Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After PC Doctor / win32 Ainslot.a removal I still cannot access some Admin functions


  • This topic is locked This topic is locked
10 replies to this topic

#1 00Scud00

00Scud00

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 19 October 2011 - 04:21 AM

Initial description can be found Here

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Mike at 21:57:24 on 2011-10-18
.
============== Running Processes ===============
.
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Files\Applications\dds.scr
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [TunePat] "C:\Program Files (x86)\TunePat\TunePat.exe" /silence
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ACPW05EN] "F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoLogoff = 1 (0x1)
uPolicies-explorer: NoClose = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 1 (0x1)
uPolicies-explorer: NoControlPanel = 1 (0x1)
uPolicies-explorer: NoViewContextMenu = 1 (0x1)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: NoBrowserOptions = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 1 (0x1)
mPolicies-explorer: NoControlPanel = 1 (0x1)
mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
mPolicies-explorer: NoToolbarCustomize = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispCPL = 1 (0x1)
mPolicies-system: NoBrowserOptions = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{286ECA39-6904-4A43-9BB7-AAEF7D9E862D} : DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
TCP: Interfaces\{6BF79A43-29C6-4944-8195-DAFFB18E15CF} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
STS: Fences: {ec654325-1273-c2a9-2b7c-45a29bce2fbd} - C:\Program Files (x86)\Stardock\Fences\DesktopDock.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: AskBar BHO - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
mRun-x64: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [TunePat] "C:\Program Files (x86)\TunePat\TunePat.exe" /silence
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ACPW05EN] "F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
STS-X64: Fences: {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files (x86)\Stardock\Fences\DesktopDock.dll
Hosts: 216.18.199.34 videosift.com www.videosift.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Download Energy Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bluesnews.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&q=&SearchSource=2
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? Adobe Version Cue CS4;Adobe Version Cue CS4
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? CT20XUT;CT20XUT
R? CTEXFIFX;CTEXFIFX
R? CTHWIUT;CTHWIUT
R? DAUpdaterSvc;Dragon Age: Origins - Content Updater
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? motandroidusb;Mot ADB Interface Driver
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? PerfHost;Performance Counter DLL Host
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? ASKService;ASKService
S? ASKUpgrade;ASKUpgrade
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? bcgame;Nostromo HID Device Minidriver
S? copperhd;Razer Copperhead Driver
S? CT20XUT.SYS;CT20XUT.SYS
S? CTEXFIFX.SYS;CTEXFIFX.SYS
S? CTHWIUT.SYS;CTHWIUT.SYS
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? epfwwfpr;epfwwfpr
S? FontCache;Windows Font Cache Service
S? HWiNFO32;HWiNFO32 Kernel Driver
S? Lycosa;Lycosa Keyboard
S? MotoHelper;MotoHelper Service
S? SBSDWSCService;SBSD Security Center Service
S? StarWindServiceAE;StarWind AE Service
S? TabletServiceWacom;TabletServiceWacom
S? UltraMonUtility;UltraMon Utility Driver
S? wacmoumonitor;Wacom Mode Helper
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-18 16:34:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0700CA6F-DFCA-4640-AC10-616DBB799845}\offreg.dll
2011-10-18 06:56:28 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0700CA6F-DFCA-4640-AC10-616DBB799845}\mpengine.dll
2011-10-18 05:18:16 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2011-10-18 05:18:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 05:17:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-18 05:17:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-15 05:33:59 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2011-10-15 05:28:33 270142 ----a-w- C:\Minecraft.exe
2011-10-15 05:17:11 446464 ----a-w- C:\Users\Mike\AppData\Roaming\ca9dab.exe
2011-10-15 05:16:49 446464 ---h--w- C:\Users\Mike\AppData\Roaming\ffdb7f.exe
2011-10-12 15:28:25 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 15:28:25 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 15:28:24 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-10-12 15:28:24 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 15:28:24 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-10-12 15:28:23 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 15:28:23 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-10-12 15:28:23 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-10-12 15:28:05 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 15:26:49 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-12 15:26:49 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 15:25:37 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-12 15:25:37 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 15:25:37 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 15:25:37 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 15:25:37 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 15:25:37 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-12 15:25:36 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-12 15:25:36 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-09 03:39:48 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-09 03:39:25 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-10-09 03:31:59 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-09 02:33:20 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-10-08 02:52:11 -------- d-----w- C:\ProgramData\DAZ 3D
2011-10-08 02:52:09 -------- d-----w- C:\Program Files\DAZ 3D
2011-09-30 02:00:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-09-30 02:00:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-09-24 05:09:54 -------- d-----w- C:\Users\Mike\.swt
2011-09-19 04:05:34 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2011-10-15 05:33:49 567184 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-09 03:31:59 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-30 01:22:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-14 16:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 16:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 16:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-14 16:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-14 16:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 16:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 16:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 16:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:57:52.84 ===============

Also, I'm using Windows Vista Ultimate 64 so I can't use GMER, I did use the Sophos Rootkit detection program, here's what little data it revealed

Sophos Anti-Rootkit results



Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Mike\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Mike\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\drivers\sptd.sys
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
===========<Sophos Data End>============================================================

Thanks and let me know if there's anything else you need me to do.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 AM

Posted 24 October 2011 - 04:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424126 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 00Scud00

00Scud00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 24 October 2011 - 10:02 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Mike at 21:30:40 on 2011-10-24
.
============== Running Processes ===============
.
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\DllHost.exe
F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Files\Applications\dds.scr
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [TunePat] "C:\Program Files (x86)\TunePat\TunePat.exe" /silence
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ACPW05EN] "F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoLogoff = 1 (0x1)
uPolicies-explorer: NoClose = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 1 (0x1)
uPolicies-explorer: NoControlPanel = 1 (0x1)
uPolicies-explorer: NoViewContextMenu = 1 (0x1)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: NoBrowserOptions = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 1 (0x1)
mPolicies-explorer: NoControlPanel = 1 (0x1)
mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
mPolicies-explorer: NoToolbarCustomize = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispCPL = 1 (0x1)
mPolicies-system: NoBrowserOptions = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{286ECA39-6904-4A43-9BB7-AAEF7D9E862D} : DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
TCP: Interfaces\{6BF79A43-29C6-4944-8195-DAFFB18E15CF} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
STS: Fences: {ec654325-1273-c2a9-2b7c-45a29bce2fbd} - C:\Program Files (x86)\Stardock\Fences\DesktopDock.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: AskBar BHO - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
mRun-x64: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [TunePat] "C:\Program Files (x86)\TunePat\TunePat.exe" /silence
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ACPW05EN] "F:\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
STS-X64: Fences: {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files (x86)\Stardock\Fences\DesktopDock.dll
Hosts: 216.18.199.34 videosift.com www.videosift.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Download Energy Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bluesnews.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&q=&SearchSource=2
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o7ah9696.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? Adobe Version Cue CS4;Adobe Version Cue CS4
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? CT20XUT;CT20XUT
R? CTEXFIFX;CTEXFIFX
R? CTHWIUT;CTHWIUT
R? DAUpdaterSvc;Dragon Age: Origins - Content Updater
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MEMSWEEP2;MEMSWEEP2
R? motandroidusb;Mot ADB Interface Driver
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? PerfHost;Performance Counter DLL Host
R? wacmoumonitor;Wacom Mode Helper
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? ASKService;ASKService
S? ASKUpgrade;ASKUpgrade
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? bcgame;Nostromo HID Device Minidriver
S? copperhd;Razer Copperhead Driver
S? CT20XUT.SYS;CT20XUT.SYS
S? CTEXFIFX.SYS;CTEXFIFX.SYS
S? CTHWIUT.SYS;CTHWIUT.SYS
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? epfwwfpr;epfwwfpr
S? FontCache;Windows Font Cache Service
S? HWiNFO32;HWiNFO32 Kernel Driver
S? Lycosa;Lycosa Keyboard
S? MotoHelper;MotoHelper Service
S? SBSDWSCService;SBSD Security Center Service
S? StarWindServiceAE;StarWind AE Service
S? TabletServiceWacom;TabletServiceWacom
S? UltraMonUtility;UltraMon Utility Driver
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-21 07:00:24 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADBB8BC1-8D1E-42A2-9A66-6EDC29C5E76C}\mpengine.dll
2011-10-21 07:00:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADBB8BC1-8D1E-42A2-9A66-6EDC29C5E76C}\offreg.dll
2011-10-19 03:01:45 6144 ------w- C:\Windows\System32\3703.tmp
2011-10-19 02:59:27 6144 ------w- C:\Windows\System32\1B48.tmp
2011-10-19 02:59:15 -------- d-----w- C:\Program Files (x86)\Sophos
2011-10-18 05:18:16 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2011-10-18 05:18:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 05:17:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-18 05:17:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-15 05:33:59 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2011-10-15 05:28:33 270142 ----a-w- C:\Minecraft.exe
2011-10-15 05:17:11 446464 ----a-w- C:\Users\Mike\AppData\Roaming\ca9dab.exe
2011-10-15 05:16:49 446464 ---h--w- C:\Users\Mike\AppData\Roaming\ffdb7f.exe
2011-10-12 15:28:25 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 15:28:25 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 15:28:24 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-10-12 15:28:24 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 15:28:24 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-10-12 15:28:23 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 15:28:23 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-10-12 15:28:23 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-10-12 15:28:05 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 15:26:49 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-12 15:26:49 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 15:25:37 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-12 15:25:37 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 15:25:37 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 15:25:37 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 15:25:37 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 15:25:37 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-12 15:25:36 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-12 15:25:36 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-09 03:39:48 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-09 03:39:25 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-10-09 03:31:59 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-09 02:33:20 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-10-08 02:52:11 -------- d-----w- C:\ProgramData\DAZ 3D
2011-10-08 02:52:09 -------- d-----w- C:\Program Files\DAZ 3D
2011-09-30 02:00:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-09-30 02:00:42 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-10-15 05:33:49 567184 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-09 03:31:59 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-30 01:22:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-14 16:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 16:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 16:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-14 16:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-14 16:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 16:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 16:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 16:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:31:51.64 ===============

Here are the new DDS and Attach files as requested by the HelpBot, I'm running Vista Ultimate 64 so no GMER log is available, I did try the Sophos anti-rootkit package and there are some results listed with the first batch of DDS results, there's not much to see, but I can run it again if you want me to.
I use Alcohol 120% for virtual drives which I have un-mounted, and here's a quick re-cap of what happened.
I was watching videos on Videosift last week when all the sudden I get warning sounds and popup windows telling me that I may be infected, it also changed my wallpaper to a big warning sign, this of course was not my normal AV software NOD32 but something calling itself PC Doctor or something to that effect. I pulled the plug on the net connection and re-started the machine, upon getting back up the crap was still there and I was locked out of the Task Manager and most other Admin functions, (I would frequently get a popup window telling me that the operation had been cancelled due to restrictions in effect on this computer) and when re-booting NOD32 would give me a message about an infection by a variant of the Win32 Ainslot.A worm, but it could do nothing about it. After some research and booting into safe mode I managed to get the Task Manager back after running RKill and cleaned out a bunch of junk after installing and running Mbam and then doing a scan with NOD32, the last scans I did came up clean.
I was still locked out of the Control Panel and other things like right-clicking in internet explorer and on the desktop, accessing the secret Admin account only helped a little, I could right-click and get the menu but most Admin features are still locked up tight.
Thanks for the response and let me know if there's anything else you need from me.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 25 October 2011 - 01:38 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#5 00Scud00

00Scud00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 25 October 2011 - 11:19 PM

I was unable to get aswMBR to do a proper scan as shortly after starting it would BSOD my system, I tried it in safe mode and got the same results.
I ran TDSSKiller and it came up clean, but here's the report anyhow.

23:14:25.0338 2412 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
23:14:26.0275 2412 ============================================================
23:14:26.0275 2412 Current date / time: 2011/10/25 23:14:26.0275
23:14:26.0275 2412 SystemInfo:
23:14:26.0275 2412
23:14:26.0275 2412 OS Version: 6.0.6002 ServicePack: 2.0
23:14:26.0275 2412 Product type: Workstation
23:14:26.0275 2412 ComputerName: I7-266
23:14:26.0276 2412 UserName: Mike
23:14:26.0276 2412 Windows directory: C:\Windows
23:14:26.0276 2412 System windows directory: C:\Windows
23:14:26.0276 2412 Running under WOW64
23:14:26.0276 2412 Processor architecture: Intel x64
23:14:26.0276 2412 Number of processors: 8
23:14:26.0276 2412 Page size: 0x1000
23:14:26.0276 2412 Boot type: Normal boot
23:14:26.0276 2412 ============================================================
23:14:28.0093 2412 Initialize success
23:14:30.0297 7004 ============================================================
23:14:30.0297 7004 Scan started
23:14:30.0297 7004 Mode: Manual;
23:14:30.0297 7004 ============================================================
23:14:31.0859 7004 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:14:31.0862 7004 ACPI - ok
23:14:31.0918 7004 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
23:14:31.0987 7004 adfs - ok
23:14:32.0822 7004 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
23:14:32.0846 7004 adp94xx - ok
23:14:32.0915 7004 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
23:14:32.0956 7004 adpahci - ok
23:14:33.0015 7004 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
23:14:33.0037 7004 adpu160m - ok
23:14:33.0099 7004 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
23:14:33.0102 7004 adpu320 - ok
23:14:33.0202 7004 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
23:14:33.0226 7004 AFD - ok
23:14:33.0278 7004 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
23:14:33.0280 7004 agp440 - ok
23:14:33.0315 7004 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:14:33.0317 7004 aic78xx - ok
23:14:33.0380 7004 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:14:33.0401 7004 aliide - ok
23:14:33.0449 7004 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:14:33.0470 7004 amdide - ok
23:14:33.0902 7004 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
23:14:33.0923 7004 AmdK8 - ok
23:14:34.0206 7004 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
23:14:34.0296 7004 amdkmdag - ok
23:14:34.0346 7004 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
23:14:34.0349 7004 amdkmdap - ok
23:14:34.0417 7004 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
23:14:34.0438 7004 arc - ok
23:14:34.0483 7004 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
23:14:34.0505 7004 arcsas - ok
23:14:35.0035 7004 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:14:35.0037 7004 AsyncMac - ok
23:14:35.0094 7004 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:14:35.0095 7004 atapi - ok
23:14:35.0167 7004 AtiHDAudioService (ffadd388d1e7f075857659928365d579) C:\Windows\system32\drivers\AtihdLH6.sys
23:14:35.0169 7004 AtiHDAudioService - ok
23:14:35.0252 7004 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys
23:14:35.0266 7004 AtiHdmiService - ok
23:14:35.0365 7004 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
23:14:35.0388 7004 atksgt - ok
23:14:35.0465 7004 bcgame (5be512e49c43c8466ab7b4740d1927d7) C:\Windows\system32\drivers\bcgame.sys
23:14:35.0487 7004 bcgame - ok
23:14:35.0535 7004 blbdrive - ok
23:14:35.0821 7004 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:14:35.0823 7004 bowser - ok
23:14:36.0023 7004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:14:36.0024 7004 BrFiltLo - ok
23:14:36.0062 7004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:14:36.0063 7004 BrFiltUp - ok
23:14:36.0134 7004 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:14:36.0163 7004 Brserid - ok
23:14:36.0205 7004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:14:36.0228 7004 BrSerWdm - ok
23:14:36.0269 7004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:14:36.0292 7004 BrUsbMdm - ok
23:14:36.0312 7004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:14:36.0313 7004 BrUsbSer - ok
23:14:36.0371 7004 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:14:36.0378 7004 BTHMODEM - ok
23:14:36.0435 7004 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:14:36.0456 7004 cdfs - ok
23:14:36.0510 7004 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:14:36.0531 7004 cdrom - ok
23:14:36.0942 7004 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
23:14:36.0946 7004 circlass - ok
23:14:37.0031 7004 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:14:37.0065 7004 CLFS - ok
23:14:37.0154 7004 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:14:37.0175 7004 cmdide - ok
23:14:37.0220 7004 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
23:14:37.0222 7004 Compbatt - ok
23:14:37.0314 7004 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
23:14:37.0335 7004 copperhd - ok
23:14:37.0372 7004 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
23:14:37.0372 7004 crcdisk - ok
23:14:37.0450 7004 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
23:14:37.0494 7004 CSC - ok
23:14:37.0569 7004 CT20XUT (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS
23:14:37.0619 7004 CT20XUT - ok
23:14:38.0077 7004 CT20XUT.SYS (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS
23:14:38.0078 7004 CT20XUT.SYS - ok
23:14:38.0159 7004 ctac32k (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys
23:14:38.0183 7004 ctac32k - ok
23:14:38.0236 7004 ctaud2k (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys
23:14:38.0242 7004 ctaud2k - ok
23:14:38.0326 7004 CTEXFIFX (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS
23:14:38.0360 7004 CTEXFIFX - ok
23:14:38.0401 7004 CTEXFIFX.SYS (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS
23:14:38.0410 7004 CTEXFIFX.SYS - ok
23:14:38.0444 7004 CTHWIUT (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS
23:14:38.0447 7004 CTHWIUT - ok
23:14:38.0457 7004 CTHWIUT.SYS (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS
23:14:38.0458 7004 CTHWIUT.SYS - ok
23:14:38.0482 7004 ctprxy2k (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys
23:14:38.0503 7004 ctprxy2k - ok
23:14:38.0529 7004 ctsfm2k (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys
23:14:38.0551 7004 ctsfm2k - ok
23:14:38.0631 7004 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:14:38.0652 7004 DfsC - ok
23:14:38.0727 7004 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:14:38.0729 7004 disk - ok
23:14:39.0196 7004 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:14:39.0217 7004 drmkaud - ok
23:14:39.0309 7004 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:14:39.0320 7004 DXGKrnl - ok
23:14:39.0382 7004 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:14:39.0404 7004 E1G60 - ok
23:14:39.0479 7004 eamon (6a6bdaec4df4725d22731f2736880283) C:\Windows\system32\DRIVERS\eamon.sys
23:14:39.0500 7004 eamon - ok
23:14:39.0566 7004 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:14:39.0567 7004 Ecache - ok
23:14:39.0605 7004 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) C:\Windows\system32\DRIVERS\ehdrv.sys
23:14:39.0627 7004 ehdrv - ok
23:14:39.0696 7004 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
23:14:39.0700 7004 elxstor - ok
23:14:40.0136 7004 emupia (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys
23:14:40.0158 7004 emupia - ok
23:14:40.0243 7004 epfwwfpr (d1449f7c44beeba971324fea295747d3) C:\Windows\system32\DRIVERS\epfwwfpr.sys
23:14:40.0245 7004 epfwwfpr - ok
23:14:40.0314 7004 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:14:40.0335 7004 exfat - ok
23:14:40.0394 7004 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:14:40.0421 7004 fastfat - ok
23:14:40.0479 7004 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
23:14:40.0480 7004 fdc - ok
23:14:40.0558 7004 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:14:40.0579 7004 FileInfo - ok
23:14:40.0625 7004 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:14:40.0646 7004 Filetrace - ok
23:14:40.0673 7004 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
23:14:40.0693 7004 flpydisk - ok
23:14:40.0724 7004 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:14:40.0770 7004 FltMgr - ok
23:14:41.0238 7004 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
23:14:41.0240 7004 fssfltr - ok
23:14:41.0328 7004 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
23:14:41.0349 7004 Fs_Rec - ok
23:14:41.0396 7004 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
23:14:41.0398 7004 fvevol - ok
23:14:41.0443 7004 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
23:14:41.0485 7004 gagp30kx - ok
23:14:41.0619 7004 ha20x2k (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys
23:14:41.0670 7004 ha20x2k - ok
23:14:41.0760 7004 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
23:14:41.0763 7004 HdAudAddService - ok
23:14:42.0191 7004 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:14:42.0199 7004 HDAudBus - ok
23:14:42.0269 7004 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:14:42.0290 7004 HidBth - ok
23:14:42.0333 7004 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:14:42.0353 7004 HidIr - ok
23:14:42.0414 7004 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:14:42.0415 7004 HidUsb - ok
23:14:42.0476 7004 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
23:14:42.0497 7004 HpCISSs - ok
23:14:42.0589 7004 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:14:42.0634 7004 HTTP - ok
23:14:42.0749 7004 HWiNFO32 (417ad08fbc87b350adc12bd2361932ce) C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS
23:14:42.0770 7004 HWiNFO32 - ok
23:14:42.0840 7004 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
23:14:42.0927 7004 i2omp - ok
23:14:43.0305 7004 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:14:43.0326 7004 i8042prt - ok
23:14:43.0381 7004 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
23:14:43.0423 7004 iaStorV - ok
23:14:43.0480 7004 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:14:43.0482 7004 iirsp - ok
23:14:43.0557 7004 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
23:14:43.0578 7004 intelide - ok
23:14:43.0651 7004 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:14:43.0673 7004 intelppm - ok
23:14:43.0733 7004 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:14:43.0755 7004 IpFilterDriver - ok
23:14:43.0804 7004 IpInIp - ok
23:14:43.0847 7004 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
23:14:43.0888 7004 IPMIDRV - ok
23:14:44.0265 7004 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:14:44.0306 7004 IPNAT - ok
23:14:44.0398 7004 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:14:44.0419 7004 IRENUM - ok
23:14:44.0464 7004 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
23:14:44.0485 7004 isapnp - ok
23:14:44.0519 7004 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:14:44.0522 7004 iScsiPrt - ok
23:14:44.0544 7004 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:14:44.0546 7004 iteatapi - ok
23:14:44.0584 7004 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:14:44.0587 7004 iteraid - ok
23:14:44.0666 7004 JRAID (c2f9be83db87b30da2b52eeb1daee1ce) C:\Windows\system32\DRIVERS\jraid.sys
23:14:44.0688 7004 JRAID - ok
23:14:44.0733 7004 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:14:44.0754 7004 kbdclass - ok
23:14:44.0793 7004 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:14:44.0818 7004 kbdhid - ok
23:14:44.0886 7004 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
23:14:44.0913 7004 KSecDD - ok
23:14:45.0314 7004 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:14:45.0316 7004 ksthunk - ok
23:14:45.0414 7004 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
23:14:45.0454 7004 lirsgt - ok
23:14:45.0528 7004 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:14:45.0549 7004 lltdio - ok
23:14:45.0623 7004 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
23:14:45.0644 7004 LSI_FC - ok
23:14:45.0706 7004 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
23:14:45.0727 7004 LSI_SAS - ok
23:14:45.0785 7004 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
23:14:45.0806 7004 LSI_SCSI - ok
23:14:45.0888 7004 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:14:45.0889 7004 luafv - ok
23:14:45.0964 7004 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
23:14:45.0972 7004 Lycosa - ok
23:14:46.0362 7004 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
23:14:46.0383 7004 megasas - ok
23:14:46.0463 7004 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\3703.tmp
23:14:46.0463 7004 MEMSWEEP2 - ok
23:14:46.0536 7004 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:14:46.0557 7004 Modem - ok
23:14:46.0638 7004 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:14:46.0640 7004 monitor - ok
23:14:46.0712 7004 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
23:14:46.0714 7004 motandroidusb - ok
23:14:46.0789 7004 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
23:14:46.0811 7004 motccgp - ok
23:14:46.0884 7004 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
23:14:46.0907 7004 motccgpfl - ok
23:14:46.0944 7004 motmodem - ok
23:14:47.0032 7004 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
23:14:47.0033 7004 MotoSwitchService - ok
23:14:47.0386 7004 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:14:47.0426 7004 mouclass - ok
23:14:47.0488 7004 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:14:47.0509 7004 mouhid - ok
23:14:47.0575 7004 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:14:47.0649 7004 MountMgr - ok
23:14:47.0705 7004 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
23:14:47.0780 7004 mpio - ok
23:14:47.0877 7004 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:14:47.0917 7004 mpsdrv - ok
23:14:47.0972 7004 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:14:47.0974 7004 Mraid35x - ok
23:14:48.0061 7004 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:14:48.0082 7004 MRxDAV - ok
23:14:48.0467 7004 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:14:48.0469 7004 mrxsmb - ok
23:14:48.0555 7004 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:14:48.0577 7004 mrxsmb10 - ok
23:14:48.0601 7004 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:14:48.0603 7004 mrxsmb20 - ok
23:14:48.0648 7004 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
23:14:48.0669 7004 msahci - ok
23:14:48.0722 7004 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
23:14:48.0764 7004 msdsm - ok
23:14:48.0850 7004 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:14:48.0894 7004 Msfs - ok
23:14:48.0971 7004 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:14:48.0972 7004 msisadrv - ok
23:14:49.0029 7004 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:14:49.0050 7004 MSKSSRV - ok
23:14:49.0188 7004 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:14:49.0209 7004 MSPCLOCK - ok
23:14:49.0500 7004 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:14:49.0502 7004 MSPQM - ok
23:14:49.0550 7004 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:14:49.0553 7004 MsRPC - ok
23:14:49.0627 7004 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:14:49.0648 7004 mssmbios - ok
23:14:49.0716 7004 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:14:49.0737 7004 MSTEE - ok
23:14:49.0779 7004 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:14:49.0801 7004 Mup - ok
23:14:49.0870 7004 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:14:49.0895 7004 NativeWifiP - ok
23:14:49.0971 7004 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:14:49.0977 7004 NDIS - ok
23:14:50.0036 7004 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:14:50.0037 7004 NdisTapi - ok
23:14:50.0092 7004 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:14:50.0113 7004 Ndisuio - ok
23:14:50.0430 7004 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:14:50.0452 7004 NdisWan - ok
23:14:50.0536 7004 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:14:50.0557 7004 NDProxy - ok
23:14:50.0631 7004 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:14:50.0632 7004 NetBIOS - ok
23:14:50.0688 7004 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:14:50.0691 7004 netbt - ok
23:14:50.0774 7004 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:14:50.0817 7004 nfrd960 - ok
23:14:50.0870 7004 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:14:50.0893 7004 Npfs - ok
23:14:50.0969 7004 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:14:50.0970 7004 nsiproxy - ok
23:14:51.0056 7004 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:14:51.0076 7004 Ntfs - ok
23:14:51.0120 7004 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:14:51.0140 7004 Null - ok
23:14:51.0587 7004 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
23:14:51.0609 7004 nvraid - ok
23:14:51.0676 7004 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
23:14:51.0717 7004 nvstor - ok
23:14:51.0762 7004 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
23:14:51.0765 7004 nv_agp - ok
23:14:51.0792 7004 NwlnkFlt - ok
23:14:51.0803 7004 NwlnkFwd - ok
23:14:51.0880 7004 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:14:51.0902 7004 ohci1394 - ok
23:14:51.0972 7004 ossrv (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys
23:14:51.0994 7004 ossrv - ok
23:14:52.0054 7004 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:14:52.0077 7004 Parport - ok
23:14:52.0131 7004 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:14:52.0153 7004 partmgr - ok
23:14:52.0667 7004 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:14:52.0689 7004 pci - ok
23:14:52.0741 7004 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
23:14:52.0761 7004 pciide - ok
23:14:52.0817 7004 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:14:52.0859 7004 pcmcia - ok
23:14:52.0913 7004 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:14:52.0920 7004 PEAUTH - ok
23:14:53.0010 7004 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:14:53.0032 7004 PptpMiniport - ok
23:14:53.0078 7004 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
23:14:53.0099 7004 Processor - ok
23:14:53.0146 7004 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:14:53.0168 7004 PSched - ok
23:14:53.0613 7004 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
23:14:53.0646 7004 ql2300 - ok
23:14:53.0726 7004 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:14:53.0747 7004 ql40xx - ok
23:14:53.0826 7004 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:14:53.0847 7004 QWAVEdrv - ok
23:14:53.0925 7004 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:14:53.0948 7004 RasAcd - ok
23:14:54.0020 7004 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:14:54.0022 7004 Rasl2tp - ok
23:14:54.0083 7004 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:14:54.0104 7004 RasPppoe - ok
23:14:54.0171 7004 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:14:54.0211 7004 RasSstp - ok
23:14:54.0650 7004 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:14:54.0672 7004 rdbss - ok
23:14:54.0754 7004 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:14:54.0775 7004 RDPCDD - ok
23:14:54.0836 7004 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
23:14:54.0858 7004 rdpdr - ok
23:14:54.0908 7004 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:14:54.0929 7004 RDPENCDD - ok
23:14:54.0988 7004 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
23:14:55.0011 7004 RDPWD - ok
23:14:55.0101 7004 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:14:55.0141 7004 rspndr - ok
23:14:55.0203 7004 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:14:55.0206 7004 RTL8169 - ok
23:14:55.0269 7004 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:14:55.0310 7004 sbp2port - ok
23:14:55.0662 7004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:14:55.0684 7004 secdrv - ok
23:14:55.0754 7004 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
23:14:55.0775 7004 Serenum - ok
23:14:55.0844 7004 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
23:14:55.0865 7004 Serial - ok
23:14:55.0933 7004 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:14:55.0976 7004 sermouse - ok
23:14:56.0042 7004 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
23:14:56.0043 7004 sffdisk - ok
23:14:56.0082 7004 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
23:14:56.0083 7004 sffp_mmc - ok
23:14:56.0122 7004 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
23:14:56.0124 7004 sffp_sd - ok
23:14:56.0171 7004 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:14:56.0192 7004 sfloppy - ok
23:14:56.0223 7004 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
23:14:56.0244 7004 SiSRaid2 - ok
23:14:56.0273 7004 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
23:14:56.0315 7004 SiSRaid4 - ok
23:14:56.0577 7004 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:14:56.0618 7004 Smb - ok
23:14:56.0682 7004 speedfan - ok
23:14:56.0776 7004 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:14:56.0799 7004 spldr - ok
23:14:56.0887 7004 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
23:14:56.0914 7004 sptd - ok
23:14:56.0998 7004 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:14:57.0041 7004 srv - ok
23:14:57.0102 7004 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:14:57.0144 7004 srv2 - ok
23:14:57.0181 7004 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:14:57.0202 7004 srvnet - ok
23:14:57.0267 7004 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:14:57.0268 7004 swenum - ok
23:14:57.0313 7004 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:14:57.0334 7004 Symc8xx - ok
23:14:57.0381 7004 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:14:57.0403 7004 Sym_hi - ok
23:14:57.0806 7004 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:14:57.0846 7004 Sym_u3 - ok
23:14:57.0931 7004 tandpl - ok
23:14:58.0055 7004 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
23:14:58.0065 7004 Tcpip - ok
23:14:58.0115 7004 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
23:14:58.0124 7004 Tcpip6 - ok
23:14:58.0200 7004 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:14:58.0200 7004 tcpipreg - ok
23:14:58.0267 7004 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:14:58.0267 7004 TDPIPE - ok
23:14:58.0309 7004 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:14:58.0329 7004 TDTCP - ok
23:14:58.0401 7004 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:14:58.0423 7004 tdx - ok
23:14:58.0802 7004 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:14:58.0825 7004 TermDD - ok
23:14:58.0919 7004 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:14:58.0920 7004 tssecsrv - ok
23:14:59.0005 7004 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:14:59.0027 7004 tunmp - ok
23:14:59.0110 7004 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:14:59.0111 7004 tunnel - ok
23:14:59.0168 7004 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
23:14:59.0190 7004 uagp35 - ok
23:14:59.0259 7004 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:14:59.0282 7004 udfs - ok
23:14:59.0360 7004 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
23:14:59.0361 7004 uisp - ok
23:14:59.0404 7004 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
23:14:59.0426 7004 uliagpkx - ok
23:14:59.0678 7004 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
23:14:59.0700 7004 uliahci - ok
23:14:59.0963 7004 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:14:59.0964 7004 UlSata - ok
23:15:00.0018 7004 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:15:00.0042 7004 ulsata2 - ok
23:15:00.0161 7004 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
23:15:00.0181 7004 UltraMonUtility - ok
23:15:00.0264 7004 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:15:00.0265 7004 umbus - ok
23:15:00.0389 7004 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
23:15:00.0410 7004 UnlockerDriver5 - ok
23:15:00.0479 7004 usbbus (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
23:15:00.0480 7004 usbbus - ok
23:15:00.0912 7004 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:15:00.0914 7004 usbccgp - ok
23:15:00.0980 7004 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:15:00.0981 7004 usbcir - ok
23:15:01.0043 7004 UsbDiag (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
23:15:01.0045 7004 UsbDiag - ok
23:15:01.0125 7004 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:15:01.0125 7004 usbehci - ok
23:15:01.0188 7004 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:15:01.0190 7004 usbhub - ok
23:15:01.0239 7004 USBModem (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
23:15:01.0240 7004 USBModem - ok
23:15:01.0299 7004 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:15:01.0340 7004 usbohci - ok
23:15:01.0362 7004 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
23:15:01.0402 7004 usbprint - ok
23:15:01.0426 7004 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:15:01.0427 7004 USBSTOR - ok
23:15:01.0473 7004 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:15:01.0473 7004 usbuhci - ok
23:15:01.0521 7004 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:15:01.0522 7004 vga - ok
23:15:01.0668 7004 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:15:01.0709 7004 VgaSave - ok
23:15:01.0974 7004 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:15:01.0995 7004 viaide - ok
23:15:02.0046 7004 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:15:02.0089 7004 volmgr - ok
23:15:02.0128 7004 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:15:02.0152 7004 volmgrx - ok
23:15:02.0182 7004 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:15:02.0184 7004 volsnap - ok
23:15:02.0227 7004 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
23:15:02.0249 7004 vsmraid - ok
23:15:02.0338 7004 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
23:15:02.0338 7004 wacmoumonitor - ok
23:15:02.0399 7004 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:15:02.0420 7004 wacommousefilter - ok
23:15:02.0461 7004 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:15:02.0463 7004 WacomPen - ok
23:15:02.0494 7004 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:15:02.0514 7004 wacomvhid - ok
23:15:02.0686 7004 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:15:02.0728 7004 Wanarp - ok
23:15:02.0854 7004 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:15:02.0855 7004 Wanarpv6 - ok
23:15:02.0970 7004 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
23:15:02.0970 7004 Wd - ok
23:15:03.0047 7004 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:15:03.0048 7004 WDC_SAM - ok
23:15:03.0130 7004 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:15:03.0137 7004 Wdf01000 - ok
23:15:03.0245 7004 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:15:03.0246 7004 WmiAcpi - ok
23:15:03.0338 7004 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:15:03.0339 7004 WpdUsb - ok
23:15:03.0394 7004 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:15:03.0415 7004 ws2ifsl - ok
23:15:03.0484 7004 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:15:03.0505 7004 WUDFRd - ok
23:15:03.0543 7004 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:15:03.0548 7004 \Device\Harddisk0\DR0 - ok
23:15:03.0570 7004 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
23:15:03.0575 7004 \Device\Harddisk1\DR1 - ok
23:15:03.0605 7004 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
23:15:03.0728 7004 \Device\Harddisk2\DR2 - ok
23:15:04.0277 7004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
23:15:04.0281 7004 \Device\Harddisk3\DR3 - ok
23:15:04.0293 7004 Boot (0x1200) (ed43324ca6ef5c606c12d2cd34a4cac2) \Device\Harddisk0\DR0\Partition0
23:15:04.0294 7004 \Device\Harddisk0\DR0\Partition0 - ok
23:15:04.0297 7004 Boot (0x1200) (65526db0e7203cf758059e47799019ce) \Device\Harddisk1\DR1\Partition0
23:15:04.0298 7004 \Device\Harddisk1\DR1\Partition0 - ok
23:15:04.0323 7004 Boot (0x1200) (f1a4de008c126a851f9527f374344d26) \Device\Harddisk2\DR2\Partition0
23:15:04.0323 7004 \Device\Harddisk2\DR2\Partition0 - ok
23:15:04.0326 7004 Boot (0x1200) (7ffc0491ab3ebe6d3eb403822463d67d) \Device\Harddisk3\DR3\Partition0
23:15:04.0327 7004 \Device\Harddisk3\DR3\Partition0 - ok
23:15:04.0329 7004 ============================================================
23:15:04.0329 7004 Scan finished
23:15:04.0329 7004 ============================================================
23:15:04.0340 6916 Detected object count: 0
23:15:04.0341 6916 Actual detected object count: 0

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 26 October 2011 - 06:53 AM

Download the files and when all downloaded execute them in the order listed.

===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
===

Download this file to your desktop
Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

This may take sometime, please let if finish.
=====

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

Let me know what problem persists.

#7 00Scud00

00Scud00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 27 October 2011 - 08:47 PM

Not much to report, RKill found nothing to kill, I did a full scan with mbam and it came up clean, also Unhide seems to have processed all my drives but there was an error message up saying "Windows Script Host: can't find script engine "vbscript" for script "c:\users\mike\appdata\local\temp\info.vbs". "
All other problems are still there, also I noticed that I cannot copy files to external devices like flash drives, or music players, it tells me that the drive is write protected and I can't right-click to bring up the properties to disable write protection.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 28 October 2011 - 08:56 AM

there was an error message up saying "Windows Script Host: can't find script engine "vbscript" for script


This happens if the scripting runtime filevbscript.dll is not registered correctly in the system.
Try the method 1 and check if you are able to install windows cleanup utility.

Method 1:
a. Click on start button, type cmd. In the search result right-click on cmd and selectRun as administrator.
b. Type cd %windir%\system 32 (Note: there is a space between system and 32) and press enter.
c. Type regsvr32 vbscript.dll in command prompt and press enter.
d. Type regsvr32 jscript.dll in command prompt and press enter.

If the registration was successful, you should now see the following message:
DllRegisterServer in vbscript.dll succeeded.
e. Now right-click on windows cleanup utility setup file and select Run as administrator.


Method 2: Perform sfc scan on your computer.
Refer: http://support.microsoft.com/kb/929833

I suggest you do both.
If at any time you have difficulties please ask before proceeding.
===

I do not see from your log the Operating system installed on this computer.
What do you have XP, vista etc...

===

p.s. Can you Run the Malwarebyte tool and submit a log?

#9 00Scud00

00Scud00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 30 October 2011 - 03:15 AM

Okay here's what I got, I'm not sure I understood what you meant by %windir%\system 32 but I went with "C:\windows\system32" as I have no system 32 directory where the "32" is separate from "system". I ran "regsvr32 vbscript.dll" and got the proper response "DllRegisterServer in vbscript.dll succeeded.", "regsvr32 jscript.dll" however got me an error message saying "Module "jscript.dll" was loaded but the call to DLLRegisterServer failed with error code 0x8004005". I tried this in both the system32 directory and the sysWOW64 directory and got the same results.
I also used the SFC scanner and it said it repaired a few things, and dumped a massive log if you're interested.
I'm pretty sure I've stated this before but I cannot right-click to do things inside of Windows as right-clicking does not produce the dropdown menu it usually does, it just does nothing, so I cannot right-click to "run as admin" anything, also I'm running Vista Ultimate 64.
If by Malwarebyte tool you mean another scan, I can do that but it will most likely come up clean, or do you mean the "File Assassin" tool?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:08 AM

Posted 30 October 2011 - 09:29 AM

error message saying "Module "jscript.dll" was loaded but the call to DLLRegisterServer failed with error code 0x8004005".

You probably need to run this as an administrator. However your Right Click context menu handlers is damaged.

I cannot right-click to do things inside of Windows as right-clicking does not produce the dropdown menu it usually does, it just does nothing, so I cannot right-click to "run
as admin" anything, also I'm running Vista Ultimate 64.


Have a look at this article.
http://windowsxp.mvps.org/slowrightclick.htm

Read the article. Try the Method 2 for now.

If at any time you need to check something bebore proceeding please ask.

p.s. here a success story.
http://www.vistaheads.com/forums/microsoft-public-windows-vista-file-management/43651-cant-right-click-desktop.html

Keep me posted.

#11 00Scud00

00Scud00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 02 November 2011 - 03:06 AM

Between school and work I just don't have time to mess around anymore, so I'm nuking it from orbit and starting over with a fresh copy of Windows 7, kinda been looking for an excuse to do that anyhow. I can still copy files from one drive to another so I can still rescue most of the important stuff before the apocalypse.

Thanks for all your help,
Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users