Theme and colors.

Please post the MBAM log and let me know what problem persists.

#7 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 23 October 2011 - 12:49 PM

Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8005

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

10/23/2011 1:46:18 PM
mbam-log-2011-10-23 (13-46-18).txt

Scan type: Quick scan
Objects scanned: 193702
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jake\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Jake\AppData\Local\Temp\chipset_driver_update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jake\AppData\Local\Temp\185D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jake\local settings\temporary internet files\Content.IE5\JHEFTVEU\contacts[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.


I will reboot and reply.

#8 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 23 October 2011 - 01:07 PM

I am unable to access Control Panel from the Start button. When I click start, the only thing I can see is Computer. None of my programs are back yet. When I click All Programs it just shows the following: HiJackThis, Malwarebytes, Spybot Search and Destroy, and Reimage Repair. All of those programs were downloaded after this problem started.

I right clicked on the desktop to change my background. In the screen, there were not any Windows themed wallpapers available. The only ones that I could see and ultimately choose were Solid Colors.

I'd image that I would be able to change my background through right clicking or saving an image. The big problem though is that I still cannot see any of my programs that WERE on my desktop and I cannot see them from the Start menu.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 24 October 2011 - 08:27 AM

Start Program problems.

To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

This may take sometime, please let if finish.
=====

Variants of the Fake rogue programs are now deleting the following folders and storing them into a numbered folder under %Temp%\smtmp\:

%Temp%\smtmp\1\ => %AllUsersProfile%\Start Menu
%Temp%\smtmp\2\ => %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch
%Temp%\smtmp\3\ => %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
%Temp%\smtmp\4\ => %AllUsersProfile%\Desktop

It goes without saying that running a %temp% cleaner ahead of restoration would result in loss of these folders
===

If that fails try this.

Right click on each of the folders and selected Open, to open the start menu folder in Explorer. Then browse to C:\Program Files\<program name> (or whatever location the program is installed in), locate the main program's .exe file (it will usually have a name very similar to the program name and the same icon), copy and paste it into the start menu folder you have open. Then close the folders and look in your start menu again, the shortcut should be there and functioning!

So for example, the start menu folder SpeedCrunch show up as (Empty). Right clicked on the folder and selected Open, then opened C:\Program Files\SpeedCrunch and located the .exe file named "speedcrunch". Copy and paste that file into the start menu folder".

Keep me posted.

#10 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 25 October 2011 - 09:11 PM

Nasdaq! Unhide fixed my problem!

THANK YOU. THANK YOU. THANK YOU! I really cannot thank you enough. This has been such a frustrating problem and now I do not have to worry about it anymore.

This is truly a fantastic service that you and others here at BleepingComputer do for people. Please let me know if there is anything I can do to help you.

Thank you again,

Jake

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 26 October 2011 - 06:41 AM

Glad we could help.

Run this tool now.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#12 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 26 October 2011 - 09:16 PM

Nasdaq, here you go:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 27 October 2011 - 09:01 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22
Java™ SE Runtime Environment 6

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#14 JL2005

JL2005
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 01 November 2011 - 05:02 PM

Nasdaq, everything is updated and I'm thinking prevention! Again, thank you so much!

Best wishes,

Jake




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users