[Closed] Windows Security Center service could not be started

Status
Not open for further replies.
System Look

SystemLook 30.07.11 by jpshortstuff
Log created at 22:16 on 20/02/2012 by George
Administrator - Elevation successful

========== filefind ==========

Searching for "winrnr.*"
C:\Windows\System32\winrnr.dll --a---- 19968 bytes [05:42 17/09/2009] [06:28 11/04/2009] C411C80F90D6732380352B98B37BBD53
C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll --a---- 19968 bytes [08:45 02/11/2006] [09:46 02/11/2006] FF78B8E67EDCE9FEED651D7858D77A04
C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll --a---- 19968 bytes [05:42 17/09/2009] [06:28 11/04/2009] C411C80F90D6732380352B98B37BBD53

-= EOF =-
 
Try updating it, or click on Refresh in your browser. If the link won't update, go back to the site and download new version.
 
This is what is happening with the combo fix scan

Failed to get EnableLUA

Failed to get EnableLUA

Creating System Restore Point

Scanning for Infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

That message above is displayed with the blue background throughout the scan.

Then there is a popup saying You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

If for any reason that you're unable to connect to the internet after running combofix, reboot once and see if that fixes it.

If it's not fixed, run combofix one more time.

I then press OK, since it is the only button there is.

Another message pops up saying Rootkit is detected

Be patient as they may take some moments

I press OK again.

As the scan progresses, I hear a BEEP BEEP, and a message pops up saying that ComboFix has detected the presence of rootkit activity and needs to reboot the machine.

I click OK and machine reboots.

I let it reboot normally.

When the machine is loaded up, Combofix doesn't finish the scan, nor do I see a log produced.

Could it mean that something is blocking Combofix from starting up automatically right after I restarted my computer?

From the other tries, even waiting for a day after the computer restarted from combofix, combofix still didn't run, nor did it give me any logs.

So what should I do now? Each and every time, Combofix never gave me any logs.

Restarting machine, since internet connection hasn't been reestablished.

combofix didn't run after restarting nor did a log pop up.
 
.NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
=============================
If Comfix still won't run after RKill and exeHelper, run TDSSKiller first:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.Save log andpost in next repy.
    .=======================
  • A reboot is required after disinfection.
 
Rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/26/2012 at 22:03:53.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 02/26/2012 at 22:04:03.
 
exehelperlog

exeHelper by Raktor
Build 20100414
Run at 22:09:02 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
TDSkiller log

22:49:49.0393 3904 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
22:49:49.0954 3904 ============================================================
22:49:49.0954 3904 Current date / time: 2012/02/26 22:49:49.0954
22:49:49.0954 3904 SystemInfo:
22:49:49.0954 3904
22:49:49.0954 3904 OS Version: 6.0.6002 ServicePack: 2.0
22:49:49.0954 3904 Product type: Workstation
22:49:49.0954 3904 ComputerName: GEORGEGAMINGPC
22:49:49.0954 3904 UserName: George
22:49:49.0954 3904 Windows directory: C:\Windows
22:49:49.0954 3904 System windows directory: C:\Windows
22:49:49.0954 3904 Processor architecture: Intel x86
22:49:49.0954 3904 Number of processors: 2
22:49:49.0954 3904 Page size: 0x1000
22:49:49.0954 3904 Boot type: Normal boot
22:49:49.0954 3904 ============================================================
22:49:51.0358 3904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:49:51.0358 3904 \Device\Harddisk0\DR0:
22:49:51.0358 3904 MBR used
22:49:51.0358 3904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360
22:49:51.0390 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
22:49:51.0514 3904 Initialize success
22:49:51.0514 3904 ============================================================
22:49:59.0548 3736 ============================================================
22:49:59.0548 3736 Scan started
22:49:59.0548 3736 Mode: Manual;
22:49:59.0548 3736 ============================================================
22:50:00.0718 3736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:50:00.0718 3736 ACPI - ok
22:50:00.0765 3736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:50:00.0765 3736 adp94xx - ok
22:50:00.0812 3736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:50:00.0812 3736 adpahci - ok
22:50:00.0843 3736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:50:00.0843 3736 adpu160m - ok
22:50:00.0890 3736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:50:00.0890 3736 adpu320 - ok
22:50:01.0093 3736 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:50:01.0093 3736 AFD - ok
22:50:01.0155 3736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:50:01.0155 3736 agp440 - ok
22:50:01.0233 3736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:50:01.0233 3736 aic78xx - ok
22:50:01.0327 3736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:50:01.0327 3736 aliide - ok
22:50:01.0358 3736 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:50:01.0358 3736 amdagp - ok
22:50:01.0405 3736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:50:01.0420 3736 amdide - ok
22:50:01.0452 3736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:50:01.0452 3736 AmdK7 - ok
22:50:01.0483 3736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:50:01.0483 3736 AmdK8 - ok
22:50:01.0654 3736 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:50:01.0654 3736 arc - ok
22:50:01.0717 3736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:50:01.0717 3736 arcsas - ok
22:50:01.0842 3736 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
22:50:01.0842 3736 AsDsm - ok
22:50:02.0013 3736 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
22:50:02.0029 3736 ASMMAP - ok
22:50:02.0185 3736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:02.0200 3736 AsyncMac - ok
22:50:02.0247 3736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:50:02.0247 3736 atapi - ok
22:50:02.0403 3736 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
22:50:02.0403 3736 athr - ok
22:50:02.0544 3736 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:50:02.0559 3736 avgntflt - ok
22:50:02.0746 3736 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
22:50:02.0762 3736 avipbb - ok
22:50:02.0793 3736 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:50:02.0793 3736 avkmgr - ok
22:50:02.0871 3736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:50:02.0887 3736 Beep - ok
22:50:02.0949 3736 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:50:02.0949 3736 blbdrive - ok
22:50:03.0027 3736 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:50:03.0027 3736 bowser - ok
22:50:03.0058 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:50:03.0074 3736 BrFiltLo - ok
22:50:03.0090 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:50:03.0105 3736 BrFiltUp - ok
22:50:03.0152 3736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:50:03.0152 3736 Brserid - ok
22:50:03.0199 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:50:03.0199 3736 BrSerWdm - ok
22:50:03.0230 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:50:03.0230 3736 BrUsbMdm - ok
22:50:03.0277 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:50:03.0355 3736 BrUsbSer - ok
22:50:03.0417 3736 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
22:50:03.0417 3736 BthEnum - ok
22:50:03.0480 3736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:50:03.0480 3736 BTHMODEM - ok
22:50:03.0542 3736 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:50:03.0542 3736 BthPan - ok
22:50:03.0589 3736 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
22:50:03.0589 3736 BTHPORT - ok
22:50:03.0620 3736 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
22:50:03.0636 3736 BTHUSB - ok
22:50:03.0729 3736 catchme - ok
22:50:03.0838 3736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:03.0838 3736 cdfs - ok
22:50:03.0916 3736 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:50:03.0932 3736 cdrom - ok
22:50:03.0963 3736 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:50:03.0979 3736 circlass - ok
22:50:04.0041 3736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:50:04.0057 3736 CLFS - ok
22:50:04.0150 3736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:04.0166 3736 CmBatt - ok
22:50:04.0197 3736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:50:04.0213 3736 cmdide - ok
22:50:04.0228 3736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:04.0228 3736 Compbatt - ok
22:50:04.0260 3736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:50:04.0260 3736 crcdisk - ok
22:50:04.0306 3736 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:50:04.0306 3736 Crusoe - ok
22:50:04.0431 3736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:50:04.0447 3736 DfsC - ok
22:50:04.0540 3736 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
22:50:04.0540 3736 DgiVecp - ok
22:50:04.0634 3736 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:50:04.0634 3736 disk - ok
22:50:04.0774 3736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:50:04.0774 3736 drmkaud - ok
22:50:04.0837 3736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:04.0852 3736 DXGKrnl - ok
22:50:04.0915 3736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:50:04.0915 3736 E1G60 - ok
22:50:05.0008 3736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:50:05.0008 3736 Ecache - ok
22:50:05.0102 3736 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:50:05.0118 3736 elxstor - ok
22:50:05.0149 3736 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:50:05.0149 3736 ErrDev - ok
22:50:05.0242 3736 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:50:05.0242 3736 exfat - ok
22:50:05.0289 3736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:50:05.0289 3736 fastfat - ok
22:50:05.0414 3736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:50:05.0414 3736 fdc - ok
22:50:05.0461 3736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:50:05.0476 3736 FileInfo - ok
22:50:05.0508 3736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:50:05.0523 3736 Filetrace - ok
22:50:05.0539 3736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:05.0554 3736 flpydisk - ok
22:50:05.0601 3736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:50:05.0617 3736 FltMgr - ok
22:50:05.0757 3736 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
22:50:05.0757 3736 fssfltr - ok
22:50:05.0820 3736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:05.0820 3736 Fs_Rec - ok
22:50:05.0851 3736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:50:05.0851 3736 gagp30kx - ok
22:50:06.0100 3736 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
22:50:06.0100 3736 hamachi - ok
22:50:06.0178 3736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:50:06.0194 3736 HdAudAddService - ok
22:50:06.0256 3736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:50:06.0272 3736 HDAudBus - ok
22:50:06.0303 3736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:50:06.0303 3736 HidBth - ok
22:50:06.0334 3736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:50:06.0350 3736 HidIr - ok
22:50:06.0412 3736 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:50:06.0428 3736 HidUsb - ok
22:50:06.0459 3736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:50:06.0475 3736 HpCISSs - ok
22:50:06.0537 3736 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:50:06.0537 3736 HTTP - ok
22:50:06.0600 3736 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:50:06.0615 3736 i2omp - ok
22:50:06.0678 3736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:50:06.0693 3736 i8042prt - ok
22:50:06.0740 3736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:50:06.0756 3736 iaStorV - ok
22:50:06.0802 3736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:50:06.0818 3736 iirsp - ok
22:50:06.0958 3736 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
22:50:07.0021 3736 IntcAzAudAddService - ok
22:50:07.0099 3736 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:50:07.0114 3736 intelide - ok
22:50:07.0177 3736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:07.0192 3736 intelppm - ok
22:50:07.0239 3736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:07.0239 3736 IpFilterDriver - ok
22:50:07.0255 3736 IpInIp - ok
22:50:07.0302 3736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:50:07.0317 3736 IPMIDRV - ok
22:50:07.0348 3736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:50:07.0364 3736 IPNAT - ok
22:50:07.0411 3736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:50:07.0426 3736 IRENUM - ok
22:50:07.0489 3736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:50:07.0489 3736 isapnp - ok
22:50:07.0536 3736 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:50:07.0536 3736 iScsiPrt - ok
22:50:07.0567 3736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:50:07.0582 3736 iteatapi - ok
22:50:07.0598 3736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:50:07.0614 3736 iteraid - ok
22:50:07.0660 3736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:50:07.0676 3736 kbdclass - ok
22:50:07.0692 3736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:50:07.0707 3736 kbdhid - ok
22:50:07.0926 3736 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:50:07.0957 3736 kbfiltr - ok
22:50:08.0019 3736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:50:08.0035 3736 KSecDD - ok
22:50:08.0097 3736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:50:08.0113 3736 lltdio - ok
22:50:08.0144 3736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:50:08.0160 3736 LSI_FC - ok
22:50:08.0191 3736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:50:08.0191 3736 LSI_SAS - ok
22:50:08.0222 3736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:50:08.0222 3736 LSI_SCSI - ok
22:50:08.0253 3736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:50:08.0253 3736 luafv - ok
22:50:08.0300 3736 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
22:50:08.0316 3736 lullaby - ok
22:50:08.0409 3736 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:50:08.0425 3736 megasas - ok
22:50:08.0456 3736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:50:08.0472 3736 MegaSR - ok
22:50:08.0503 3736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:50:08.0503 3736 Modem - ok
22:50:08.0581 3736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:50:08.0596 3736 monitor - ok
22:50:08.0628 3736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:50:08.0643 3736 mouclass - ok
22:50:08.0674 3736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:50:08.0690 3736 mouhid - ok
22:50:08.0721 3736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:50:08.0721 3736 MountMgr - ok
22:50:08.0784 3736 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:50:08.0784 3736 mpio - ok
22:50:08.0830 3736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:50:08.0830 3736 mpsdrv - ok
22:50:08.0846 3736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:50:08.0862 3736 Mraid35x - ok
22:50:08.0908 3736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:50:08.0908 3736 MRxDAV - ok
22:50:08.0940 3736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:08.0955 3736 mrxsmb - ok
22:50:09.0002 3736 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:09.0002 3736 mrxsmb10 - ok
22:50:09.0033 3736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:09.0033 3736 mrxsmb20 - ok
22:50:09.0142 3736 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:50:09.0158 3736 msahci - ok
22:50:09.0174 3736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:50:09.0189 3736 msdsm - ok
22:50:09.0267 3736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:50:09.0283 3736 Msfs - ok
22:50:09.0345 3736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:50:09.0423 3736 msisadrv - ok
22:50:09.0548 3736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:50:09.0564 3736 MSKSSRV - ok
22:50:09.0642 3736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:09.0657 3736 MSPCLOCK - ok
22:50:09.0704 3736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:50:09.0720 3736 MSPQM - ok
22:50:09.0782 3736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:50:09.0798 3736 MsRPC - ok
22:50:09.0829 3736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:50:09.0829 3736 mssmbios - ok
22:50:09.0876 3736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:50:09.0876 3736 MSTEE - ok
22:50:09.0938 3736 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
22:50:09.0938 3736 MTsensor - ok
22:50:09.0969 3736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:50:09.0985 3736 Mup - ok
22:50:10.0063 3736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:50:10.0078 3736 NativeWifiP - ok
22:50:10.0141 3736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:50:10.0141 3736 NDIS - ok
22:50:10.0219 3736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:10.0234 3736 NdisTapi - ok
22:50:10.0250 3736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:10.0266 3736 Ndisuio - ok
22:50:10.0297 3736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:10.0312 3736 NdisWan - ok
22:50:10.0344 3736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:50:10.0344 3736 NDProxy - ok
22:50:10.0453 3736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:50:10.0453 3736 NetBIOS - ok
22:50:10.0500 3736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:50:10.0500 3736 netbt - ok
22:50:10.0593 3736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:50:10.0593 3736 nfrd960 - ok
22:50:10.0656 3736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:50:10.0671 3736 Npfs - ok
22:50:10.0718 3736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:50:10.0734 3736 nsiproxy - ok
22:50:10.0812 3736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:50:10.0827 3736 Ntfs - ok
22:50:10.0858 3736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:50:10.0874 3736 ntrigdigi - ok
22:50:10.0905 3736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:50:10.0921 3736 Null - ok
22:50:11.0186 3736 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:50:11.0295 3736 nvlddmkm - ok
22:50:11.0342 3736 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:50:11.0342 3736 nvraid - ok
22:50:11.0358 3736 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:50:11.0373 3736 nvstor - ok
22:50:11.0436 3736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:50:11.0451 3736 nv_agp - ok
22:50:11.0451 3736 NwlnkFlt - ok
22:50:11.0482 3736 NwlnkFwd - ok
22:50:11.0529 3736 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:50:11.0529 3736 ohci1394 - ok
22:50:11.0607 3736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:50:11.0607 3736 Parport - ok
22:50:11.0654 3736 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:50:11.0670 3736 partmgr - ok
22:50:11.0716 3736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:50:11.0716 3736 Parvdm - ok
22:50:11.0779 3736 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:50:11.0779 3736 pci - ok
22:50:11.0841 3736 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:50:11.0857 3736 pciide - ok
22:50:11.0888 3736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:50:11.0888 3736 pcmcia - ok
22:50:11.0982 3736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:50:11.0997 3736 PEAUTH - ok
22:50:12.0153 3736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:50:12.0153 3736 PptpMiniport - ok
22:50:12.0216 3736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:50:12.0216 3736 Processor - ok
22:50:12.0278 3736 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:50:12.0278 3736 PSched - ok
22:50:12.0309 3736 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:50:12.0309 3736 PxHelp20 - ok
22:50:12.0481 3736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:50:12.0496 3736 ql2300 - ok
22:50:12.0528 3736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:50:12.0543 3736 ql40xx - ok
22:50:12.0590 3736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:50:12.0590 3736 QWAVEdrv - ok
22:50:12.0621 3736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:50:12.0637 3736 RasAcd - ok
22:50:12.0652 3736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:12.0668 3736 Rasl2tp - ok
22:50:12.0715 3736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:12.0715 3736 RasPppoe - ok
22:50:12.0762 3736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:50:12.0777 3736 RasSstp - ok
22:50:12.0808 3736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:50:12.0824 3736 rdbss - ok
22:50:12.0855 3736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:12.0871 3736 RDPCDD - ok
22:50:12.0902 3736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:50:12.0918 3736 rdpdr - ok
22:50:12.0933 3736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:50:12.0949 3736 RDPENCDD - ok
22:50:12.0996 3736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:50:13.0011 3736 RDPWD - ok
22:50:13.0198 3736 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
22:50:13.0214 3736 RFCOMM - ok
22:50:13.0245 3736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:50:13.0261 3736 rspndr - ok
22:50:13.0308 3736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:50:13.0308 3736 sbp2port - ok
22:50:13.0417 3736 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:50:13.0432 3736 sdbus - ok
22:50:13.0495 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:50:13.0510 3736 secdrv - ok
22:50:13.0573 3736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:50:13.0588 3736 Serenum - ok
22:50:13.0620 3736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:50:13.0635 3736 Serial - ok
22:50:13.0666 3736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:50:13.0682 3736 sermouse - ok
22:50:13.0729 3736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:50:13.0744 3736 sffdisk - ok
22:50:13.0776 3736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:50:13.0776 3736 sffp_mmc - ok
22:50:13.0807 3736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:50:13.0822 3736 sffp_sd - ok
22:50:13.0854 3736 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:13.0869 3736 sfloppy - ok
22:50:13.0916 3736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:50:13.0932 3736 sisagp - ok
22:50:13.0963 3736 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys
22:50:13.0978 3736 SiSGbeLH - ok
22:50:14.0010 3736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:50:14.0025 3736 SiSRaid2 - ok
22:50:14.0056 3736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:50:14.0072 3736 SiSRaid4 - ok
22:50:14.0119 3736 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:50:14.0134 3736 Smb - ok
22:50:14.0228 3736 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
22:50:14.0259 3736 smserial - ok
22:50:14.0384 3736 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:50:14.0415 3736 SNP2UVC - ok
22:50:14.0478 3736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:50:14.0493 3736 spldr - ok
22:50:14.0571 3736 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
22:50:14.0571 3736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
22:50:14.0571 3736 sptd ( LockedFile.Multi.Generic ) - warning
22:50:14.0571 3736 sptd - detected LockedFile.Multi.Generic (1)
22:50:14.0649 3736 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:50:14.0665 3736 srv - ok
22:50:14.0712 3736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:50:14.0727 3736 srv2 - ok
22:50:14.0758 3736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:14.0758 3736 srvnet - ok
22:50:14.0821 3736 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:50:14.0836 3736 ssmdrv - ok
22:50:14.0868 3736 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
22:50:14.0883 3736 SSPORT - ok
22:50:14.0992 3736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:50:15.0008 3736 swenum - ok
22:50:15.0055 3736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:50:15.0070 3736 Symc8xx - ok
22:50:15.0102 3736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:50:15.0117 3736 Sym_hi - ok
22:50:15.0164 3736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:50:15.0180 3736 Sym_u3 - ok
22:50:15.0226 3736 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:50:15.0258 3736 SynTP - ok
22:50:15.0336 3736 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
22:50:15.0367 3736 Tcpip - ok
22:50:15.0414 3736 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:15.0429 3736 Tcpip6 - ok
22:50:15.0507 3736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:50:15.0523 3736 tcpipreg - ok
22:50:15.0570 3736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:50:15.0585 3736 TDPIPE - ok
22:50:15.0616 3736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:50:15.0616 3736 TDTCP - ok
22:50:15.0663 3736 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:50:15.0679 3736 tdx - ok
22:50:15.0710 3736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:50:15.0741 3736 TermDD - ok
22:50:15.0835 3736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:15.0850 3736 tssecsrv - ok
22:50:15.0882 3736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:50:15.0897 3736 tunmp - ok
22:50:15.0928 3736 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:15.0944 3736 tunnel - ok
22:50:15.0975 3736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:50:15.0991 3736 uagp35 - ok
22:50:16.0038 3736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:50:16.0053 3736 udfs - ok
22:50:16.0100 3736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:50:16.0116 3736 uliagpkx - ok
22:50:16.0147 3736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:50:16.0162 3736 uliahci - ok
22:50:16.0178 3736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:50:16.0194 3736 UlSata - ok
22:50:16.0225 3736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:50:16.0240 3736 ulsata2 - ok
22:50:16.0272 3736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:50:16.0287 3736 umbus - ok
22:50:16.0412 3736 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
22:50:16.0412 3736 UnlockerDriver5 - ok
22:50:16.0584 3736 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:50:16.0584 3736 usbaudio - ok
22:50:16.0630 3736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:16.0630 3736 usbccgp - ok
22:50:16.0677 3736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:50:16.0693 3736 usbcir - ok
22:50:16.0786 3736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:50:16.0802 3736 usbehci - ok
22:50:16.0833 3736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:16.0849 3736 usbhub - ok
22:50:16.0896 3736 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:50:16.0911 3736 usbohci - ok
22:50:16.0974 3736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:16.0989 3736 usbprint - ok
22:50:17.0067 3736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:17.0083 3736 usbscan - ok
22:50:17.0130 3736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:17.0145 3736 USBSTOR - ok
22:50:17.0192 3736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:50:17.0208 3736 usbuhci - ok
22:50:17.0239 3736 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:50:17.0254 3736 usbvideo - ok
22:50:17.0301 3736 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:17.0317 3736 vga - ok
22:50:17.0332 3736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:50:17.0348 3736 VgaSave - ok
22:50:17.0379 3736 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:50:17.0379 3736 viaagp - ok
22:50:17.0410 3736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:50:17.0426 3736 ViaC7 - ok
22:50:17.0566 3736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:50:17.0566 3736 viaide - ok
22:50:17.0644 3736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:50:17.0660 3736 volmgr - ok
22:50:17.0707 3736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:50:17.0722 3736 volmgrx - ok
22:50:17.0754 3736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:50:17.0769 3736 volsnap - ok
22:50:17.0800 3736 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:50:17.0816 3736 vsmraid - ok
22:50:17.0863 3736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:50:17.0878 3736 WacomPen - ok
22:50:17.0910 3736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:17.0925 3736 Wanarp - ok
22:50:17.0988 3736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:17.0988 3736 Wanarpv6 - ok
22:50:18.0081 3736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:50:18.0097 3736 Wd - ok
22:50:18.0144 3736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:50:18.0159 3736 Wdf01000 - ok
22:50:18.0643 3736 WmFilter (cffe18db8140b00335221907a694dd01) C:\Windows\system32\drivers\WmFilter.sys
22:50:18.0658 3736 WmFilter - ok
22:50:18.0705 3736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:50:18.0736 3736 WmiAcpi - ok
22:50:18.0783 3736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:18.0799 3736 ws2ifsl - ok
22:50:18.0877 3736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:18.0892 3736 WUDFRd - ok
22:50:18.0970 3736 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
22:50:18.0986 3736 xnacc - ok
22:50:19.0095 3736 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
22:50:19.0111 3736 xusb21 - ok
22:50:19.0173 3736 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
22:50:19.0189 3736 yukonwlh - ok
22:50:19.0204 3736 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
22:50:19.0345 3736 \Device\Harddisk0\DR0 - ok
22:50:19.0360 3736 Boot (0x1200) (58d05d33716f8103d6c9c0e84086a8b6) \Device\Harddisk0\DR0\Partition0
22:50:19.0360 3736 \Device\Harddisk0\DR0\Partition0 - ok
22:50:19.0392 3736 Boot (0x1200) (12aa7348563a13b65716e39d09fc4495) \Device\Harddisk0\DR0\Partition1
22:50:19.0407 3736 \Device\Harddisk0\DR0\Partition1 - ok
22:50:19.0407 3736 ============================================================
22:50:19.0407 3736 Scan finished
22:50:19.0407 3736 ============================================================
22:50:19.0423 3400 Detected object count: 1
22:50:19.0423 3400 Actual detected object count: 1
22:57:13.0993 3400 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
22:57:14.0008 3400 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
 
Rkill log after TDSkiller scan

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/26/2012 at 23:03:22.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 02/26/2012 at 23:03:29.
 
exehelperlog after TDSkiller scan

exeHelper by Raktor
Build 20100414
Run at 22:09:02 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 23:05:47 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Rkill log when running in safe mode

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/26/2012 at 23:52:53.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe


Rkill completed on 02/26/2012 at 23:52:57.
 
exehelperlog when running in safe mode

exeHelper by Raktor
Build 20100414
Run at 22:09:02 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 23:05:47 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 23:54:05 on 02/26/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Here is what is happening with combofix. It runs, as it says that it found the ZeroAccess Rootkit. Combofix restarted the machine, and when the machine loaded up the desktop, and in both safe mode or not safe mode, a log didn't pop up, even after running rkill, exehelper and TDSkiller. Usually, after combofix restarts the machine, a log is supposed to pop up upon startup right? Not this time, and neither did a log pop up the many other times I tried to run combofix.

It is not the fact that combofix doesn't run, but it is the fact that it didn't give me any logs after it told me to restart the machine.
 
If it ran the scan, there will be a log: please search the system for combofix.txt.
 
I searched the system, and combofix.txt does not exist. Something is probably blocking combofix from completely finishing the scan, and thus no log was created.

I ran combofix twice, once normally, and once again with Rkill and EXEhelper, and the renamed combofix. Both to no avail. In both cases, and in all cases, it goes

Failed to get "EnableLUA" and it said that twice.

Then in creates a system restore point.

Then it starts to scan for stuff, and it found the ZeroAccess Rootkit. Because of that, the machine had to reboot. Once it rebooted, that was it. Combofix didn't start up to finish its scan or fix, and no txt file popped up.

And this is everytime I run combofix. I could run it 10 times, and it would still have the same result.

The details of exactly what combofix said, and what each pop up window said is posted a few posts back, somewhere in the middle of the second page of this thread.
 
Please run OTL since Combofix won't finish:
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL

OTL logfile created on: 3/6/2012 9:15:34 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.83% Memory free
6.20 Gb Paging File | 5.19 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 9.86 Gb Free Space | 8.47% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 15.60 Gb Free Space | 14.89% Space Free | Partition Type: NTFS

Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\Windows\ASScrPro.exe ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (DAUpdaterSvc) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64242
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 08:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 20:16:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

[2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/03/06 21:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
[2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/06 21:14:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
[2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/29 08:39:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/29 08:39:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 08:39:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/20 22:14:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 22:31:42 | 000,000,000 | --SD | C] -- C:\mandrake
[2012/03/02 22:23:34 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\George\Desktop\mandrake.exe
[2012/03/02 22:09:44 | 000,000,000 | --SD | C] -- C:\friday32470f
[2012/03/02 21:51:08 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/27 00:01:17 | 000,000,000 | --SD | C] -- C:\friday15101f
[2012/02/26 23:07:37 | 000,000,000 | --SD | C] -- C:\friday1938f
[2012/02/26 22:48:49 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\tdsskiller(1)
[2012/02/26 22:12:22 | 000,000,000 | --SD | C] -- C:\friday
[2012/02/25 18:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 18:12:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 18:12:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/18 01:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 01:18:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/18 01:15:28 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\tdsskiller
[2012/02/16 20:16:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2012/03/06 20:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 20:39:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 20:39:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 16:56:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 07:44:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
[2012/03/02 22:39:48 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/02 22:39:38 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/03/02 22:39:35 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/02 22:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 22:38:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 22:37:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/02 22:25:56 | 000,294,400 | ---- | M] () -- C:\Users\George\Desktop\exeHelper.com
[2012/03/02 22:24:38 | 001,008,141 | ---- | M] () -- C:\Users\George\Desktop\rkill.exe
[2012/03/02 22:23:52 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\George\Desktop\mandrake.exe
[2012/02/29 01:19:07 | 000,691,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/29 01:19:07 | 000,138,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/20 22:14:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/18 11:16:32 | 000,000,134 | ---- | M] () -- C:\Users\George\Desktop\hosts-perm(1).bat
[2012/02/16 20:09:08 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/02 22:25:54 | 000,294,400 | ---- | C] () -- C:\Users\George\Desktop\exeHelper.com
[2012/03/02 22:24:34 | 001,008,141 | ---- | C] () -- C:\Users\George\Desktop\rkill.exe
[2012/02/27 00:24:29 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/25 18:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 18:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 18:12:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 18:12:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 18:12:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/18 11:16:32 | 000,000,134 | ---- | C] () -- C:\Users\George\Desktop\hosts-perm(1).bat
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
[2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
[2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
[2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
[2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
[2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
[2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
[2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
[2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
[2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
[2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
[2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
[2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
[2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
[2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
[2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
[2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
[2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
[2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
[2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
[2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
[2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
[2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
[2012/03/02 22:37:40 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/06 07:44:13 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/07 09:14:22 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
 
Okay, the Extras log in OTL only comes up automatically the first time it's run> you did that on 2/12/ To get the log again, I would use script to call it up. again.

I don't advise using Hibernate, but you can use either 'Sleep' when you shut the lid if it's a laptop or use Stand By in Power Options. Either of those settings will allow you to keep your work up on the screen and when reopened, the work will be right in front of you to continue.

But neither should affect the cleaning unless you have a program or app starting on boot that would deliberately make changes in the system> like CCleaner.
=========================================
Where are we with the Security Center setting? I'd like to check some Services:

Please download Farbar Service Scanner
  • Check ALL boxes to include all files.
  • Press the Scan button
  • Log named FSS.txt will be created in the same directory as the tool
  • Please paste the log into your next reply

-------------------------
One more comment about the Zero Access message from Combofix>> did you just try to ignore it and continue? It should run Combofix in the Reduced Functionality Mode, but should still do what is necessary.
 
I restarted the computer because the internet wasn't working, and now it works.

Ok anyway, I went to the security center, and it has the Firewall, Automatic Updating, Malware, and Other Security Settings.

Firewall cannot be turned on

Automatic Updating is turned on

Malware Protection: Windows Defender can't be updated, and the Antivirus program I am using is Avira, not Trend Micro, but it won't detect the fact that I installed Avira.

Other Security Settings are turned on, such as UAC, and internet security settings.

I am going to run the FSS scan now.
 
Farbar Service Scanner Version: 01-03-2012
Ran by George (administrator) on 12-03-2012 at 21:30:19
Running from "C:\Users\George\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Can I still run programs such as games and documents during the cleaning process?

So tell me a list of things that I can't do to my computer during the cleaning process, because I want to be able to use that laptop as soon as possible.

I also heard that Zero Access rootkit, which Combofix seems to have found, messes with the security software on a computer. Is that true? So the major problem I am facing is to get rid of the ZeroAccess rootkit, which Combofix seems to cannot do, as you can see, every attempt, it did nothing, restarted the computer, and never gave me a log.
 
oh yeah, about combofix, yeah I clicked on continue, and that's what I did, well the last time I tried it anyway, and it says that my computer needs to restart, and the computer rebooted and loaded up the desktop without any txt files or combofix running after the restart.

Another thing is, was I supposed to click on continue?
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
N
'Terminator' tool uses vulnerable Windows driver to kill almost any security software
Replies
3
Views
695
hwertz
hwertz
A
Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
Replies
3
Views
782
Hodor
Hodor

Latest posts

Back