[Closed] Windows Security Center service could not be started

By signofzeta
Feb 12, 2012
Topic Status:
Not open for further replies.
  1. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    System Look

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:16 on 20/02/2012 by George
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "winrnr.*"
    C:\Windows\System32\winrnr.dll --a---- 19968 bytes [05:42 17/09/2009] [06:28 11/04/2009] C411C80F90D6732380352B98B37BBD53
    C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll --a---- 19968 bytes [08:45 02/11/2006] [09:46 02/11/2006] FF78B8E67EDCE9FEED651D7858D77A04
    C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll --a---- 19968 bytes [05:42 17/09/2009] [06:28 11/04/2009] C411C80F90D6732380352B98B37BBD53

    -= EOF =-
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Have you tried Combofix again?
  3. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    it says something about "current data expired", so should I continue to run it?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Try updating it, or click on Refresh in your browser. If the link won't update, go back to the site and download new version.
  5. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    This is what is happening with the combo fix scan

    Failed to get EnableLUA

    Failed to get EnableLUA

    Creating System Restore Point

    Scanning for Infected files...
    This typically doesn't take more than 10 minutes
    However, scan times for badly infected machines may easily double

    That message above is displayed with the blue background throughout the scan.

    Then there is a popup saying You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

    If for any reason that you're unable to connect to the internet after running combofix, reboot once and see if that fixes it.

    If it's not fixed, run combofix one more time.

    I then press OK, since it is the only button there is.

    Another message pops up saying Rootkit is detected

    Be patient as they may take some moments

    I press OK again.

    As the scan progresses, I hear a BEEP BEEP, and a message pops up saying that ComboFix has detected the presence of rootkit activity and needs to reboot the machine.

    I click OK and machine reboots.

    I let it reboot normally.

    When the machine is loaded up, Combofix doesn't finish the scan, nor do I see a log produced.

    Could it mean that something is blocking Combofix from starting up automatically right after I restarted my computer?

    From the other tries, even waiting for a day after the computer restarted from combofix, combofix still didn't run, nor did it give me any logs.

    So what should I do now? Each and every time, Combofix never gave me any logs.

    Restarting machine, since internet connection hasn't been reestablished.

    combofix didn't run after restarting nor did a log pop up.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    .NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode. If it won't run, go one to #2.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    3.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
    =============================
    If Comfix still won't run after RKill and exeHelper, run TDSSKiller first:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.Save log andpost in next repy.
      .=======================
    • A reboot is required after disinfection.
  7. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Rkill log

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/26/2012 at 22:03:53.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 02/26/2012 at 22:04:03.
  8. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    exehelperlog

    exeHelper by Raktor
    Build 20100414
    Run at 22:09:02 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  9. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    TDSkiller log

    22:49:49.0393 3904 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
    22:49:49.0954 3904 ============================================================
    22:49:49.0954 3904 Current date / time: 2012/02/26 22:49:49.0954
    22:49:49.0954 3904 SystemInfo:
    22:49:49.0954 3904
    22:49:49.0954 3904 OS Version: 6.0.6002 ServicePack: 2.0
    22:49:49.0954 3904 Product type: Workstation
    22:49:49.0954 3904 ComputerName: GEORGEGAMINGPC
    22:49:49.0954 3904 UserName: George
    22:49:49.0954 3904 Windows directory: C:\Windows
    22:49:49.0954 3904 System windows directory: C:\Windows
    22:49:49.0954 3904 Processor architecture: Intel x86
    22:49:49.0954 3904 Number of processors: 2
    22:49:49.0954 3904 Page size: 0x1000
    22:49:49.0954 3904 Boot type: Normal boot
    22:49:49.0954 3904 ============================================================
    22:49:51.0358 3904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    22:49:51.0358 3904 \Device\Harddisk0\DR0:
    22:49:51.0358 3904 MBR used
    22:49:51.0358 3904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360
    22:49:51.0390 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
    22:49:51.0514 3904 Initialize success
    22:49:51.0514 3904 ============================================================
    22:49:59.0548 3736 ============================================================
    22:49:59.0548 3736 Scan started
    22:49:59.0548 3736 Mode: Manual;
    22:49:59.0548 3736 ============================================================
    22:50:00.0718 3736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    22:50:00.0718 3736 ACPI - ok
    22:50:00.0765 3736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    22:50:00.0765 3736 adp94xx - ok
    22:50:00.0812 3736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    22:50:00.0812 3736 adpahci - ok
    22:50:00.0843 3736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    22:50:00.0843 3736 adpu160m - ok
    22:50:00.0890 3736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    22:50:00.0890 3736 adpu320 - ok
    22:50:01.0093 3736 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    22:50:01.0093 3736 AFD - ok
    22:50:01.0155 3736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    22:50:01.0155 3736 agp440 - ok
    22:50:01.0233 3736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    22:50:01.0233 3736 aic78xx - ok
    22:50:01.0327 3736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    22:50:01.0327 3736 aliide - ok
    22:50:01.0358 3736 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    22:50:01.0358 3736 amdagp - ok
    22:50:01.0405 3736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    22:50:01.0420 3736 amdide - ok
    22:50:01.0452 3736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    22:50:01.0452 3736 AmdK7 - ok
    22:50:01.0483 3736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    22:50:01.0483 3736 AmdK8 - ok
    22:50:01.0654 3736 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    22:50:01.0654 3736 arc - ok
    22:50:01.0717 3736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    22:50:01.0717 3736 arcsas - ok
    22:50:01.0842 3736 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
    22:50:01.0842 3736 AsDsm - ok
    22:50:02.0013 3736 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
    22:50:02.0029 3736 ASMMAP - ok
    22:50:02.0185 3736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:50:02.0200 3736 AsyncMac - ok
    22:50:02.0247 3736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    22:50:02.0247 3736 atapi - ok
    22:50:02.0403 3736 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
    22:50:02.0403 3736 athr - ok
    22:50:02.0544 3736 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    22:50:02.0559 3736 avgntflt - ok
    22:50:02.0746 3736 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
    22:50:02.0762 3736 avipbb - ok
    22:50:02.0793 3736 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    22:50:02.0793 3736 avkmgr - ok
    22:50:02.0871 3736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    22:50:02.0887 3736 Beep - ok
    22:50:02.0949 3736 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    22:50:02.0949 3736 blbdrive - ok
    22:50:03.0027 3736 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    22:50:03.0027 3736 bowser - ok
    22:50:03.0058 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    22:50:03.0074 3736 BrFiltLo - ok
    22:50:03.0090 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    22:50:03.0105 3736 BrFiltUp - ok
    22:50:03.0152 3736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    22:50:03.0152 3736 Brserid - ok
    22:50:03.0199 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    22:50:03.0199 3736 BrSerWdm - ok
    22:50:03.0230 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    22:50:03.0230 3736 BrUsbMdm - ok
    22:50:03.0277 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    22:50:03.0355 3736 BrUsbSer - ok
    22:50:03.0417 3736 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
    22:50:03.0417 3736 BthEnum - ok
    22:50:03.0480 3736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    22:50:03.0480 3736 BTHMODEM - ok
    22:50:03.0542 3736 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    22:50:03.0542 3736 BthPan - ok
    22:50:03.0589 3736 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
    22:50:03.0589 3736 BTHPORT - ok
    22:50:03.0620 3736 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
    22:50:03.0636 3736 BTHUSB - ok
    22:50:03.0729 3736 catchme - ok
    22:50:03.0838 3736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:50:03.0838 3736 cdfs - ok
    22:50:03.0916 3736 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    22:50:03.0932 3736 cdrom - ok
    22:50:03.0963 3736 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    22:50:03.0979 3736 circlass - ok
    22:50:04.0041 3736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    22:50:04.0057 3736 CLFS - ok
    22:50:04.0150 3736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:50:04.0166 3736 CmBatt - ok
    22:50:04.0197 3736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    22:50:04.0213 3736 cmdide - ok
    22:50:04.0228 3736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    22:50:04.0228 3736 Compbatt - ok
    22:50:04.0260 3736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    22:50:04.0260 3736 crcdisk - ok
    22:50:04.0306 3736 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    22:50:04.0306 3736 Crusoe - ok
    22:50:04.0431 3736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    22:50:04.0447 3736 DfsC - ok
    22:50:04.0540 3736 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
    22:50:04.0540 3736 DgiVecp - ok
    22:50:04.0634 3736 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    22:50:04.0634 3736 disk - ok
    22:50:04.0774 3736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    22:50:04.0774 3736 drmkaud - ok
    22:50:04.0837 3736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    22:50:04.0852 3736 DXGKrnl - ok
    22:50:04.0915 3736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    22:50:04.0915 3736 E1G60 - ok
    22:50:05.0008 3736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    22:50:05.0008 3736 Ecache - ok
    22:50:05.0102 3736 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    22:50:05.0118 3736 elxstor - ok
    22:50:05.0149 3736 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    22:50:05.0149 3736 ErrDev - ok
    22:50:05.0242 3736 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    22:50:05.0242 3736 exfat - ok
    22:50:05.0289 3736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    22:50:05.0289 3736 fastfat - ok
    22:50:05.0414 3736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    22:50:05.0414 3736 fdc - ok
    22:50:05.0461 3736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    22:50:05.0476 3736 FileInfo - ok
    22:50:05.0508 3736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    22:50:05.0523 3736 Filetrace - ok
    22:50:05.0539 3736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:50:05.0554 3736 flpydisk - ok
    22:50:05.0601 3736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    22:50:05.0617 3736 FltMgr - ok
    22:50:05.0757 3736 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
    22:50:05.0757 3736 fssfltr - ok
    22:50:05.0820 3736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    22:50:05.0820 3736 Fs_Rec - ok
    22:50:05.0851 3736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    22:50:05.0851 3736 gagp30kx - ok
    22:50:06.0100 3736 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
    22:50:06.0100 3736 hamachi - ok
    22:50:06.0178 3736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    22:50:06.0194 3736 HdAudAddService - ok
    22:50:06.0256 3736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:50:06.0272 3736 HDAudBus - ok
    22:50:06.0303 3736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    22:50:06.0303 3736 HidBth - ok
    22:50:06.0334 3736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    22:50:06.0350 3736 HidIr - ok
    22:50:06.0412 3736 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    22:50:06.0428 3736 HidUsb - ok
    22:50:06.0459 3736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    22:50:06.0475 3736 HpCISSs - ok
    22:50:06.0537 3736 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    22:50:06.0537 3736 HTTP - ok
    22:50:06.0600 3736 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    22:50:06.0615 3736 i2omp - ok
    22:50:06.0678 3736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:50:06.0693 3736 i8042prt - ok
    22:50:06.0740 3736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    22:50:06.0756 3736 iaStorV - ok
    22:50:06.0802 3736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    22:50:06.0818 3736 iirsp - ok
    22:50:06.0958 3736 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
    22:50:07.0021 3736 IntcAzAudAddService - ok
    22:50:07.0099 3736 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    22:50:07.0114 3736 intelide - ok
    22:50:07.0177 3736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    22:50:07.0192 3736 intelppm - ok
    22:50:07.0239 3736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:50:07.0239 3736 IpFilterDriver - ok
    22:50:07.0255 3736 IpInIp - ok
    22:50:07.0302 3736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    22:50:07.0317 3736 IPMIDRV - ok
    22:50:07.0348 3736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    22:50:07.0364 3736 IPNAT - ok
    22:50:07.0411 3736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    22:50:07.0426 3736 IRENUM - ok
    22:50:07.0489 3736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    22:50:07.0489 3736 isapnp - ok
    22:50:07.0536 3736 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    22:50:07.0536 3736 iScsiPrt - ok
    22:50:07.0567 3736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    22:50:07.0582 3736 iteatapi - ok
    22:50:07.0598 3736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    22:50:07.0614 3736 iteraid - ok
    22:50:07.0660 3736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:50:07.0676 3736 kbdclass - ok
    22:50:07.0692 3736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    22:50:07.0707 3736 kbdhid - ok
    22:50:07.0926 3736 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
    22:50:07.0957 3736 kbfiltr - ok
    22:50:08.0019 3736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    22:50:08.0035 3736 KSecDD - ok
    22:50:08.0097 3736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    22:50:08.0113 3736 lltdio - ok
    22:50:08.0144 3736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    22:50:08.0160 3736 LSI_FC - ok
    22:50:08.0191 3736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    22:50:08.0191 3736 LSI_SAS - ok
    22:50:08.0222 3736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    22:50:08.0222 3736 LSI_SCSI - ok
    22:50:08.0253 3736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    22:50:08.0253 3736 luafv - ok
    22:50:08.0300 3736 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
    22:50:08.0316 3736 lullaby - ok
    22:50:08.0409 3736 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    22:50:08.0425 3736 megasas - ok
    22:50:08.0456 3736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    22:50:08.0472 3736 MegaSR - ok
    22:50:08.0503 3736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    22:50:08.0503 3736 Modem - ok
    22:50:08.0581 3736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    22:50:08.0596 3736 monitor - ok
    22:50:08.0628 3736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    22:50:08.0643 3736 mouclass - ok
    22:50:08.0674 3736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    22:50:08.0690 3736 mouhid - ok
    22:50:08.0721 3736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    22:50:08.0721 3736 MountMgr - ok
    22:50:08.0784 3736 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    22:50:08.0784 3736 mpio - ok
    22:50:08.0830 3736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    22:50:08.0830 3736 mpsdrv - ok
    22:50:08.0846 3736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    22:50:08.0862 3736 Mraid35x - ok
    22:50:08.0908 3736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    22:50:08.0908 3736 MRxDAV - ok
    22:50:08.0940 3736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:50:08.0955 3736 mrxsmb - ok
    22:50:09.0002 3736 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:50:09.0002 3736 mrxsmb10 - ok
    22:50:09.0033 3736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:50:09.0033 3736 mrxsmb20 - ok
    22:50:09.0142 3736 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    22:50:09.0158 3736 msahci - ok
    22:50:09.0174 3736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    22:50:09.0189 3736 msdsm - ok
    22:50:09.0267 3736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    22:50:09.0283 3736 Msfs - ok
    22:50:09.0345 3736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    22:50:09.0423 3736 msisadrv - ok
    22:50:09.0548 3736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    22:50:09.0564 3736 MSKSSRV - ok
    22:50:09.0642 3736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:50:09.0657 3736 MSPCLOCK - ok
    22:50:09.0704 3736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    22:50:09.0720 3736 MSPQM - ok
    22:50:09.0782 3736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    22:50:09.0798 3736 MsRPC - ok
    22:50:09.0829 3736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:50:09.0829 3736 mssmbios - ok
    22:50:09.0876 3736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    22:50:09.0876 3736 MSTEE - ok
    22:50:09.0938 3736 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    22:50:09.0938 3736 MTsensor - ok
    22:50:09.0969 3736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    22:50:09.0985 3736 Mup - ok
    22:50:10.0063 3736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    22:50:10.0078 3736 NativeWifiP - ok
    22:50:10.0141 3736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    22:50:10.0141 3736 NDIS - ok
    22:50:10.0219 3736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:50:10.0234 3736 NdisTapi - ok
    22:50:10.0250 3736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:50:10.0266 3736 Ndisuio - ok
    22:50:10.0297 3736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:50:10.0312 3736 NdisWan - ok
    22:50:10.0344 3736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    22:50:10.0344 3736 NDProxy - ok
    22:50:10.0453 3736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    22:50:10.0453 3736 NetBIOS - ok
    22:50:10.0500 3736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    22:50:10.0500 3736 netbt - ok
    22:50:10.0593 3736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    22:50:10.0593 3736 nfrd960 - ok
    22:50:10.0656 3736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    22:50:10.0671 3736 Npfs - ok
    22:50:10.0718 3736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    22:50:10.0734 3736 nsiproxy - ok
    22:50:10.0812 3736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    22:50:10.0827 3736 Ntfs - ok
    22:50:10.0858 3736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    22:50:10.0874 3736 ntrigdigi - ok
    22:50:10.0905 3736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    22:50:10.0921 3736 Null - ok
    22:50:11.0186 3736 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:50:11.0295 3736 nvlddmkm - ok
    22:50:11.0342 3736 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    22:50:11.0342 3736 nvraid - ok
    22:50:11.0358 3736 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    22:50:11.0373 3736 nvstor - ok
    22:50:11.0436 3736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    22:50:11.0451 3736 nv_agp - ok
    22:50:11.0451 3736 NwlnkFlt - ok
    22:50:11.0482 3736 NwlnkFwd - ok
    22:50:11.0529 3736 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    22:50:11.0529 3736 ohci1394 - ok
    22:50:11.0607 3736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    22:50:11.0607 3736 Parport - ok
    22:50:11.0654 3736 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    22:50:11.0670 3736 partmgr - ok
    22:50:11.0716 3736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    22:50:11.0716 3736 Parvdm - ok
    22:50:11.0779 3736 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    22:50:11.0779 3736 pci - ok
    22:50:11.0841 3736 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    22:50:11.0857 3736 pciide - ok
    22:50:11.0888 3736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    22:50:11.0888 3736 pcmcia - ok
    22:50:11.0982 3736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    22:50:11.0997 3736 PEAUTH - ok
    22:50:12.0153 3736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    22:50:12.0153 3736 PptpMiniport - ok
    22:50:12.0216 3736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    22:50:12.0216 3736 Processor - ok
    22:50:12.0278 3736 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    22:50:12.0278 3736 PSched - ok
    22:50:12.0309 3736 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    22:50:12.0309 3736 PxHelp20 - ok
    22:50:12.0481 3736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    22:50:12.0496 3736 ql2300 - ok
    22:50:12.0528 3736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    22:50:12.0543 3736 ql40xx - ok
    22:50:12.0590 3736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    22:50:12.0590 3736 QWAVEdrv - ok
    22:50:12.0621 3736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    22:50:12.0637 3736 RasAcd - ok
    22:50:12.0652 3736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:50:12.0668 3736 Rasl2tp - ok
    22:50:12.0715 3736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:50:12.0715 3736 RasPppoe - ok
    22:50:12.0762 3736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    22:50:12.0777 3736 RasSstp - ok
    22:50:12.0808 3736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    22:50:12.0824 3736 rdbss - ok
    22:50:12.0855 3736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:50:12.0871 3736 RDPCDD - ok
    22:50:12.0902 3736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    22:50:12.0918 3736 rdpdr - ok
    22:50:12.0933 3736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    22:50:12.0949 3736 RDPENCDD - ok
    22:50:12.0996 3736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    22:50:13.0011 3736 RDPWD - ok
    22:50:13.0198 3736 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
    22:50:13.0214 3736 RFCOMM - ok
    22:50:13.0245 3736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    22:50:13.0261 3736 rspndr - ok
    22:50:13.0308 3736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    22:50:13.0308 3736 sbp2port - ok
    22:50:13.0417 3736 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    22:50:13.0432 3736 sdbus - ok
    22:50:13.0495 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    22:50:13.0510 3736 secdrv - ok
    22:50:13.0573 3736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    22:50:13.0588 3736 Serenum - ok
    22:50:13.0620 3736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    22:50:13.0635 3736 Serial - ok
    22:50:13.0666 3736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    22:50:13.0682 3736 sermouse - ok
    22:50:13.0729 3736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    22:50:13.0744 3736 sffdisk - ok
    22:50:13.0776 3736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    22:50:13.0776 3736 sffp_mmc - ok
    22:50:13.0807 3736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    22:50:13.0822 3736 sffp_sd - ok
    22:50:13.0854 3736 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:50:13.0869 3736 sfloppy - ok
    22:50:13.0916 3736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    22:50:13.0932 3736 sisagp - ok
    22:50:13.0963 3736 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys
    22:50:13.0978 3736 SiSGbeLH - ok
    22:50:14.0010 3736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    22:50:14.0025 3736 SiSRaid2 - ok
    22:50:14.0056 3736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    22:50:14.0072 3736 SiSRaid4 - ok
    22:50:14.0119 3736 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    22:50:14.0134 3736 Smb - ok
    22:50:14.0228 3736 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
    22:50:14.0259 3736 smserial - ok
    22:50:14.0384 3736 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
    22:50:14.0415 3736 SNP2UVC - ok
    22:50:14.0478 3736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    22:50:14.0493 3736 spldr - ok
    22:50:14.0571 3736 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    22:50:14.0571 3736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    22:50:14.0571 3736 sptd ( LockedFile.Multi.Generic ) - warning
    22:50:14.0571 3736 sptd - detected LockedFile.Multi.Generic (1)
    22:50:14.0649 3736 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    22:50:14.0665 3736 srv - ok
    22:50:14.0712 3736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    22:50:14.0727 3736 srv2 - ok
    22:50:14.0758 3736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    22:50:14.0758 3736 srvnet - ok
    22:50:14.0821 3736 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    22:50:14.0836 3736 ssmdrv - ok
    22:50:14.0868 3736 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    22:50:14.0883 3736 SSPORT - ok
    22:50:14.0992 3736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    22:50:15.0008 3736 swenum - ok
    22:50:15.0055 3736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    22:50:15.0070 3736 Symc8xx - ok
    22:50:15.0102 3736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    22:50:15.0117 3736 Sym_hi - ok
    22:50:15.0164 3736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    22:50:15.0180 3736 Sym_u3 - ok
    22:50:15.0226 3736 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
    22:50:15.0258 3736 SynTP - ok
    22:50:15.0336 3736 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    22:50:15.0367 3736 Tcpip - ok
    22:50:15.0414 3736 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    22:50:15.0429 3736 Tcpip6 - ok
    22:50:15.0507 3736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    22:50:15.0523 3736 tcpipreg - ok
    22:50:15.0570 3736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    22:50:15.0585 3736 TDPIPE - ok
    22:50:15.0616 3736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    22:50:15.0616 3736 TDTCP - ok
    22:50:15.0663 3736 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    22:50:15.0679 3736 tdx - ok
    22:50:15.0710 3736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    22:50:15.0741 3736 TermDD - ok
    22:50:15.0835 3736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:50:15.0850 3736 tssecsrv - ok
    22:50:15.0882 3736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    22:50:15.0897 3736 tunmp - ok
    22:50:15.0928 3736 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    22:50:15.0944 3736 tunnel - ok
    22:50:15.0975 3736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    22:50:15.0991 3736 uagp35 - ok
    22:50:16.0038 3736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    22:50:16.0053 3736 udfs - ok
    22:50:16.0100 3736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    22:50:16.0116 3736 uliagpkx - ok
    22:50:16.0147 3736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    22:50:16.0162 3736 uliahci - ok
    22:50:16.0178 3736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    22:50:16.0194 3736 UlSata - ok
    22:50:16.0225 3736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    22:50:16.0240 3736 ulsata2 - ok
    22:50:16.0272 3736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    22:50:16.0287 3736 umbus - ok
    22:50:16.0412 3736 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    22:50:16.0412 3736 UnlockerDriver5 - ok
    22:50:16.0584 3736 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    22:50:16.0584 3736 usbaudio - ok
    22:50:16.0630 3736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:50:16.0630 3736 usbccgp - ok
    22:50:16.0677 3736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    22:50:16.0693 3736 usbcir - ok
    22:50:16.0786 3736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:50:16.0802 3736 usbehci - ok
    22:50:16.0833 3736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    22:50:16.0849 3736 usbhub - ok
    22:50:16.0896 3736 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    22:50:16.0911 3736 usbohci - ok
    22:50:16.0974 3736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    22:50:16.0989 3736 usbprint - ok
    22:50:17.0067 3736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    22:50:17.0083 3736 usbscan - ok
    22:50:17.0130 3736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:50:17.0145 3736 USBSTOR - ok
    22:50:17.0192 3736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:50:17.0208 3736 usbuhci - ok
    22:50:17.0239 3736 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    22:50:17.0254 3736 usbvideo - ok
    22:50:17.0301 3736 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:50:17.0317 3736 vga - ok
    22:50:17.0332 3736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    22:50:17.0348 3736 VgaSave - ok
    22:50:17.0379 3736 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    22:50:17.0379 3736 viaagp - ok
    22:50:17.0410 3736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    22:50:17.0426 3736 ViaC7 - ok
    22:50:17.0566 3736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    22:50:17.0566 3736 viaide - ok
    22:50:17.0644 3736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    22:50:17.0660 3736 volmgr - ok
    22:50:17.0707 3736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    22:50:17.0722 3736 volmgrx - ok
    22:50:17.0754 3736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    22:50:17.0769 3736 volsnap - ok
    22:50:17.0800 3736 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    22:50:17.0816 3736 vsmraid - ok
    22:50:17.0863 3736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    22:50:17.0878 3736 WacomPen - ok
    22:50:17.0910 3736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    22:50:17.0925 3736 Wanarp - ok
    22:50:17.0988 3736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    22:50:17.0988 3736 Wanarpv6 - ok
    22:50:18.0081 3736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    22:50:18.0097 3736 Wd - ok
    22:50:18.0144 3736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    22:50:18.0159 3736 Wdf01000 - ok
    22:50:18.0643 3736 WmFilter (cffe18db8140b00335221907a694dd01) C:\Windows\system32\drivers\WmFilter.sys
    22:50:18.0658 3736 WmFilter - ok
    22:50:18.0705 3736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:50:18.0736 3736 WmiAcpi - ok
    22:50:18.0783 3736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    22:50:18.0799 3736 ws2ifsl - ok
    22:50:18.0877 3736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:50:18.0892 3736 WUDFRd - ok
    22:50:18.0970 3736 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    22:50:18.0986 3736 xnacc - ok
    22:50:19.0095 3736 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    22:50:19.0111 3736 xusb21 - ok
    22:50:19.0173 3736 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    22:50:19.0189 3736 yukonwlh - ok
    22:50:19.0204 3736 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
    22:50:19.0345 3736 \Device\Harddisk0\DR0 - ok
    22:50:19.0360 3736 Boot (0x1200) (58d05d33716f8103d6c9c0e84086a8b6) \Device\Harddisk0\DR0\Partition0
    22:50:19.0360 3736 \Device\Harddisk0\DR0\Partition0 - ok
    22:50:19.0392 3736 Boot (0x1200) (12aa7348563a13b65716e39d09fc4495) \Device\Harddisk0\DR0\Partition1
    22:50:19.0407 3736 \Device\Harddisk0\DR0\Partition1 - ok
    22:50:19.0407 3736 ============================================================
    22:50:19.0407 3736 Scan finished
    22:50:19.0407 3736 ============================================================
    22:50:19.0423 3400 Detected object count: 1
    22:50:19.0423 3400 Actual detected object count: 1
    22:57:13.0993 3400 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
    22:57:14.0008 3400 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
  10. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Rkill log after TDSkiller scan

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/26/2012 at 23:03:22.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 02/26/2012 at 23:03:29.
  11. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    exehelperlog after TDSkiller scan

    exeHelper by Raktor
    Build 20100414
    Run at 22:09:02 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 23:05:47 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
  12. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Rkill log when running in safe mode

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/26/2012 at 23:52:53.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\system32\conime.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\conime.exe


    Rkill completed on 02/26/2012 at 23:52:57.
  13. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    exehelperlog when running in safe mode

    exeHelper by Raktor
    Build 20100414
    Run at 22:09:02 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 23:05:47 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 23:54:05 on 02/26/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  14. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Here is what is happening with combofix. It runs, as it says that it found the ZeroAccess Rootkit. Combofix restarted the machine, and when the machine loaded up the desktop, and in both safe mode or not safe mode, a log didn't pop up, even after running rkill, exehelper and TDSkiller. Usually, after combofix restarts the machine, a log is supposed to pop up upon startup right? Not this time, and neither did a log pop up the many other times I tried to run combofix.

    It is not the fact that combofix doesn't run, but it is the fact that it didn't give me any logs after it told me to restart the machine.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If it ran the scan, there will be a log: please search the system for combofix.txt.
  16. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    I searched the system, and combofix.txt does not exist. Something is probably blocking combofix from completely finishing the scan, and thus no log was created.

    I ran combofix twice, once normally, and once again with Rkill and EXEhelper, and the renamed combofix. Both to no avail. In both cases, and in all cases, it goes

    Failed to get "EnableLUA" and it said that twice.

    Then in creates a system restore point.

    Then it starts to scan for stuff, and it found the ZeroAccess Rootkit. Because of that, the machine had to reboot. Once it rebooted, that was it. Combofix didn't start up to finish its scan or fix, and no txt file popped up.

    And this is everytime I run combofix. I could run it 10 times, and it would still have the same result.

    The details of exactly what combofix said, and what each pop up window said is posted a few posts back, somewhere in the middle of the second page of this thread.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run OTL since Combofix won't finish:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  18. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    OTL

    OTL logfile created on: 3/6/2012 9:15:34 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.83% Memory free
    6.20 Gb Paging File | 5.19 Gb Available in Paging File | 83.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 9.86 Gb Free Space | 8.47% Space Free | Partition Type: NTFS
    Drive D: | 104.73 Gb Total Space | 15.60 Gb Free Space | 14.89% Space Free | Partition Type: NTFS

    Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\ASScrPro.exe ()
    PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
    PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
    PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
    PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
    PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
    PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
    PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
    PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
    PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
    PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
    PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
    PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
    PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
    MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()
    MOD - C:\Windows\ASScrPro.exe ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (DAUpdaterSvc) -- File not found
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
    DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
    DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
    DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
    DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
    DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
    DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
    DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 64242
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 08:39:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 20:16:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

    [2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
    [2012/03/06 21:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
    [2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/03/06 21:14:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
    [2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/02/29 08:39:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/29 08:39:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/29 08:39:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/02/20 22:14:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
    O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
    O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
    O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/02 22:31:42 | 000,000,000 | --SD | C] -- C:\mandrake
    [2012/03/02 22:23:34 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\George\Desktop\mandrake.exe
    [2012/03/02 22:09:44 | 000,000,000 | --SD | C] -- C:\friday32470f
    [2012/03/02 21:51:08 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/02/27 00:01:17 | 000,000,000 | --SD | C] -- C:\friday15101f
    [2012/02/26 23:07:37 | 000,000,000 | --SD | C] -- C:\friday1938f
    [2012/02/26 22:48:49 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\tdsskiller(1)
    [2012/02/26 22:12:22 | 000,000,000 | --SD | C] -- C:\friday
    [2012/02/25 18:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/25 18:12:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/25 18:12:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/18 01:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/18 01:18:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/18 01:15:28 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\tdsskiller
    [2012/02/16 20:16:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/03/06 20:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/06 20:39:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 20:39:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 16:56:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/06 07:44:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
    [2012/03/02 22:39:48 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/03/02 22:39:38 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
    [2012/03/02 22:39:35 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/03/02 22:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/02 22:38:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/02 22:37:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/02 22:25:56 | 000,294,400 | ---- | M] () -- C:\Users\George\Desktop\exeHelper.com
    [2012/03/02 22:24:38 | 001,008,141 | ---- | M] () -- C:\Users\George\Desktop\rkill.exe
    [2012/03/02 22:23:52 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\George\Desktop\mandrake.exe
    [2012/02/29 01:19:07 | 000,691,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/29 01:19:07 | 000,138,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/20 22:14:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/18 11:16:32 | 000,000,134 | ---- | M] () -- C:\Users\George\Desktop\hosts-perm(1).bat
    [2012/02/16 20:09:08 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/03/02 22:25:54 | 000,294,400 | ---- | C] () -- C:\Users\George\Desktop\exeHelper.com
    [2012/03/02 22:24:34 | 001,008,141 | ---- | C] () -- C:\Users\George\Desktop\rkill.exe
    [2012/02/27 00:24:29 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/25 18:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/25 18:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/25 18:12:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/25 18:12:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/25 18:12:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/18 11:16:32 | 000,000,134 | ---- | C] () -- C:\Users\George\Desktop\hosts-perm(1).bat
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
    [2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
    [2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
    [2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
    [2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
    [2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
    [2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
    [2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
    [2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
    [2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
    [2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
    [2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
    [2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
    [2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
    [2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
    [2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
    [2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
    [2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
    [2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
    [2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
    [2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
    [2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

    ========== LOP Check ==========

    [2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
    [2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
    [2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
    [2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
    [2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
    [2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
    [2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
    [2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
    [2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
    [2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
    [2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
    [2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
    [2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
    [2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
    [2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
    [2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
    [2012/03/02 22:37:40 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/03/06 07:44:13 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
    [2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2009/04/07 09:14:22 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
  19. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Oddly, I only got OTL.txt but not extras.txt
  20. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Would hibernating or shutting down the computer affect the cleaning process?
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, the Extras log in OTL only comes up automatically the first time it's run> you did that on 2/12/ To get the log again, I would use script to call it up. again.

    I don't advise using Hibernate, but you can use either 'Sleep' when you shut the lid if it's a laptop or use Stand By in Power Options. Either of those settings will allow you to keep your work up on the screen and when reopened, the work will be right in front of you to continue.

    But neither should affect the cleaning unless you have a program or app starting on boot that would deliberately make changes in the system> like CCleaner.
    =========================================
    Where are we with the Security Center setting? I'd like to check some Services:

    Please download Farbar Service Scanner
    • Check ALL boxes to include all files.
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply

    -------------------------
    One more comment about the Zero Access message from Combofix>> did you just try to ignore it and continue? It should run Combofix in the Reduced Functionality Mode, but should still do what is necessary.
  22. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    I restarted the computer because the internet wasn't working, and now it works.

    Ok anyway, I went to the security center, and it has the Firewall, Automatic Updating, Malware, and Other Security Settings.

    Firewall cannot be turned on

    Automatic Updating is turned on

    Malware Protection: Windows Defender can't be updated, and the Antivirus program I am using is Avira, not Trend Micro, but it won't detect the fact that I installed Avira.

    Other Security Settings are turned on, such as UAC, and internet security settings.

    I am going to run the FSS scan now.
  23. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Farbar Service Scanner Version: 01-03-2012
    Ran by George (administrator) on 12-03-2012 at 21:30:19
    Running from "C:\Users\George\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  24. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    Can I still run programs such as games and documents during the cleaning process?

    So tell me a list of things that I can't do to my computer during the cleaning process, because I want to be able to use that laptop as soon as possible.

    I also heard that Zero Access rootkit, which Combofix seems to have found, messes with the security software on a computer. Is that true? So the major problem I am facing is to get rid of the ZeroAccess rootkit, which Combofix seems to cannot do, as you can see, every attempt, it did nothing, restarted the computer, and never gave me a log.
  25. signofzeta

    signofzeta Newcomer, in training Topic Starter Posts: 107

    oh yeah, about combofix, yeah I clicked on continue, and that's what I did, well the last time I tried it anyway, and it says that my computer needs to restart, and the computer rebooted and loaded up the desktop without any txt files or combofix running after the restart.

    Another thing is, was I supposed to click on continue?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.