Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with SVCHost.exe after malware removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 ballerscuba

ballerscuba

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 28 November 2011 - 08:10 PM

My coworker asked me to check out his computer because it was incredibly slow and he could no longer work on it. I ran Malwarebyte's Anti-Malware, Ad-Aware, and Spybot Search and Destroy on his computer and they found something called Television Fanatic and deleted the entire folder. However, after its removal, I noticed that one svchost.exe was consuming over 90% of the CPU (200,000 - 300,000 K Mem Usage) starting a couple minutes after the system starts, making the system too slow to use normally. I have to repeatedly end that process every 5-10 minutes in order to be able to do anything on the system, so I don't think the malware has been fully removed. Any help you could give me would be greatly appreciated.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by lab at 17:03:12 on 2011-11-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.271 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C98D5B61-B0EA-4D48-9839-1079D352D880} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {5896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://75.61.189.17/WebClient.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222212970557
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AEACBBA6-0FCC-11D4-88A8-00105A6A36A3} - hxxp://www.lensorders.com/ROEX.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.2 192.168.2.1
TCP: Interfaces\{2D928235-EB81-49C5-9513-134DECD84A68} : DhcpNameServer = 192.168.2.2 192.168.2.1
TCP: Interfaces\{A3E64A94-0868-4687-B5EF-4C3D6F80179B} : DhcpNameServer = 192.168.1.10
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-12 64512]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-28 490840]
S0 tjytfr;tjytfr;c:\windows\system32\drivers\lrsxppmj.sys --> c:\windows\system32\drivers\lrsxppmj.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\ngrpci.sys --> c:\windows\system32\drivers\ngrpci.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2003-12-13 50432]
.
=============== Created Last 30 ================
.
2011-11-29 00:08:25 388096 ----a-r- c:\documents and settings\lab.eyecarecenter\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-28 21:49:04 -------- d-----w- c:\windows\system32\CatRoot2
2011-11-28 21:39:03 -------- d-----w- c:\documents and settings\lab.eyecarecenter\application data\IObit
2011-11-28 21:15:05 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-28 20:36:18 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-11-28 20:35:24 -------- d-----w- c:\program files\IObit
2011-11-24 01:40:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-23 22:11:27 -------- d-----w- c:\program files\Lavasoft
2011-11-17 02:50:29 -------- d-----w- c:\program files\OpenOffice.org 3
2011-11-17 02:50:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-17 02:49:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2011-11-23 22:38:25 26112 ----a-w- c:\windows\system32\userinit.exe
2011-11-14 18:34:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 20:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 01:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-03-11 20:27:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81EBC49F]<<
c:\docume~1\admini~1.eye\locals~1\temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x81ec3728]; MOV EAX, [0x81ec389c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8238FAB8]
3 CLASSPNP[0xF8585FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000005c[0x82361180]
5 ACPI[0xF84EC620] -> nt!IofCallDriver[0x804E13B9] -> [0x82368940]
\Driver\atapi[0x8205D150] -> IRP_MJ_CREATE -> 0x81EBC49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x81EBC2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:05:28.26 ===============

Attached Files


Edited by hamluis, 28 November 2011 - 09:57 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:07 PM

Posted 29 November 2011 - 01:39 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:


OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here as an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 ballerscuba

ballerscuba
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 30 November 2011 - 03:38 PM

Since the reboot of the machine after the TDSS scan, it seems to be fixed. The svchost.exe problem hasn't come up again.

TDSS Log:

12:28:59.0140 4028 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:28:59.0546 4028 ============================================================
12:28:59.0546 4028 Current date / time: 2011/11/30 12:28:59.0546
12:28:59.0546 4028 SystemInfo:
12:28:59.0546 4028
12:28:59.0546 4028 OS Version: 5.1.2600 ServicePack: 3.0
12:28:59.0546 4028 Product type: Workstation
12:28:59.0546 4028 ComputerName: LAB
12:28:59.0546 4028 UserName: lab
12:28:59.0546 4028 Windows directory: C:\WINDOWS
12:28:59.0546 4028 System windows directory: C:\WINDOWS
12:28:59.0546 4028 Processor architecture: Intel x86
12:28:59.0546 4028 Number of processors: 2
12:28:59.0546 4028 Page size: 0x1000
12:28:59.0546 4028 Boot type: Normal boot
12:28:59.0546 4028 ============================================================
12:29:03.0437 4028 Initialize success
12:29:37.0531 3992 ============================================================
12:29:37.0531 3992 Scan started
12:29:37.0531 3992 Mode: Manual; SigCheck; TDLFS;
12:29:37.0531 3992 ============================================================
12:29:38.0562 3992 Abiosdsk - ok
12:29:38.0609 3992 abp480n5 - ok
12:29:38.0718 3992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:29:48.0078 3992 ACPI - ok
12:29:48.0187 3992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:29:48.0390 3992 ACPIEC - ok
12:29:48.0437 3992 adpu160m - ok
12:29:48.0515 3992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:29:48.0718 3992 aec - ok
12:29:48.0796 3992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:29:48.0859 3992 AFD - ok
12:29:48.0937 3992 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:29:49.0093 3992 agp440 - ok
12:29:49.0140 3992 Aha154x - ok
12:29:49.0187 3992 aic78u2 - ok
12:29:49.0265 3992 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:29:49.0421 3992 aic78xx - ok
12:29:49.0593 3992 ALCXSENS (1db5287e953772a6565f15689fcd575b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
12:29:49.0734 3992 ALCXSENS ( UnsignedFile.Multi.Generic ) - warning
12:29:49.0734 3992 ALCXSENS - detected UnsignedFile.Multi.Generic (1)
12:29:49.0953 3992 ALCXWDM (2a9ec6e9b7fa82820070bf0ab7e0e84b) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:29:50.0218 3992 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
12:29:50.0218 3992 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
12:29:50.0390 3992 AliIde - ok
12:29:50.0484 3992 amsint - ok
12:29:50.0578 3992 asc - ok
12:29:50.0671 3992 asc3350p - ok
12:29:50.0765 3992 asc3550 - ok
12:29:50.0921 3992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:29:51.0109 3992 AsyncMac - ok
12:29:51.0343 3992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:29:51.0546 3992 atapi - ok
12:29:51.0687 3992 Atdisk - ok
12:29:51.0828 3992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:29:52.0031 3992 Atmarpc - ok
12:29:52.0218 3992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:29:52.0390 3992 audstub - ok
12:29:52.0515 3992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:29:52.0687 3992 Beep - ok
12:29:52.0875 3992 catchme - ok
12:29:53.0109 3992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:29:53.0296 3992 cbidf2k - ok
12:29:53.0437 3992 cd20xrnt - ok
12:29:53.0562 3992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:29:53.0734 3992 Cdaudio - ok
12:29:53.0937 3992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:29:54.0109 3992 Cdfs - ok
12:29:54.0234 3992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:29:54.0421 3992 Cdrom - ok
12:29:54.0546 3992 Changer - ok
12:29:54.0671 3992 CmdIde - ok
12:29:54.0750 3992 Cpqarray - ok
12:29:54.0859 3992 dac2w2k - ok
12:29:54.0984 3992 dac960nt - ok
12:29:55.0093 3992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:29:55.0281 3992 Disk - ok
12:29:55.0453 3992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:29:55.0812 3992 dmboot - ok
12:29:55.0921 3992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:29:56.0203 3992 dmio - ok
12:29:56.0281 3992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:29:56.0437 3992 dmload - ok
12:29:56.0500 3992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:29:56.0703 3992 DMusic - ok
12:29:56.0781 3992 dpti2o - ok
12:29:56.0906 3992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:29:57.0078 3992 drmkaud - ok
12:29:57.0156 3992 EL90XBC - ok
12:29:57.0250 3992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:29:57.0421 3992 Fastfat - ok
12:29:57.0531 3992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:29:57.0703 3992 Fdc - ok
12:29:57.0796 3992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:29:57.0953 3992 Fips - ok
12:29:58.0046 3992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:29:58.0234 3992 Flpydisk - ok
12:29:58.0312 3992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:29:58.0546 3992 FltMgr - ok
12:29:58.0656 3992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:29:58.0843 3992 Fs_Rec - ok
12:29:58.0937 3992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:29:59.0171 3992 Ftdisk - ok
12:29:59.0250 3992 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:29:59.0421 3992 gameenum - ok
12:29:59.0531 3992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:29:59.0718 3992 Gpc - ok
12:29:59.0859 3992 GVCplDrv (3646c049e725020dfa13794193489fb2) C:\WINDOWS\system32\drivers\GVCplDrv.sys
12:29:59.0890 3992 GVCplDrv ( UnsignedFile.Multi.Generic ) - warning
12:29:59.0890 3992 GVCplDrv - detected UnsignedFile.Multi.Generic (1)
12:30:00.0031 3992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:00.0218 3992 HidUsb - ok
12:30:00.0296 3992 hpn - ok
12:30:00.0359 3992 hpt3xx - ok
12:30:00.0500 3992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:00.0593 3992 HTTP - ok
12:30:00.0656 3992 i2omgmt - ok
12:30:00.0734 3992 i2omp - ok
12:30:00.0843 3992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:01.0046 3992 i8042prt - ok
12:30:01.0125 3992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:01.0296 3992 Imapi - ok
12:30:01.0359 3992 ini910u - ok
12:30:01.0562 3992 IntelC51 (874db5e07fe2a7f1b22f7c760736f6f4) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
12:30:01.0828 3992 IntelC51 - ok
12:30:02.0015 3992 IntelC52 (4c0f190119ebc5ce728c9d060d8ae3e7) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
12:30:02.0140 3992 IntelC52 - ok
12:30:02.0296 3992 IntelC53 (85b36bc9e8fa579c64de88ffececce6c) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
12:30:02.0328 3992 IntelC53 - ok
12:30:02.0406 3992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:30:02.0562 3992 IntelIde - ok
12:30:02.0671 3992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:30:02.0890 3992 intelppm - ok
12:30:03.0015 3992 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:03.0203 3992 ip6fw - ok
12:30:03.0312 3992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:03.0500 3992 IpFilterDriver - ok
12:30:03.0562 3992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:03.0703 3992 IpInIp - ok
12:30:03.0781 3992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:03.0953 3992 IpNat - ok
12:30:04.0031 3992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:04.0203 3992 IPSec - ok
12:30:04.0265 3992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:04.0343 3992 IRENUM - ok
12:30:04.0421 3992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:04.0578 3992 isapnp - ok
12:30:04.0671 3992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:04.0812 3992 Kbdclass - ok
12:30:04.0890 3992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:30:05.0062 3992 kmixer - ok
12:30:05.0125 3992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:05.0234 3992 KSecDD - ok
12:30:05.0312 3992 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
12:30:05.0406 3992 Lavasoft Kernexplorer - ok
12:30:05.0500 3992 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:30:05.0531 3992 Lbd - ok
12:30:05.0593 3992 lbrtfdc - ok
12:30:05.0671 3992 MBAMSwissArmy - ok
12:30:05.0765 3992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:05.0906 3992 mnmdd - ok
12:30:06.0015 3992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:30:06.0171 3992 Modem - ok
12:30:06.0250 3992 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:30:06.0375 3992 MODEMCSA - ok
12:30:06.0468 3992 mohfilt (f2cc6273e7de087dc0fd701f753461ca) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
12:30:06.0484 3992 mohfilt - ok
12:30:06.0562 3992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:06.0718 3992 Mouclass - ok
12:30:06.0812 3992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:30:06.0953 3992 mouhid - ok
12:30:07.0000 3992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:07.0140 3992 MountMgr - ok
12:30:07.0203 3992 mraid35x - ok
12:30:07.0281 3992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:07.0437 3992 MRxDAV - ok
12:30:07.0546 3992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:07.0671 3992 MRxSmb - ok
12:30:07.0734 3992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:30:07.0890 3992 Msfs - ok
12:30:07.0953 3992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:08.0109 3992 MSKSSRV - ok
12:30:08.0171 3992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:08.0312 3992 MSPCLOCK - ok
12:30:08.0375 3992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:08.0515 3992 MSPQM - ok
12:30:08.0578 3992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:08.0718 3992 mssmbios - ok
12:30:08.0796 3992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:30:08.0843 3992 Mup - ok
12:30:08.0921 3992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:30:09.0078 3992 NDIS - ok
12:30:09.0156 3992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:09.0218 3992 NdisTapi - ok
12:30:09.0281 3992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:09.0437 3992 Ndisuio - ok
12:30:09.0484 3992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:09.0656 3992 NdisWan - ok
12:30:09.0718 3992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:09.0781 3992 NDProxy - ok
12:30:09.0843 3992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:10.0000 3992 NetBIOS - ok
12:30:10.0093 3992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:10.0312 3992 NetBT - ok
12:30:10.0453 3992 ngrpci - ok
12:30:10.0593 3992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:30:10.0796 3992 Npfs - ok
12:30:11.0031 3992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:11.0312 3992 Ntfs - ok
12:30:11.0406 3992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:30:11.0593 3992 Null - ok
12:30:11.0984 3992 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:30:12.0687 3992 nv - ok
12:30:12.0781 3992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:12.0953 3992 NwlnkFlt - ok
12:30:13.0015 3992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:13.0156 3992 NwlnkFwd - ok
12:30:13.0250 3992 P2k (137e20f75102ed639b11417c9f779ee6) C:\WINDOWS\system32\DRIVERS\P2k.sys
12:30:13.0265 3992 P2k ( UnsignedFile.Multi.Generic ) - warning
12:30:13.0265 3992 P2k - detected UnsignedFile.Multi.Generic (1)
12:30:13.0406 3992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:30:13.0609 3992 Parport - ok
12:30:13.0687 3992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:13.0828 3992 PartMgr - ok
12:30:13.0890 3992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:14.0046 3992 ParVdm - ok
12:30:14.0093 3992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:14.0265 3992 PCI - ok
12:30:14.0312 3992 PCIDump - ok
12:30:14.0375 3992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:14.0515 3992 PCIIde - ok
12:30:14.0593 3992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:14.0734 3992 Pcmcia - ok
12:30:14.0781 3992 PDCOMP - ok
12:30:14.0828 3992 PDFRAME - ok
12:30:14.0890 3992 PDRELI - ok
12:30:14.0937 3992 PDRFRAME - ok
12:30:14.0984 3992 perc2 - ok
12:30:15.0046 3992 perc2hib - ok
12:30:15.0156 3992 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
12:30:15.0156 3992 pfc ( UnsignedFile.Multi.Generic ) - warning
12:30:15.0156 3992 pfc - detected UnsignedFile.Multi.Generic (1)
12:30:15.0234 3992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:15.0390 3992 PptpMiniport - ok
12:30:15.0453 3992 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:30:15.0593 3992 Processor - ok
12:30:15.0656 3992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:15.0796 3992 PSched - ok
12:30:15.0859 3992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:16.0015 3992 Ptilink - ok
12:30:16.0078 3992 ql1080 - ok
12:30:16.0125 3992 Ql10wnt - ok
12:30:16.0187 3992 ql12160 - ok
12:30:16.0234 3992 ql1240 - ok
12:30:16.0281 3992 ql1280 - ok
12:30:16.0359 3992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:16.0500 3992 RasAcd - ok
12:30:16.0578 3992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:16.0734 3992 Rasl2tp - ok
12:30:16.0796 3992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:16.0937 3992 RasPppoe - ok
12:30:16.0984 3992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:17.0125 3992 Raspti - ok
12:30:17.0203 3992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:17.0359 3992 Rdbss - ok
12:30:17.0421 3992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:17.0562 3992 RDPCDD - ok
12:30:17.0640 3992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:17.0781 3992 rdpdr - ok
12:30:17.0906 3992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:18.0296 3992 RDPWD - ok
12:30:18.0437 3992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:18.0625 3992 redbook - ok
12:30:18.0781 3992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:18.0890 3992 Secdrv - ok
12:30:19.0000 3992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:30:19.0187 3992 serenum - ok
12:30:19.0484 3992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:30:19.0671 3992 Serial - ok
12:30:19.0796 3992 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
12:30:19.0968 3992 sermouse - ok
12:30:20.0062 3992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:30:20.0203 3992 Sfloppy - ok
12:30:20.0265 3992 Simbad - ok
12:30:20.0359 3992 SiSV (3a4db551bcbfb9779b67e1982a1a8400) C:\WINDOWS\system32\DRIVERS\SiSV.sys
12:30:20.0500 3992 SiSV - ok
12:30:20.0562 3992 Sparrow - ok
12:30:20.0640 3992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:30:20.0765 3992 splitter - ok
12:30:20.0843 3992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:20.0921 3992 sr - ok
12:30:21.0015 3992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:21.0125 3992 Srv - ok
12:30:21.0234 3992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:21.0359 3992 swenum - ok
12:30:21.0421 3992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:30:21.0562 3992 swmidi - ok
12:30:21.0609 3992 symc810 - ok
12:30:21.0671 3992 symc8xx - ok
12:30:21.0718 3992 sym_hi - ok
12:30:21.0781 3992 sym_u3 - ok
12:30:21.0843 3992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:21.0968 3992 sysaudio - ok
12:30:22.0093 3992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:22.0234 3992 Tcpip - ok
12:30:22.0296 3992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:22.0437 3992 TDPIPE - ok
12:30:22.0515 3992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:22.0656 3992 TDTCP - ok
12:30:22.0718 3992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:22.0859 3992 TermDD - ok
12:30:22.0921 3992 tjytfr - ok
12:30:22.0984 3992 TosIde - ok
12:30:23.0062 3992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:30:23.0203 3992 Udfs - ok
12:30:23.0250 3992 ultra - ok
12:30:23.0359 3992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:30:23.0531 3992 Update - ok
12:30:23.0640 3992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:23.0796 3992 usbccgp - ok
12:30:23.0859 3992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:24.0000 3992 usbehci - ok
12:30:24.0062 3992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:24.0203 3992 usbhub - ok
12:30:24.0328 3992 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:30:24.0531 3992 usbser - ok
12:30:24.0593 3992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:24.0750 3992 USBSTOR - ok
12:30:24.0812 3992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:30:24.0953 3992 usbuhci - ok
12:30:25.0000 3992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:30:25.0140 3992 VgaSave - ok
12:30:25.0187 3992 ViaIde - ok
12:30:25.0265 3992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:25.0390 3992 VolSnap - ok
12:30:25.0468 3992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:25.0625 3992 Wanarp - ok
12:30:25.0671 3992 WDICA - ok
12:30:25.0750 3992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:25.0906 3992 wdmaud - ok
12:30:26.0062 3992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:30:26.0109 3992 WudfPf - ok
12:30:26.0171 3992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:30:26.0203 3992 WudfRd - ok
12:30:26.0312 3992 yukonwxp (70deae7df954af41b49fa492c01e3a2a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:30:26.0375 3992 yukonwxp - ok
12:30:26.0390 3992 MBR (0x1B8) (b0b17de2470979f6aa7d36e451109b01) \Device\Harddisk0\DR0
12:30:26.0390 3992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:30:26.0390 3992 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:30:26.0453 3992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:30:26.0453 3992 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:30:26.0453 3992 Boot (0x1200) (274feb42abf1b3643e80db333d0f6336) \Device\Harddisk0\DR0\Partition0
12:30:26.0453 3992 \Device\Harddisk0\DR0\Partition0 - ok
12:30:26.0468 3992 Boot (0x1200) (bab371cea04934611a6e6a62139ec6ea) \Device\Harddisk0\DR0\Partition1
12:30:26.0468 3992 \Device\Harddisk0\DR0\Partition1 - ok
12:30:26.0468 3992 ============================================================
12:30:26.0468 3992 Scan finished
12:30:26.0468 3992 ============================================================
12:30:26.0578 0960 Detected object count: 7
12:30:26.0578 0960 Actual detected object count: 7
12:30:41.0781 0960 ALCXSENS ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0781 0960 ALCXSENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0781 0960 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0781 0960 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0781 0960 GVCplDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0781 0960 GVCplDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0781 0960 P2k ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0781 0960 P2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0781 0960 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0781 0960 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0781 0960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:30:41.0781 0960 \Device\Harddisk0\DR0 - ok
12:30:41.0781 0960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:30:41.0781 0960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:30:41.0796 0960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:32:28.0890 2428 Deinitialize success

Attached Files

  • Attached File  OTS.Txt   65.74KB   1 downloads


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:07 PM

Posted 01 December 2011 - 01:52 AM

Hi!

We may not be out of the danger zone yet.

Please yield the following warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> [&Google]
YN -> WebBrowser\\"{C98D5B61-B0EA-4D48-9839-1079D352D880}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer
YN -> \Infodelivery\Restrictions\\"NoUpdateCheck" -> [1]
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoControlPanel" -> [0]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7728 domain(s) found.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found.
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7695 domain(s) found.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found.
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\iTunes\iTunes.exe" -> [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes]
[Files/Folders - Modified Within 30 Days]
NY ->  hosts.20111123-134906.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20111123-134906.backup
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 ballerscuba

ballerscuba
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 02 December 2011 - 09:16 PM

The computer is definitely running faster after running those.

When I ran the OTS Fix, it rebooted the system, but it either did not make a text file, or Combofix closed it. I cannot find the file now, so I ran a scan again and here is that log file:

OTS.txt:

OTS logfile created on: 12/2/2011 6:21:57 PM - Run 2
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\lab.EYECARECENTER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.61 Gb Total Space | 82.55 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 372.61 Gb Total Space | 30.95 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 372.61 Gb Total Space | 30.95 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
 
Computer Name: LAB
Current User Name: lab
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\OTS.exe -> [2011/11/30 12:40:45 | 000,646,144 | ---- | M] (OldTimer Tools)
asctray.exe -> C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe -> [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit)
ascservice.exe -> C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
thorax.aaw -> C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw -> [2011/11/23 14:25:33 | 000,508,776 | ---- | M] ()
rpapi.dll -> C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll -> [2011/11/03 12:06:56 | 000,591,232 | ---- | M] ()
viprebridge.dll -> C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll -> [2011/11/03 12:06:56 | 000,430,568 | ---- | M] ()
vipre.dll -> C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll -> [2011/11/03 12:06:56 | 000,308,560 | ---- | M] ()
libmachouniv.dll -> C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll -> [2011/10/11 13:50:10 | 000,193,904 | ---- | M] ()
libbase64.dll -> C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll -> [2011/10/11 13:50:08 | 000,210,288 | ---- | M] ()
madexcept_.bpl -> C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl -> [2011/04/21 16:54:40 | 000,347,024 | ---- | M] ()
madbasic_.bpl -> C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl -> [2011/04/21 16:54:40 | 000,179,088 | ---- | M] ()
maddisasm_.bpl -> C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl -> [2011/04/21 16:54:40 | 000,046,480 | ---- | M] ()
nvapi.dll -> C:\WINDOWS\system32\nvapi.dll -> [2006/10/22 11:22:00 | 000,212,992 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AdvancedSystemCareService5) Advanced SystemCare Service 5 [Auto | Running] -> C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Running] ->  -> File not found
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB)
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Running] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2011/11/03 12:06:56 | 000,015,232 | ---- | M] ()
(gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2005/12/09 08:48:00 | 000,243,712 | ---- | M] (Marvell)
(P2k) Motorola iDEN P2k Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\P2k.sys -> [2004/03/19 12:54:24 | 000,038,912 | ---- | M] (Motorola Inc)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/12/18 10:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/12/05 01:46:36 | 000,010,368 | ---- | M] (Padus, Inc.)
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2003/11/28 16:42:38 | 000,659,065 | R--- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2003/11/28 16:41:52 | 001,313,509 | R--- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2003/11/28 16:41:12 | 000,061,541 | R--- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2003/11/28 16:40:54 | 000,036,984 | R--- | M] (Intel Corporation)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/10/03 20:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd)
(GVCplDrv) GVCplDrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\GVCplDrv.sys -> [2003/09/29 21:25:22 | 000,022,880 | R--- | M] ()
(SiSV) SiSV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SiSV.sys -> [2001/08/17 04:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\lab.EYECARECENTER\Application Data\Mozilla\Extensions -> [2010/06/04 14:09:17 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/12/02 18:04:44 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2006/10/22 11:22:00 | 007,700,480 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> [2006/10/22 11:22:00 | 000,086,016 | ---- | M] (NVIDIA Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Advanced SystemCare 5" -> C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe ["C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart] -> [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< lab.EYECARECENTER Startup Folder > -> C:\Documents and Settings\lab.EYECARECENTER\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableCAD" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoSMConfigurePrograms" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] -> 
{5896F800-6EFB-422F-A04B-AA7D44D9A4A9} [HKLM] -> http://75.61.189.17/WebClient.cab [H264WebClient Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222212970557 [WUWebControl Class] -> 
{AEACBBA6-0FCC-11D4-88A8-00105A6A36A3} [HKLM] -> http://www.lensorders.com/ROEX.cab [ROEX Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.2 192.168.2.1 -> 
Domain -> EyecareCenter.local -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2D928235-EB81-49C5-9513-134DECD84A68}\\DhcpNameServer -> 192.168.2.2 192.168.2.1   (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 
{A3E64A94-0868-4687-B5EF-4C3D6F80179B}\\DhcpNameServer -> 192.168.1.10   () -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2011/11/23 14:38:25 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2003/12/13 13:21:13 | 000,000,000 | ---- | M] ()
F:\AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | ] -> F:\AUTORUN.INF [ CDFS ] -> [2004/08/04 04:00:00 | 000,000,110 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 RECYCLER -> C:\RECYCLER -> [2011/12/02 18:15:23 | 000,000,000 | -HSD | C]
 _OTS -> C:\_OTS -> [2011/12/02 17:42:08 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\ComboFix.exe -> [2011/12/02 17:41:48 | 004,325,500 | R--- | C] (Swearware)
 OTS.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\OTS.exe -> [2011/11/30 12:40:45 | 000,646,144 | ---- | C] (OldTimer Tools)
 dds.scr -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\dds.scr -> [2011/11/28 17:00:57 | 000,607,260 | R--- | C] (Swearware)
 HijackThis -> C:\Program Files\HijackThis -> [2011/11/28 16:08:24 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Documents and Settings\lab.EYECARECENTER\Start Menu\Programs\HiJackThis -> [2011/11/28 16:08:24 | 000,000,000 | ---D | C]
 CatRoot2 -> C:\WINDOWS\System32\CatRoot2 -> [2011/11/28 13:49:04 | 000,000,000 | ---D | C]
 IObit -> C:\Documents and Settings\lab.EYECARECENTER\Application Data\IObit -> [2011/11/28 13:39:03 | 000,000,000 | ---D | C]
 IObit -> C:\Documents and Settings\All Users\Application Data\IObit -> [2011/11/28 12:36:18 | 000,000,000 | ---D | C]
 Advanced SystemCare 5 -> C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5 -> [2011/11/28 12:35:33 | 000,000,000 | ---D | C]
 IObit -> C:\Program Files\IObit -> [2011/11/28 12:35:24 | 000,000,000 | ---D | C]
 Administrative Tools -> C:\Documents and Settings\lab.EYECARECENTER\Start Menu\Programs\Administrative Tools -> [2011/11/28 11:58:42 | 000,000,000 | R--D | C]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2011/11/23 15:06:15 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2011/11/23 14:15:19 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Program Files\Lavasoft -> [2011/11/23 14:11:27 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft -> [2011/11/23 14:11:27 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2011/11/23 13:38:16 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2011/11/23 13:38:11 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2011/11/23 10:18:47 | 000,000,000 | ---D | C]
 Sun -> C:\WINDOWS\Sun -> [2011/11/21 15:56:23 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\lab.EYECARECENTER\Application Data\Sun -> [2011/11/18 10:42:46 | 000,000,000 | ---D | C]
 OpenOffice.org 3.3 -> C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3 -> [2011/11/16 18:52:59 | 000,000,000 | --SD | C]
 OpenOffice.org 3 -> C:\Program Files\OpenOffice.org 3 -> [2011/11/16 18:50:29 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2011/11/16 18:50:10 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2011/11/16 18:50:09 | 000,000,000 | ---D | C]
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/11/16 18:50:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/11/16 18:49:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/11/16 18:49:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/11/16 18:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2011/11/16 18:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 Java -> C:\Program Files\Java -> [2011/11/16 18:49:31 | 000,000,000 | ---D | C]
 18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/12/02 18:04:44 | 000,000,027 | ---- | M] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2011/12/02 17:46:09 | 000,000,486 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/12/02 17:46:01 | 000,013,724 | ---- | M] ()
 nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2011/12/02 17:46:00 | 000,088,566 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/12/02 17:45:31 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/12/02 17:45:29 | 536,403,968 | -HS- | M] ()
 ComboFix.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\ComboFix.exe -> [2011/12/02 17:42:02 | 004,325,500 | R--- | M] (Swearware)
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2011/12/02 17:29:11 | 000,000,067 | ---- | M] ()
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/11/30 14:20:06 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/11/30 14:20:06 | 000,000,044 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\OTS.exe -> [2011/11/30 12:40:45 | 000,646,144 | ---- | M] (OldTimer Tools)
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/30 12:17:52 | 000,001,324 | ---- | M] ()
 0i52yr94.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\0i52yr94.exe -> [2011/11/28 17:02:09 | 000,302,592 | ---- | M] ()
 dds.scr -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\dds.scr -> [2011/11/28 17:01:05 | 000,607,260 | R--- | M] (Swearware)
 HiJackThis.lnk -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\HiJackThis.lnk -> [2011/11/28 16:57:40 | 000,002,583 | ---- | M] ()
 nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2011/11/28 13:44:08 | 000,023,392 | ---- | M] ()
 amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2011/11/28 13:44:08 | 000,016,832 | ---- | M] ()
 QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2011/11/28 12:56:42 | 000,054,156 | -H-- | M] ()
 Quick Care.lnk -> C:\Documents and Settings\All Users\Desktop\Quick Care.lnk -> [2011/11/28 12:35:33 | 000,000,896 | ---- | M] ()
 Advanced SystemCare 5.lnk -> C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk -> [2011/11/28 12:35:33 | 000,000,874 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2011/11/28 11:55:04 | 000,000,327 | RHS- | M] ()
 userinit.exe -> C:\WINDOWS\System32\userinit.exe -> [2011/11/23 14:38:25 | 000,026,112 | ---- | M] (Microsoft Corporation)
 userinit.exe -> C:\WINDOWS\System32\dllcache\userinit.exe -> [2011/11/23 14:38:25 | 000,026,112 | ---- | M] (Microsoft Corporation)
 lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2011/11/23 14:32:20 | 000,016,432 | ---- | M] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2011/11/23 14:12:03 | 000,000,797 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/23 11:36:20 | 000,000,784 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/11/18 10:30:32 | 000,122,136 | ---- | M] ()
 OpenOffice.org 3.3.lnk -> C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk -> [2011/11/16 18:53:00 | 000,000,885 | ---- | M] ()
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2011/11/16 18:49:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/11/16 18:49:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/11/16 18:49:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2011/11/16 18:49:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2011/11/16 18:49:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/11/14 10:34:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/11/07 13:12:02 | 000,311,604 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/11/07 13:12:02 | 000,039,992 | ---- | M] ()
 Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB)
 18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 0i52yr94.exe -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\0i52yr94.exe -> [2011/11/28 17:02:07 | 000,302,592 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\lab.EYECARECENTER\Desktop\HiJackThis.lnk -> [2011/11/28 16:08:24 | 000,002,583 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/11/28 13:48:52 | 536,403,968 | -HS- | C] ()
 RegistryDefragBootTime.exe -> C:\WINDOWS\System32\RegistryDefragBootTime.exe -> [2011/11/28 13:15:05 | 000,020,312 | ---- | C] ()
 Quick Care.lnk -> C:\Documents and Settings\All Users\Desktop\Quick Care.lnk -> [2011/11/28 12:35:33 | 000,000,896 | ---- | C] ()
 Advanced SystemCare 5.lnk -> C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk -> [2011/11/28 12:35:33 | 000,000,874 | ---- | C] ()
 lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2011/11/23 17:40:17 | 000,016,432 | ---- | C] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2011/11/23 14:12:03 | 000,000,797 | ---- | C] ()
 OpenOffice.org 3.3.lnk -> C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk -> [2011/11/16 18:53:00 | 000,000,885 | ---- | C] ()
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/04/25 09:47:04 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/04/25 09:47:04 | 000,000,044 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/09/09 14:26:38 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/09/09 14:26:38 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/09/09 14:26:38 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/09/09 14:26:38 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/09/09 14:26:38 | 000,068,096 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\lab.EYECARECENTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/25 15:35:40 | 000,004,608 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2008/09/25 09:06:41 | 000,001,324 | ---- | C] ()
 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2008/09/25 09:06:41 | 000,000,768 | ---- | C] ()
 EurekaLog.ini -> C:\WINDOWS\EurekaLog.ini -> [2008/07/09 13:23:22 | 000,000,073 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/10/22 11:22:00 | 001,662,976 | ---- | C] ()
 nwiz.exe -> C:\WINDOWS\System32\nwiz.exe -> [2006/10/22 11:22:00 | 001,622,016 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/10/22 11:22:00 | 001,470,464 | ---- | C] ()
 nvdspsch.exe -> C:\WINDOWS\System32\nvdspsch.exe -> [2006/10/22 11:22:00 | 001,339,392 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/10/22 11:22:00 | 001,019,904 | ---- | C] ()
 nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/10/22 11:22:00 | 000,581,632 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/10/22 11:22:00 | 000,466,944 | ---- | C] ()
 nvappbar.exe -> C:\WINDOWS\System32\nvappbar.exe -> [2006/10/22 11:22:00 | 000,442,368 | ---- | C] ()
 keystone.exe -> C:\WINDOWS\System32\keystone.exe -> [2006/10/22 11:22:00 | 000,425,984 | ---- | C] ()
 nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/10/22 11:22:00 | 000,286,720 | ---- | C] ()
 nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2006/10/22 11:22:00 | 000,212,992 | ---- | C] ()
 RealPlay.dll -> C:\WINDOWS\System32\RealPlay.dll -> [2006/06/02 01:02:12 | 000,024,576 | ---- | C] ()
 VPC32.INI -> C:\WINDOWS\VPC32.INI -> [2006/04/06 08:23:27 | 000,000,000 | ---- | C] ()
 FilePlayer.dll -> C:\WINDOWS\System32\FilePlayer.dll -> [2006/01/06 04:56:38 | 000,024,576 | ---- | C] ()
 SearchPlay.dll -> C:\WINDOWS\System32\SearchPlay.dll -> [2005/12/27 07:06:06 | 000,028,672 | ---- | C] ()
 NetChannel1.dll -> C:\WINDOWS\System32\NetChannel1.dll -> [2005/09/06 02:30:16 | 000,053,248 | ---- | C] ()
 DvrNet1.dll -> C:\WINDOWS\System32\DvrNet1.dll -> [2005/09/06 01:09:46 | 000,061,440 | ---- | C] ()
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2005/06/01 10:00:36 | 000,000,067 | ---- | C] ()
 RtlRack.ini -> C:\WINDOWS\RtlRack.ini -> [2004/10/27 08:31:33 | 000,000,169 | ---- | C] ()
 sb_affiliate.ini -> C:\WINDOWS\sb_affiliate.ini -> [2004/09/30 09:38:02 | 000,000,157 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2004/08/26 11:11:00 | 000,000,049 | ---- | C] ()
 Uninstall_CDS.exe -> C:\Program Files\Uninstall_CDS.exe -> [2004/08/22 13:56:18 | 000,040,960 | ---- | C] ()
 GVCplDrv.sys -> C:\WINDOWS\System32\drivers\GVCplDrv.sys -> [2004/08/22 12:30:57 | 000,022,880 | R--- | C] ()
 avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/08/22 12:24:39 | 000,000,164 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/02 13:20:40 | 000,004,569 | ---- | C] ()
 ROEX.INI -> C:\WINDOWS\ROEX.INI -> [2003/12/22 10:02:44 | 000,000,276 | ---- | C] ()
 ais.ini -> C:\WINDOWS\ais.ini -> [2003/12/22 10:02:18 | 000,000,034 | ---- | C] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2003/12/13 18:01:33 | 000,000,220 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2003/12/13 13:28:09 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2003/12/13 13:14:36 | 000,022,748 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2003/12/13 05:05:51 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2003/12/13 05:04:26 | 000,122,136 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2003/03/31 04:00:00 | 013,107,200 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2003/03/31 04:00:00 | 000,673,088 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2003/03/31 04:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2003/03/31 04:00:00 | 000,218,003 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2003/03/31 04:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2003/03/31 04:00:00 | 000,028,626 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2003/03/31 04:00:00 | 000,004,461 | ---- | C] ()
 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2003/03/31 04:00:00 | 000,001,804 | ---- | C] ()
 nsldappr32v50.dll -> C:\WINDOWS\System32\nsldappr32v50.dll -> [2002/02/27 10:41:28 | 000,024,576 | ---- | C] ()
 nsldap32v50.dll -> C:\WINDOWS\System32\nsldap32v50.dll -> [2002/02/27 10:41:26 | 000,139,264 | ---- | C] ()
 nsldapssl32v50.dll -> C:\WINDOWS\System32\nsldapssl32v50.dll -> [2002/02/27 10:41:26 | 000,040,960 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2001/08/23 04:00:00 | 000,311,604 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2001/08/23 04:00:00 | 000,039,992 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2001/08/23 04:00:00 | 000,000,741 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2001/08/17 14:36:28 | 000,363,520 | ---- | C] ()
< End of report >


Combofix.txt:

ComboFix 11-12-02.02 - lab 12/02/2011 17:54:58.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.183 [GMT -8:00]
Running from: c:\documents and settings\lab.EYECARECENTER\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 01:42 . 2011-12-03 01:42 -------- d-----w- C:\_OTS
2011-11-28 21:49 . 2011-12-03 01:46 -------- d-----w- c:\windows\system32\CatRoot2
2011-11-28 21:15 . 2011-10-20 06:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-28 20:36 . 2011-11-28 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-11-28 20:35 . 2011-11-28 20:35 -------- d-----w- c:\documents and settings\Administrator.EYECARECENTER\Application Data\IObit
2011-11-28 20:35 . 2011-11-28 20:35 -------- d-----w- c:\program files\IObit
2011-11-24 01:40 . 2011-11-23 22:32 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-23 23:06 . 2011-11-23 23:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-23 22:11 . 2011-11-23 22:11 -------- d-----w- c:\program files\Lavasoft
2011-11-23 19:33 . 2011-11-23 19:33 -------- d-sh--w- c:\documents and settings\Administrator.EYECARECENTER\PrivacIE
2011-11-23 17:26 . 2011-11-23 17:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-21 23:56 . 2011-11-21 23:56 -------- d-----w- c:\windows\Sun
2011-11-17 02:50 . 2011-11-17 02:51 -------- d-----w- c:\program files\OpenOffice.org 3
2011-11-17 02:50 . 2011-11-17 02:50 -------- d-----w- c:\program files\Common Files\Java
2011-11-17 02:50 . 2011-11-17 02:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-17 02:49 . 2011-11-17 02:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 02:49 . 2011-11-17 02:49 -------- d-----w- c:\program files\Java
2011-11-17 02:49 . 2011-11-17 02:49 -------- d-sh--w- c:\documents and settings\Administrator.EYECARECENTER\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 01:07 . 2009-08-18 18:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-29 01:07 . 2009-08-18 18:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 22:38 . 2003-03-31 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-11-14 18:34 . 2011-05-17 18:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 20:06 . 2009-11-12 22:51 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22 . 2008-09-23 20:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-09-25 17:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2004-03-11 20:27 . 2004-08-22 21:56 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-27 98304]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-206698134-477368505-2297430536-1127\Scripts\Logon\0\0]
"Script"=eyecare.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-206698134-477368505-2297430536-500\Scripts\Logon\0\0]
"Script"=eyecare.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 19:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-27 00:11 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-01 22:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/12/2009 2:51 PM 64512]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/28/2011 12:35 PM 490840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S0 tjytfr;tjytfr;c:\windows\system32\drivers\lrsxppmj.sys --> c:\windows\system32\drivers\lrsxppmj.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\ngrpci.sys --> c:\windows\system32\DRIVERS\ngrpci.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [12/13/2003 5:08 AM 50432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.2 192.168.2.1
DPF: {5896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://75.61.189.17/WebClient.cab
DPF: {AEACBBA6-0FCC-11D4-88A8-00105A6A36A3} - hxxp://www.lensorders.com/ROEX.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-02 18:07:06
ComboFix-quarantined-files.txt 2011-12-03 02:07
ComboFix2.txt 2011-11-29 00:54
ComboFix3.txt 2011-11-23 21:43
ComboFix4.txt 2010-09-09 22:50
.
Pre-Run: 88,435,089,408 bytes free
Post-Run: 88,613,380,096 bytes free
.
- - End Of File - - 3BC598ADE002487E428457180C5180B0

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:07 PM

Posted 03 December 2011 - 03:50 AM

Hi!

Glad to hear things appear to be running better.

We still have some work to do.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
tjytfr

File::
c:\windows\system32\drivers\lrsxppmj.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:07 PM

Posted 11 December 2011 - 06:51 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users