TechSpot

I think I have a virus

Inactive
By Havingphun
May 22, 2012
  1. So last summer I got a virus on my laptop. I got rid of it by pressing the required button at start up that reintalled windows vista and resetting my laptop to factory settings. But now I have another. First of all I can't reset my pc the way I did before, It just beeps loudly. I'm pressing the right button too!

    The virus I have now makes it so I cannot go to any website. I can connect to the internet but every website and search I try to access just comes up with a white screen and says its loading. But even after an hour of waiting it still does not load. I use opera as a browser.What used to happen is every website I clicked on would come up with some add site called abnow. All I had to do was copy the link of the website into the search box and it would bring me directly to the website.

    But now no websites will load. I have also had this problem of just about every program I install will have this error when I try to use it: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item." I am the only person who uses my laptop and I am the administrator, so I should have permission to use it. I also looked at the permissions of the files and I had permission to use them. Most programs that do this are ones that I install from disks. All of the programs effected never had this problem until these past couple of months. I had to uninstall all of my antivirus software and now I can't install anymore. I can't download any. Norton requires me to activate through the internet. Malware bytes has that error above now.

    But there is this folder that I found in C:\Program Files\. I have no idea what it is and I have idea where it came from. Its called RelevantKnowledge. It has a file in it with no name and no file type. Its size of it is: 105 kb. If I try to delete it nothing happens. If I try to delete RelevantKnowledge the folder its in I get this error. "error 0x80070091: This directory is not empty."

    I don't see how that is a good reason not to delete it. I have deleted directories that are not empty before. Can someone help me? These are my pc's specs:

    CPU: AMD Turion Dual - Core RM - 70 2.00 GHz
    RAM: 3.00 GB
    OS: Windows Vista Home Premium, 32 bit, Service Pack 1
    Model: HP G60 Notebook PC
    GPU: NVIDIA GeForce 8200M G

    Please help. Thanks in ahead.
     
  2. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    I did some research on relevant knownledge its not a virus. But something must be causing these problems.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Ok thank you. I'm downloading malwarebytes now. Thats probably the most I can download because I have only have access to dial up now. 2.00 KB/sec downloads. ill keep updating.
     
  5. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    I'm working on making the logs now.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Cool :)
     
  7. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Ok, so I installed Malwarebytes and it worked at first. The active proctection found and quarantined two files labeled as rootkit.noaccess. That would explain my pc telling me this error on alot of programs: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item.". But after this it just got worse. When I started the quick scan mb ran for about 30 seconds then it acted as if it minimized. Its icon was still in the tray on the bottom right of the screen. But malware bytes did not do anything. When I tried to run malwarebytes again it gave me the error above. So somehow the virus got to it when it ran the scan. The only time that malwarebytes was found by the virus was when it tried to scan for the viruses. Later I tried to run a new install of malware bytes on safe mode. The virus still got to it. After several more tries my screen flashed white and my laptop turned off. I turned it back on and was looking at options other than safe mode and my computer did the same thing.

    I was about to try again when I noticed my laptop was extremely hot in one spot. I noticed that it is the spot where my harddrive is located. So I turned it off and stopped for the night. Now I'm gonna try to install and update malware bytes on my un - infected pc and then move it to my other one. Also I tried to run gmer but the virus caught it. The virus also would not let me move, rename, or delete gmer after it caught it. So I made a new copy of gmer under a different name and ran it in safe mode. After the first scan it did not make the log correctly so I ran another scan and then my computer crashed. Thats how it crashed the first time.

    Is there anyway that I can stop the virus from disabling malware bytes. Would updating it do that?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Log from DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048
    Run by New 2 at 14:30:45 on 2012-05-25
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1961 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\2017564883:744996487.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
    uRun: [Cracked Steam Service] "c:\program files\steam\Cracked Steam.exe" /SERVICE
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\relevantknowledge\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] c:\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    dRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
    dRun: [GameBooster.exe] c:\program files\iobit\game booster\GameBooster.exe
    dRun: [HKCU] c:\windows\system32\install\winchk.exe
    dRun: [AOL Fast Start] "c:\program files\aol 9.0a\AOL.EXE" -b
    dRunOnce: [Shockwave Updater] c:\windows\system32\macromed\shockw~1\SWHELP~1.EXE -Update -1020023 -svchost.exe6.0
    dExplorerRun: [Policies] c:\windows\system32\install\winchk.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172} : NameServer = 205.188.146.145
    TCP: Interfaces\{7480D921-6286-496C-B2AC-6C2385A6918D} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{9DABAAE7-1F5F-4D23-9AB3-D0703079E615} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2} : NameServer = 205.188.146.145
    AppInit_DLLs:
    STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {74DH87MJ-35VS-3DAK-2I56-GIK58IRFVC08} - c:\windows\system32\install\winchk.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-11 16184]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-26 29808]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2012-4-5 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2012-4-5 666672]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100810.004\BHDrvx86.sys [2012-4-5 692272]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100706.002\IDSVix86.sys [2012-4-5 344112]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2012-4-5 134704]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2012-4-5 331312]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-5 913752]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-11-20 24652]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2012-4-21 1201640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-24 22344]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-25 40776]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-23 123496]
    S2 AntUpdaterService;Ant Toolbar updater service;"c:\program files\ant.com\ie add-on\antupdaterservice.exe" --> c:\program files\ant.com\ie add-on\AntUpdaterService.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
    S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-7-11 821080]
    S2 MBAMService;MBAMService;c:\program files\relevantknowledge\mbamservice.exe [2012-5-24 654408]
    S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2012-4-5 126904]
    S2 PCKeeperService;PCKeeper Worker Service;c:\program files\zeobit\pckeeper\ZeoService.exe [2011-8-10 0]
    S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
    S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-8-26 4048240]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
    S3 fileHiders;fileHiders;c:\windows\system32\drivers\fileHiders.sys [2011-8-10 27928]
    S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-7-11 18768]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-7-11 30600]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-7-11 19280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZeoScanner;ZeoScanner;c:\windows\system32\drivers\zeoscanner.sys [2011-8-10 23832]
    .
    =============== Created Last 30 ================
    .
    2012-05-25 20:45:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-05-25 20:32:09 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2012-05-25 06:29:20 -------- d-----w- c:\program files\NotMalwareBots
    2012-05-25 05:57:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 05:44:41 -------- d-----w- c:\users\new 2\appdata\roaming\Malwarebytes
    2012-05-25 05:44:31 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-05 23:43:25 -------- d-----w- c:\program files\Sierra
    .
    ==================== Find3M ====================
    .
    2012-05-25 20:16:52 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
    2012-04-05 14:55:29 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
    2012-04-05 12:37:27 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-08-08 17:55:05 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
    2009-03-16 21:36:16 1691464 ----a-w- c:\program files\dsetup32.dll
    2009-03-16 21:35:46 525128 ----a-w- c:\program files\DXSETUP.exe
    2009-03-16 21:35:34 94024 ----a-w- c:\program files\DSETUP.dll
    .
    ============= FINISH: 14:34:22.83 ===============
     
  10. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Attach Log From DDS:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/20/2010 7:06:56 PM
    System Uptime: 5/25/2012 1:16:22 PM (1 hours ago)
    .
    Motherboard: Wistron | | 303C
    Processor: AMD Turion Dual-Core RM-70 | Socket A | 1000/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 27.87 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0.478 GiB free.
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP316: 4/21/2012 5:29:16 PM - Installed DirectX
    RP317: 4/23/2012 4:10:06 PM - Scheduled Checkpoint
    RP319: 4/23/2012 9:19:14 PM - Installed DirectX
    RP320: 4/24/2012 4:29:12 PM - Scheduled Checkpoint
    RP321: 4/25/2012 4:50:29 PM - Scheduled Checkpoint
    RP322: 4/29/2012 5:41:24 AM - Scheduled Checkpoint
    RP323: 5/3/2012 1:58:17 PM - Scheduled Checkpoint
    RP324: 5/7/2012 2:33:57 PM - Scheduled Checkpoint
    RP325: 5/8/2012 11:48:49 AM - Scheduled Checkpoint
    RP326: 5/9/2012 12:07:17 PM - Scheduled Checkpoint
    RP327: 5/10/2012 3:20:28 PM - Scheduled Checkpoint
    RP328: 5/11/2012 12:42:15 PM - Scheduled Checkpoint
    RP329: 5/24/2012 7:49:13 PM - Scheduled Checkpoint
    RP330: 5/25/2012 2:12:52 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    18 Wheels of Steel: American Long Haul
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Advanced SystemCare 5
    AIM 7
    Algodoo v1.8.5
    Algodoo v2.0.2 b1
    AOL Mail and AIM Gadget
    AOL Registration
    AOL Uninstaller (Choose which Products to Remove)
    Apple Software Update
    Atheros Driver Installation Program
    Battlefield Vietnam(TM)
    BitTorrent
    Blender (remove only)
    Blender NIF Scripts (remove only)
    Borderlands
    Caesar IV
    Call of Duty: Modern Warfare 2 - Multiplayer
    Cards_Calendar_OrderGift_DoMorePlugout
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CMake 2.8, a cross-platform, open-source build system
    CodeBlocks
    Command & Conquer 3
    Command & Conquer The First Decade
    Command & Conquer™ Red Alert™ 3
    Company of Heroes - FAKEMSI
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Cracked Steam
    CyberLink DVD Suite
    CyberLink YouCam
    Download Updater (AOL LLC)
    Dragon UnPACKer 5
    EasyBCD 2.0
    ESU for Microsoft Vista
    Fraps
    FreeArc 0.666
    Game Booster 3
    GlassFish Server Open Source Edition 3.1
    Google Chrome
    Google Update Helper
    Havij 1.14 Free
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
    HOTLLAMA Media Player
    How to make Modifications for Games in general 1.001
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Photosmart Essential 2.5
    HP Product Detection
    HP Quick Launch Buttons 6.40 D3
    HP Smart Web Printing
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    HPTCSSetup
    IObit Malware Fighter
    ISO Recorder
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 5
    Java(TM) SE Development Kit 6 Update 26
    John Deere American Builder Deluxe
    John Deere American Farmer Deluxe
    LabelPrint
    LightScribe System Software 1.12.33.2
    Limewire Plus+ 1.0.1.8082
    Liquid War 6 0.0.10beta
    Malwarebytes Anti-Malware version 1.61.0.1400
    MediaGet2 version 2.1.494.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Help Viewer 1.0
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.0
    Microsoft XNA Game Studio Platform Tools
    MMDS 0.02
    Mobile Broadband Generic Drivers
    Morrowind
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP2 Parser and SDK
    muvee autoProducer 6.1
    My HP Games
    MySQL Connector/ODBC 3.51
    NetBeans IDE 7.0
    NetWaiting
    Nexus Mod Manager
    Norton Internet Security
    NVIDIA Control Panel 260.99
    NVIDIA Drivers
    NVIDIA Graphics Driver 260.99
    NVIDIA HD Audio Driver 1.1.9.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 260.99
    NVIDIA Stereoscopic 3D Driver
    Opera 11.62
    Paint.NET v3.5.6
    PCKeeper
    Plants vs. Zombies
    Power2Go
    PowerDirector
    PowerISO
    PSSWCORE
    PyFFI 2.1.11
    Python 2.6.6
    Python 2.7.2
    Qt SDK
    Quick Web Player
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Realtek USB 2.0 Card Reader
    Red Faction Guerrilla
    RTC Client API v1.2
    SanDiskSecureAccess_Manager.exe
    Sid Meier's Civilization 4
    Sid Meier's Civilization V - Demo
    Silent Hunter Wolves of the Pacific
    Sins of a Solar Empire
    Smart Defrag 2
    SpeedBit Video Downloader
    SPORE™
    Spy Sweeper
    Spy Sweeper Core
    Steam
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    TES Construction Set
    THE SETTLERS - Rise of an Empire
    Update for Office 2007 (KB934528)
    uTorrentBar Toolbar
    Ventrilo Client
    Verizon Wireless MiFi-2200 Firmware Updates
    VideoToolkit01
    Viewpoint Media Player
    Virtual Villagers - The Lost Children (remove only)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WinRAR archiver
    YouTube Downloader 3.3
    .
    ==== End Of File ===========================
     
  11. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Part 1 of Log From TDssKiller:

    14:42:56.0523 2076 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    14:42:56.0601 2076 ============================================================
    14:42:56.0601 2076 Current date / time: 2012/05/25 14:42:56.0601
    14:42:56.0601 2076 SystemInfo:
    14:42:56.0601 2076
    14:42:56.0601 2076 OS Version: 6.0.6001 ServicePack: 1.0
    14:42:56.0601 2076 Product type: Workstation
    14:42:56.0601 2076 ComputerName: LUKEMONEY-PC
    14:42:56.0601 2076 UserName: New 2
    14:42:56.0601 2076 Windows directory: C:\Windows
    14:42:56.0601 2076 System windows directory: C:\Windows
    14:42:56.0601 2076 Processor architecture: Intel x86
    14:42:56.0601 2076 Number of processors: 2
    14:42:56.0601 2076 Page size: 0x1000
    14:42:56.0601 2076 Boot type: Normal boot
    14:42:56.0601 2076 ============================================================
    14:42:58.0707 2076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:42:58.0722 2076 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:42:58.0722 2076 ============================================================
    14:42:58.0722 2076 \Device\Harddisk0\DR0:
    14:42:58.0722 2076 MBR partitions:
    14:42:58.0722 2076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BE0E7C1
    14:42:58.0722 2076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BE0E800, BlocksNum 0x13B5800
    14:42:58.0722 2076 \Device\Harddisk1\DR1:
    14:42:58.0722 2076 MBR partitions:
    14:42:58.0722 2076 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
    14:42:58.0722 2076 ============================================================
    14:42:58.0753 2076 C: <-> \Device\Harddisk0\DR0\Partition0
    14:42:58.0800 2076 D: <-> \Device\Harddisk0\DR0\Partition1
    14:42:58.0800 2076 ============================================================
    14:42:58.0800 2076 Initialize success
    14:42:58.0800 2076 ============================================================
    14:45:00.0589 4072 ============================================================
    14:45:00.0589 4072 Scan started
    14:45:00.0589 4072 Mode: Manual;
    14:45:00.0589 4072 ============================================================
    14:45:01.0619 4072 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    14:45:01.0635 4072 ACPI - ok
    14:45:01.0697 4072 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    14:45:01.0697 4072 adp94xx - ok
    14:45:01.0744 4072 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    14:45:01.0759 4072 adpahci - ok
    14:45:01.0791 4072 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    14:45:01.0791 4072 adpu160m - ok
    14:45:01.0822 4072 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    14:45:01.0822 4072 adpu320 - ok
    14:45:02.0134 4072 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    14:45:02.0181 4072 AdvancedSystemCareService5 - ok
    14:45:02.0243 4072 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    14:45:02.0243 4072 AeLookupSvc - ok
    14:45:02.0352 4072 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
    14:45:02.0368 4072 AFD - ok
    14:45:02.0399 4072 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    14:45:02.0399 4072 agp440 - ok
    14:45:02.0446 4072 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    14:45:02.0461 4072 aic78xx - ok
    14:45:02.0477 4072 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    14:45:02.0493 4072 ALG - ok
    14:45:02.0508 4072 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    14:45:02.0508 4072 aliide - ok
    14:45:02.0524 4072 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    14:45:02.0539 4072 amdagp - ok
    14:45:02.0555 4072 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    14:45:02.0555 4072 amdide - ok
    14:45:02.0586 4072 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    14:45:02.0586 4072 AmdK7 - ok
    14:45:02.0617 4072 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    14:45:02.0617 4072 AmdK8 - ok
    14:45:02.0711 4072 AntUpdaterService - ok
    14:45:02.0867 4072 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    14:45:02.0867 4072 AOL ACS - ok
    14:45:02.0929 4072 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    14:45:02.0929 4072 Appinfo - ok
    14:45:03.0007 4072 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    14:45:03.0007 4072 arc - ok
    14:45:03.0039 4072 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    14:45:03.0039 4072 arcsas - ok
    14:45:03.0195 4072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    14:45:03.0195 4072 aspnet_state - ok
    14:45:03.0226 4072 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:45:03.0226 4072 AsyncMac - ok
    14:45:03.0257 4072 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    14:45:03.0257 4072 atapi - ok
    14:45:03.0491 4072 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
    14:45:03.0522 4072 athr - ok
    14:45:03.0616 4072 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
    14:45:03.0631 4072 atksgt - ok
    14:45:03.0725 4072 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    14:45:03.0741 4072 AudioEndpointBuilder - ok
    14:45:03.0756 4072 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    14:45:03.0772 4072 Audiosrv - ok
    14:45:03.0897 4072 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
    14:45:03.0928 4072 BCM43XV - ok
    14:45:03.0959 4072 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    14:45:03.0959 4072 Beep - ok
    14:45:04.0037 4072 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
    14:45:04.0037 4072 BFE - ok
    14:45:04.0536 4072 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
    14:45:04.0599 4072 BHDrvx86 - ok
    14:45:04.0911 4072 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
    14:45:04.0942 4072 BITS - ok
    14:45:05.0004 4072 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    14:45:05.0004 4072 blbdrive - ok
    14:45:05.0051 4072 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    14:45:05.0051 4072 bowser - ok
    14:45:05.0067 4072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    14:45:05.0067 4072 BrFiltLo - ok
    14:45:05.0082 4072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    14:45:05.0082 4072 BrFiltUp - ok
    14:45:05.0145 4072 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    14:45:05.0145 4072 Browser - ok
    14:45:05.0176 4072 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    14:45:05.0191 4072 Brserid - ok
    14:45:05.0191 4072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    14:45:05.0207 4072 BrSerWdm - ok
    14:45:05.0207 4072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    14:45:05.0223 4072 BrUsbMdm - ok
    14:45:05.0238 4072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    14:45:05.0238 4072 BrUsbSer - ok
    14:45:05.0254 4072 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    14:45:05.0269 4072 BTHMODEM - ok
    14:45:05.0301 4072 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:45:05.0301 4072 cdfs - ok
    14:45:05.0332 4072 cdrom (7563722c65f25d0da64a9b990877cf0f) C:\Windows\system32\DRIVERS\cdrom.sys
    14:45:05.0347 4072 cdrom ( Virus.Win32.ZAccess.g ) - infected
    14:45:05.0347 4072 cdrom - detected Virus.Win32.ZAccess.g (0)
    14:45:05.0379 4072 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    14:45:05.0379 4072 CertPropSvc - ok
    14:45:05.0425 4072 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    14:45:05.0425 4072 circlass - ok
    14:45:05.0488 4072 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
    14:45:05.0488 4072 CLFS - ok
    14:45:05.0581 4072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:45:05.0581 4072 clr_optimization_v2.0.50727_32 - ok
    14:45:05.0691 4072 clr_optimization_v4.0.30319_32 (31a71c94c8dd415b1c6a90bee470f727) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:45:05.0691 4072 clr_optimization_v4.0.30319_32 - ok
    14:45:05.0753 4072 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:45:05.0753 4072 CmBatt - ok
    14:45:05.0769 4072 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    14:45:05.0769 4072 cmdide - ok
    14:45:05.0862 4072 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
    14:45:05.0878 4072 CnxtHdAudService - ok
    14:45:06.0018 4072 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    14:45:06.0018 4072 Com4QLBEx - ok
    14:45:06.0081 4072 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    14:45:06.0081 4072 Compbatt - ok
    14:45:06.0081 4072 COMSysApp - ok
    14:45:06.0127 4072 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    14:45:06.0127 4072 crcdisk - ok
    14:45:06.0190 4072 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    14:45:06.0190 4072 Crusoe - ok
    14:45:06.0268 4072 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    14:45:06.0268 4072 CryptSvc - ok
    14:45:06.0299 4072 d3984178 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2017564883:744996487.exe
    14:45:06.0299 4072 Suspicious file (Hidden): C:\Windows\2017564883:744996487.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    14:45:06.0299 4072 d3984178 ( Rootkit.Win32.PMax.gen ) - infected
    14:45:06.0315 4072 d3984178 - detected Rootkit.Win32.PMax.gen (0)
    14:45:06.0424 4072 DcomLaunch (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
    14:45:06.0439 4072 DcomLaunch - ok
    14:45:06.0471 4072 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    14:45:06.0471 4072 DfsC - ok
    14:45:06.0876 4072 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    14:45:06.0954 4072 DFSR - ok
    14:45:07.0173 4072 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    14:45:07.0188 4072 Dhcp - ok
    14:45:07.0251 4072 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    14:45:07.0266 4072 disk - ok
    14:45:07.0282 4072 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
    14:45:07.0297 4072 Dnscache - ok
    14:45:07.0344 4072 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    14:45:07.0360 4072 dot3svc - ok
    14:45:07.0407 4072 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    14:45:07.0422 4072 DPS - ok
    14:45:07.0438 4072 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    14:45:07.0438 4072 drmkaud - ok
    14:45:07.0578 4072 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
    14:45:07.0609 4072 DXGKrnl - ok
    14:45:07.0656 4072 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    14:45:07.0656 4072 E1G60 - ok
    14:45:07.0734 4072 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    14:45:07.0734 4072 EapHost - ok
    14:45:07.0781 4072 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    14:45:07.0797 4072 Ecache - ok
    14:45:07.0906 4072 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    14:45:07.0921 4072 ehRecvr - ok
    14:45:07.0984 4072 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    14:45:07.0984 4072 ehSched - ok
    14:45:08.0031 4072 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    14:45:08.0031 4072 ehstart - ok
    14:45:08.0124 4072 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    14:45:08.0140 4072 elxstor - ok
    14:45:08.0280 4072 EMDMgmt (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
    14:45:08.0296 4072 EMDMgmt - ok
    14:45:08.0327 4072 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    14:45:08.0327 4072 ErrDev - ok
    14:45:08.0421 4072 EventSystem (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
    14:45:08.0436 4072 EventSystem - ok
    14:45:08.0452 4072 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    14:45:08.0467 4072 exfat - ok
    14:45:08.0545 4072 Exportit (b89cfbe8cb247b57d8c10adaa66b462b) C:\Windows\system32\CBN.dll
    14:45:08.0561 4072 Exportit ( Backdoor.Multi.ZAccess.gen ) - infected
    14:45:08.0561 4072 Exportit - detected Backdoor.Multi.ZAccess.gen (0)
    14:45:08.0592 4072 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    14:45:08.0608 4072 fastfat - ok
    14:45:08.0639 4072 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    14:45:08.0639 4072 fdc - ok
    14:45:08.0686 4072 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    14:45:08.0686 4072 fdPHost - ok
    14:45:08.0717 4072 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    14:45:08.0717 4072 FDResPub - ok
    14:45:08.0764 4072 fileHiders (553f631715b403b9e6a2a3eafed6373f) C:\Windows\system32\DRIVERS\fileHiders.sys
    14:45:08.0764 4072 fileHiders - ok
    14:45:08.0826 4072 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    14:45:08.0826 4072 FileInfo - ok
    14:45:08.0998 4072 FileMonitor (658fa0e08a00457b528491ed4e2ea462) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
    14:45:08.0998 4072 FileMonitor - ok
    14:45:09.0045 4072 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    14:45:09.0045 4072 Filetrace - ok
    14:45:09.0060 4072 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:45:09.0060 4072 flpydisk - ok
    14:45:09.0123 4072 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    14:45:09.0123 4072 FltMgr - ok
    14:45:09.0216 4072 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    14:45:09.0232 4072 FontCache3.0.0.0 - ok
    14:45:09.0279 4072 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    14:45:09.0279 4072 Fs_Rec - ok
    14:45:09.0341 4072 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    14:45:09.0341 4072 gagp30kx - ok
    14:45:09.0481 4072 GameConsoleService (6139ae70e943b2a57ad04b70a316c0a0) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    14:45:09.0481 4072 GameConsoleService - ok
    14:45:09.0559 4072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:45:09.0559 4072 GEARAspiWDM - ok
    14:45:09.0653 4072 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    14:45:09.0669 4072 gpsvc - ok
    14:45:09.0747 4072 gupdate (b488a83b6c00e38aaf5fb4ce1a26ca07) C:\Program Files\Google\Update\GoogleUpdate.exe
    14:45:09.0762 4072 gupdate - ok
    14:45:09.0762 4072 gupdatem (b488a83b6c00e38aaf5fb4ce1a26ca07) C:\Program Files\Google\Update\GoogleUpdate.exe
    14:45:09.0778 4072 gupdatem - ok
    14:45:09.0840 4072 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    14:45:09.0840 4072 HdAudAddService - ok
    14:45:09.0887 4072 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:45:09.0887 4072 HDAudBus - ok
    14:45:09.0903 4072 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    14:45:09.0903 4072 HidBth - ok
    14:45:09.0918 4072 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    14:45:09.0934 4072 HidIr - ok
    14:45:09.0996 4072 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
    14:45:09.0996 4072 hidserv - ok
    14:45:10.0043 4072 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
    14:45:10.0043 4072 HidUsb - ok
    14:45:10.0090 4072 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    14:45:10.0090 4072 hkmsvc - ok
    14:45:10.0199 4072 HP Health Check Service (f696ff21794a552842cbb0a1a4dfd907) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    14:45:10.0199 4072 HP Health Check Service - ok
    14:45:10.0261 4072 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    14:45:10.0261 4072 HpCISSs - ok
    14:45:10.0308 4072 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    14:45:10.0308 4072 HpqKbFiltr - ok
    14:45:10.0371 4072 hpqwmiex (77e68d172e42b5ca989e25081acedbf1) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    14:45:10.0386 4072 hpqwmiex - ok
    14:45:10.0449 4072 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    14:45:10.0464 4072 HSFHWAZL - ok
    14:45:10.0620 4072 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    14:45:10.0667 4072 HSF_DPV - ok
    14:45:10.0714 4072 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    14:45:10.0729 4072 HSXHWAZL - ok
    14:45:10.0839 4072 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
    14:45:10.0854 4072 HTTP - ok
    14:45:10.0870 4072 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    14:45:10.0885 4072 i2omp - ok
    14:45:10.0917 4072 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:45:10.0917 4072 i8042prt - ok
    14:45:10.0995 4072 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    14:45:10.0995 4072 iaStorV - ok
    14:45:11.0104 4072 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:45:11.0104 4072 IDriverT - ok
    14:45:11.0369 4072 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:45:11.0400 4072 idsvc - ok
    14:45:11.0728 4072 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys
    14:45:11.0743 4072 IDSVix86 - ok
    14:45:11.0868 4072 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    14:45:11.0868 4072 iirsp - ok
    14:45:11.0977 4072 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
    14:45:12.0009 4072 IKEEXT - ok
    14:45:12.0289 4072 IMFservice (eae3a1bc61c34901bd1d9750c7587774) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    14:45:12.0305 4072 IMFservice - ok
    14:45:12.0414 4072 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    14:45:12.0414 4072 intelide - ok
    14:45:12.0461 4072 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    14:45:12.0461 4072 intelppm - ok
    14:45:12.0523 4072 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    14:45:12.0523 4072 IPBusEnum - ok
    14:45:12.0539 4072 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:45:12.0555 4072 IpFilterDriver - ok
    14:45:12.0601 4072 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
    14:45:12.0601 4072 iphlpsvc - ok
    14:45:12.0633 4072 IpInIp - ok
    14:45:12.0648 4072 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    14:45:12.0648 4072 IPMIDRV - ok
    14:45:12.0695 4072 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    14:45:12.0695 4072 IPNAT - ok
    14:45:12.0867 4072 iPod Service (e5efe3910b0edc7639b6890754a7130d) C:\Program Files\iPod\bin\iPodService.exe
    14:45:12.0882 4072 iPod Service - ok
    14:45:12.0898 4072 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    14:45:12.0898 4072 IRENUM - ok
    14:45:12.0945 4072 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    14:45:12.0945 4072 isapnp - ok
    14:45:12.0991 4072 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:45:13.0007 4072 iScsiPrt - ok
    14:45:13.0023 4072 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    14:45:13.0038 4072 iteatapi - ok
    14:45:13.0069 4072 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    14:45:13.0069 4072 iteraid - ok
    14:45:13.0116 4072 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:45:13.0116 4072 kbdclass - ok
    14:45:13.0147 4072 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    14:45:13.0147 4072 kbdhid - ok
    14:45:13.0194 4072 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
    14:45:13.0194 4072 KeyIso - ok
    14:45:13.0288 4072 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
    14:45:13.0303 4072 KSecDD - ok
    14:45:13.0381 4072 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    14:45:13.0397 4072 KtmRm - ok
    14:45:13.0475 4072 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
    14:45:13.0491 4072 LanmanServer - ok
    14:45:13.0553 4072 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
    14:45:13.0569 4072 LanmanWorkstation - ok
    14:45:13.0725 4072 LightScribeService (9e19a02418c01061f8fe63aea73d27c0) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    14:45:13.0725 4072 LightScribeService - ok
    14:45:13.0771 4072 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
    14:45:13.0771 4072 lirsgt - ok
    14:45:13.0834 4072 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    14:45:13.0834 4072 lltdio - ok
    14:45:13.0896 4072 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    14:45:13.0912 4072 lltdsvc - ok
    14:45:13.0943 4072 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    14:45:13.0959 4072 lmhosts - ok
    14:45:14.0005 4072 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    14:45:14.0021 4072 LSI_FC - ok
    14:45:14.0037 4072 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    14:45:14.0052 4072 LSI_SAS - ok
    14:45:14.0083 4072 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    14:45:14.0083 4072 LSI_SCSI - ok
    14:45:14.0130 4072 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    14:45:14.0146 4072 luafv - ok
    14:45:14.0208 4072 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
    14:45:14.0208 4072 MBAMProtector - ok
    14:45:14.0380 4072 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\RelevantKnowledge\mbamservice.exe
    14:45:14.0380 4072 Suspicious file (NoAccess): C:\Program Files\RelevantKnowledge\mbamservice.exe. md5: ba400ed640bca1eae5c727ae17c10207
    14:45:14.0395 4072 MBAMService ( LockedFile.Multi.Generic ) - warning
    14:45:14.0395 4072 MBAMService - detected LockedFile.Multi.Generic (1)
    14:45:14.0458 4072 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
    14:45:14.0458 4072 MBAMSwissArmy - ok
    14:45:14.0505 4072 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    14:45:14.0505 4072 Mcx2Svc - ok
    14:45:14.0551 4072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    14:45:14.0551 4072 mdmxsdk - ok
    14:45:14.0614 4072 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    14:45:14.0614 4072 megasas - ok
    14:45:14.0707 4072 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    14:45:14.0723 4072 MegaSR - ok
    14:45:14.0754 4072 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    14:45:14.0754 4072 MMCSS - ok
    14:45:14.0801 4072 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    14:45:14.0801 4072 Modem - ok
    14:45:14.0832 4072 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    14:45:14.0832 4072 monitor - ok
    14:45:14.0863 4072 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    14:45:14.0863 4072 mouclass - ok
    14:45:14.0895 4072 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    14:45:14.0895 4072 mouhid - ok
    14:45:14.0926 4072 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    14:45:14.0941 4072 MountMgr - ok
    14:45:15.0004 4072 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    14:45:15.0004 4072 mpio - ok
    14:45:15.0035 4072 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    14:45:15.0051 4072 mpsdrv - ok
    14:45:15.0129 4072 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
    14:45:15.0144 4072 MpsSvc - ok
    14:45:15.0175 4072 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    14:45:15.0175 4072 Mraid35x - ok
    14:45:15.0222 4072 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    14:45:15.0238 4072 MRxDAV - ok
    14:45:15.0285 4072 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:45:15.0285 4072 mrxsmb - ok
    14:45:15.0331 4072 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:45:15.0347 4072 mrxsmb10 - ok
    14:45:15.0394 4072 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:45:15.0409 4072 mrxsmb20 - ok
    14:45:15.0441 4072 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    14:45:15.0441 4072 msahci - ok
    14:45:15.0487 4072 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    14:45:15.0503 4072 msdsm - ok
    14:45:15.0550 4072 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    14:45:15.0565 4072 MSDTC - ok
    14:45:15.0628 4072 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    14:45:15.0628 4072 Msfs - ok
    14:45:15.0659 4072 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    14:45:15.0659 4072 msisadrv - ok
    14:45:15.0721 4072 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    14:45:15.0721 4072 MSiSCSI - ok
    14:45:15.0737 4072 msiserver - ok
    14:45:15.0784 4072 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    14:45:15.0784 4072 MSKSSRV - ok
    14:45:15.0799 4072 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:45:15.0799 4072 MSPCLOCK - ok
    14:45:15.0815 4072 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    14:45:15.0815 4072 MSPQM - ok
    14:45:15.0877 4072 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    14:45:15.0877 4072 MsRPC - ok
    14:45:15.0924 4072 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:45:15.0924 4072 mssmbios - ok
    14:45:15.0955 4072 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    14:45:15.0955 4072 MSTEE - ok
    14:45:16.0002 4072 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    14:45:16.0002 4072 Mup - ok
    14:45:16.0080 4072 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    14:45:16.0111 4072 napagent - ok
    14:45:16.0158 4072 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
    14:45:16.0174 4072 NativeWifiP - ok
    14:45:16.0470 4072 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS
    14:45:16.0470 4072 NAVENG - ok
    14:45:16.0891 4072 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS
    14:45:16.0985 4072 NAVEX15 - ok
    14:45:17.0297 4072 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    14:45:17.0313 4072 NDIS - ok
    14:45:17.0344 4072 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:45:17.0344 4072 NdisTapi - ok
    14:45:17.0375 4072 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:45:17.0391 4072 Ndisuio - ok
    14:45:17.0437 4072 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:45:17.0453 4072 NdisWan - ok
    14:45:17.0500 4072 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    14:45:17.0500 4072 NDProxy - ok
    14:45:17.0547 4072 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    14:45:17.0547 4072 NetBIOS - ok
    14:45:17.0640 4072 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    14:45:17.0656 4072 netbt - ok
    14:45:17.0703 4072 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
    14:45:17.0703 4072 Netlogon - ok
    14:45:17.0796 4072 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    14:45:17.0812 4072 Netman - ok
    14:45:17.0983 4072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:45:17.0983 4072 NetMsmqActivator - ok
    14:45:18.0015 4072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:45:18.0015 4072 NetPipeActivator - ok
    14:45:18.0077 4072 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    14:45:18.0108 4072 netprofm - ok
    14:45:18.0124 4072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:45:18.0124 4072 NetTcpActivator - ok
    14:45:18.0139 4072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:45:18.0139 4072 NetTcpPortSharing - ok
    14:45:18.0202 4072 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    14:45:18.0202 4072 nfrd960 - ok
    14:45:18.0451 4072 NIS (7c7c59be1a8fc688c7d4cf7349d08861) C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    14:45:18.0451 4072 Suspicious file (NoAccess): C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe. md5: 7c7c59be1a8fc688c7d4cf7349d08861
    14:45:18.0467 4072 NIS ( LockedFile.Multi.Generic ) - warning
    14:45:18.0467 4072 NIS - detected LockedFile.Multi.Generic (1)
    14:45:18.0545 4072 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    14:45:18.0561 4072 NlaSvc - ok
    14:45:18.0592 4072 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    14:45:18.0607 4072 Npfs - ok
    14:45:18.0639 4072 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    14:45:18.0639 4072 nsi - ok
    14:45:18.0670 4072 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    14:45:18.0685 4072 nsiproxy - ok
    14:45:18.0904 4072 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    14:45:18.0951 4072 Ntfs - ok
    14:45:18.0982 4072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    14:45:18.0982 4072 ntrigdigi - ok
    14:45:19.0013 4072 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    14:45:19.0013 4072 Null - ok
    14:45:19.0200 4072 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    14:45:19.0247 4072 NVENETFD - ok
    14:45:19.0309 4072 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
    14:45:19.0309 4072 NVHDA - ok
    14:45:21.0150 4072 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:45:21.0603 4072 nvlddmkm - ok
    14:45:21.0790 4072 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    14:45:21.0790 4072 nvraid - ok
    14:45:21.0852 4072 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
    14:45:21.0852 4072 nvsmu - ok
    14:45:21.0899 4072 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32
     
     
  12. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Part 2 of Log from TDssKiller:

    \drivers\nvstor.sys
    14:45:21.0899 4072 nvstor - ok
    14:45:21.0977 4072 nvsvc (95df2f6bca8f253517f30cd8d33b5d07) C:\Windows\system32\nvvsvc.exe
    14:45:22.0008 4072 nvsvc - ok
    14:45:22.0039 4072 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    14:45:22.0055 4072 nv_agp - ok
    14:45:22.0117 4072 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys
    14:45:22.0117 4072 NWADI - ok
    14:45:22.0133 4072 NwlnkFlt - ok
    14:45:22.0149 4072 NwlnkFwd - ok
    14:45:22.0211 4072 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
    14:45:22.0227 4072 NWUSBCDFIL - ok
    14:45:22.0258 4072 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
    14:45:22.0273 4072 NWUSBModem - ok
    14:45:22.0289 4072 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
    14:45:22.0305 4072 NWUSBPort - ok
    14:45:22.0320 4072 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
    14:45:22.0320 4072 NWUSBPort2 - ok
    14:45:22.0461 4072 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    14:45:22.0476 4072 odserv - ok
    14:45:22.0539 4072 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    14:45:22.0539 4072 ohci1394 - ok
    14:45:22.0585 4072 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:45:22.0585 4072 ose - ok
    14:45:22.0679 4072 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    14:45:22.0710 4072 p2pimsvc - ok
    14:45:22.0741 4072 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    14:45:22.0757 4072 p2psvc - ok
    14:45:22.0788 4072 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    14:45:22.0804 4072 Parport - ok
    14:45:22.0835 4072 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    14:45:22.0835 4072 partmgr - ok
    14:45:22.0866 4072 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    14:45:22.0866 4072 Parvdm - ok
    14:45:22.0913 4072 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    14:45:22.0929 4072 PcaSvc - ok
    14:45:22.0960 4072 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    14:45:22.0960 4072 pci - ok
    14:45:22.0991 4072 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    14:45:22.0991 4072 pciide - ok
    14:45:23.0038 4072 PCKeeperService - ok
    14:45:23.0085 4072 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    14:45:23.0085 4072 pcmcia - ok
    14:45:23.0178 4072 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    14:45:23.0209 4072 PEAUTH - ok
    14:45:23.0397 4072 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    14:45:23.0443 4072 pla - ok
    14:45:23.0599 4072 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    14:45:23.0615 4072 PlugPlay - ok
    14:45:23.0740 4072 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    14:45:23.0771 4072 PNRPAutoReg - ok
    14:45:23.0787 4072 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    14:45:23.0802 4072 PNRPsvc - ok
    14:45:23.0911 4072 PolicyAgent (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
    14:45:23.0927 4072 PolicyAgent - ok
    14:45:24.0021 4072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    14:45:24.0021 4072 PptpMiniport - ok
    14:45:24.0052 4072 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    14:45:24.0052 4072 Processor - ok
    14:45:24.0130 4072 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    14:45:24.0145 4072 ProfSvc - ok
    14:45:24.0208 4072 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
    14:45:24.0208 4072 ProtectedStorage - ok
    14:45:24.0270 4072 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
    14:45:24.0286 4072 PSched - ok
    14:45:24.0489 4072 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    14:45:24.0535 4072 ql2300 - ok
    14:45:24.0582 4072 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    14:45:24.0598 4072 ql40xx - ok
    14:45:24.0676 4072 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    14:45:24.0691 4072 QWAVE - ok
    14:45:24.0723 4072 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    14:45:24.0738 4072 QWAVEdrv - ok
    14:45:24.0754 4072 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    14:45:24.0769 4072 RasAcd - ok
    14:45:24.0801 4072 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    14:45:24.0816 4072 RasAuto - ok
    14:45:24.0863 4072 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:45:24.0863 4072 Rasl2tp - ok
    14:45:24.0941 4072 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
    14:45:24.0972 4072 RasMan - ok
    14:45:25.0035 4072 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:45:25.0050 4072 RasPppoe - ok
    14:45:25.0081 4072 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    14:45:25.0097 4072 RasSstp - ok
    14:45:25.0159 4072 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    14:45:25.0159 4072 rdbss - ok
    14:45:25.0191 4072 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:45:25.0191 4072 RDPCDD - ok
    14:45:25.0284 4072 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    14:45:25.0300 4072 rdpdr - ok
    14:45:25.0331 4072 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    14:45:25.0331 4072 RDPENCDD - ok
    14:45:25.0378 4072 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    14:45:25.0393 4072 RDPWD - ok
    14:45:25.0518 4072 Recovery Service for Windows (931a23ef1506d1689ea94abcebf60de2) C:\Windows\SMINST\BLService.exe
    14:45:25.0534 4072 Recovery Service for Windows - ok
    14:45:25.0705 4072 RegFilter (6799a96873bf74f5c640b02ca04aa50c) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
    14:45:25.0721 4072 RegFilter - ok
    14:45:25.0768 4072 RelevantKnowledge - ok
    14:45:25.0846 4072 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    14:45:25.0846 4072 RemoteAccess - ok
    14:45:25.0908 4072 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    14:45:25.0924 4072 RemoteRegistry - ok
    14:45:26.0033 4072 RichVideo (a376a03cd389715547c17dd745df4a74) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    14:45:26.0049 4072 RichVideo - ok
    14:45:26.0095 4072 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    14:45:26.0095 4072 RpcLocator - ok
    14:45:26.0205 4072 RpcSs (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
    14:45:26.0236 4072 RpcSs - ok
    14:45:26.0329 4072 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    14:45:26.0345 4072 rspndr - ok
    14:45:26.0423 4072 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
    14:45:26.0423 4072 RTSTOR - ok
    14:45:26.0470 4072 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
    14:45:26.0470 4072 SamSs - ok
    14:45:26.0501 4072 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    14:45:26.0517 4072 sbp2port - ok
    14:45:26.0563 4072 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    14:45:26.0579 4072 SCardSvr - ok
    14:45:26.0641 4072 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
    14:45:26.0641 4072 SCDEmu - ok
    14:45:26.0782 4072 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
    14:45:26.0813 4072 Schedule - ok
    14:45:26.0875 4072 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    14:45:26.0875 4072 SCPolicySvc - ok
    14:45:26.0907 4072 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    14:45:26.0922 4072 SDRSVC - ok
    14:45:26.0985 4072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    14:45:26.0985 4072 secdrv - ok
    14:45:27.0031 4072 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    14:45:27.0031 4072 seclogon - ok
    14:45:27.0063 4072 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    14:45:27.0078 4072 SENS - ok
    14:45:27.0125 4072 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    14:45:27.0125 4072 Serenum - ok
    14:45:27.0156 4072 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    14:45:27.0156 4072 Serial - ok
    14:45:27.0172 4072 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    14:45:27.0172 4072 sermouse - ok
    14:45:27.0250 4072 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    14:45:27.0265 4072 SessionEnv - ok
    14:45:27.0281 4072 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    14:45:27.0281 4072 sffdisk - ok
    14:45:27.0297 4072 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    14:45:27.0297 4072 sffp_mmc - ok
    14:45:27.0312 4072 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    14:45:27.0312 4072 sffp_sd - ok
    14:45:27.0328 4072 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    14:45:27.0343 4072 sfloppy - ok
    14:45:27.0437 4072 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    14:45:27.0453 4072 SharedAccess - ok
    14:45:27.0546 4072 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
    14:45:27.0562 4072 ShellHWDetection - ok
    14:45:27.0562 4072 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    14:45:27.0577 4072 sisagp - ok
    14:45:27.0609 4072 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    14:45:27.0609 4072 SiSRaid2 - ok
    14:45:27.0655 4072 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    14:45:27.0655 4072 SiSRaid4 - ok
    14:45:28.0108 4072 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    14:45:28.0217 4072 slsvc - ok
    14:45:28.0467 4072 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    14:45:28.0482 4072 SLUINotify - ok
    14:45:28.0560 4072 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
    14:45:28.0560 4072 SmartDefragDriver - ok
    14:45:28.0623 4072 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    14:45:28.0638 4072 Smb - ok
    14:45:28.0685 4072 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    14:45:28.0701 4072 SNMPTRAP - ok
    14:45:28.0716 4072 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    14:45:28.0716 4072 spldr - ok
    14:45:28.0763 4072 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
    14:45:28.0763 4072 Spooler - ok
    14:45:28.0966 4072 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS
    14:45:28.0997 4072 SRTSP - ok
    14:45:29.0075 4072 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS
    14:45:29.0091 4072 SRTSPX - ok
    14:45:29.0184 4072 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
    14:45:29.0200 4072 srv - ok
    14:45:29.0262 4072 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
    14:45:29.0262 4072 srv2 - ok
    14:45:29.0325 4072 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
    14:45:29.0340 4072 srvnet - ok
    14:45:29.0403 4072 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    14:45:29.0418 4072 SSDPSRV - ok
    14:45:29.0496 4072 ssfs0bbc (010232855e1903f70bd34afa026543c4) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
    14:45:29.0496 4072 ssfs0bbc - ok
    14:45:29.0574 4072 sshrmd (1b4edfe8d487277fcbaf6905d255f855) C:\Windows\system32\DRIVERS\sshrmd.sys
    14:45:29.0574 4072 sshrmd - ok
    14:45:29.0652 4072 ssidrv (72b663021fc7a23ed7241092558fe573) C:\Windows\system32\DRIVERS\ssidrv.sys
    14:45:29.0652 4072 ssidrv - ok
    14:45:29.0730 4072 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    14:45:29.0761 4072 SstpSvc - ok
    14:45:29.0824 4072 Steam Client Service - ok
    14:45:29.0980 4072 Stereo Service (027fc35a5da0bdaa72f63ec9bf3bf117) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    14:45:29.0995 4072 Stereo Service - ok
    14:45:30.0105 4072 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    14:45:30.0136 4072 stisvc - ok
    14:45:30.0183 4072 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    14:45:30.0198 4072 swenum - ok
    14:45:30.0276 4072 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    14:45:30.0307 4072 swprv - ok
    14:45:30.0323 4072 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    14:45:30.0323 4072 Symc8xx - ok
    14:45:30.0557 4072 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS
    14:45:30.0573 4072 SymDS - ok
    14:45:30.0791 4072 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS
    14:45:30.0822 4072 SymEFA - ok
    14:45:30.0885 4072 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
    14:45:30.0900 4072 SymEvent - ok
    14:45:30.0994 4072 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS
    14:45:30.0994 4072 SymIRON - ok
    14:45:31.0134 4072 SYMTDIv (a5fb04f87a9cc3ea6b839fefd6790419) C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS
    14:45:31.0150 4072 SYMTDIv - ok
    14:45:31.0212 4072 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    14:45:31.0212 4072 Sym_hi - ok
    14:45:31.0259 4072 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    14:45:31.0259 4072 Sym_u3 - ok
    14:45:31.0337 4072 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    14:45:31.0353 4072 SynTP - ok
    14:45:31.0493 4072 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    14:45:31.0524 4072 SysMain - ok
    14:45:31.0571 4072 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    14:45:31.0587 4072 TabletInputService - ok
    14:45:31.0649 4072 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    14:45:31.0665 4072 TapiSrv - ok
    14:45:31.0696 4072 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    14:45:31.0711 4072 TBS - ok
    14:45:31.0883 4072 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
    14:45:31.0914 4072 Tcpip - ok
    14:45:31.0977 4072 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
    14:45:31.0992 4072 Tcpip6 - ok
    14:45:32.0055 4072 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    14:45:32.0055 4072 tcpipreg - ok
    14:45:32.0086 4072 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    14:45:32.0086 4072 TDPIPE - ok
    14:45:32.0101 4072 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    14:45:32.0101 4072 TDTCP - ok
    14:45:32.0164 4072 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    14:45:32.0164 4072 tdx - ok
    14:45:32.0211 4072 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    14:45:32.0211 4072 TermDD - ok
    14:45:32.0320 4072 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    14:45:32.0351 4072 TermService - ok
    14:45:32.0413 4072 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
    14:45:32.0429 4072 Themes - ok
    14:45:32.0491 4072 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    14:45:32.0491 4072 THREADORDER - ok
    14:45:32.0538 4072 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    14:45:32.0554 4072 TrkWks - ok
    14:45:32.0601 4072 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    14:45:32.0616 4072 TrustedInstaller - ok
    14:45:32.0694 4072 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:45:32.0694 4072 tssecsrv - ok
    14:45:32.0725 4072 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    14:45:32.0725 4072 tunmp - ok
    14:45:32.0757 4072 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    14:45:32.0772 4072 tunnel - ok
    14:45:32.0803 4072 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    14:45:32.0819 4072 uagp35 - ok
    14:45:32.0866 4072 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    14:45:32.0881 4072 udfs - ok
    14:45:32.0944 4072 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    14:45:32.0959 4072 UI0Detect - ok
    14:45:32.0991 4072 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    14:45:33.0006 4072 uliagpkx - ok
    14:45:33.0069 4072 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    14:45:33.0084 4072 uliahci - ok
    14:45:33.0131 4072 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    14:45:33.0147 4072 UlSata - ok
    14:45:33.0193 4072 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    14:45:33.0193 4072 ulsata2 - ok
    14:45:33.0225 4072 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    14:45:33.0225 4072 umbus - ok
    14:45:33.0303 4072 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    14:45:33.0334 4072 upnphost - ok
    14:45:33.0490 4072 UrlFilter (115d1fc230548904dea317867c924c4a) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
    14:45:33.0490 4072 UrlFilter - ok
    14:45:33.0521 4072 USBAAPL - ok
    14:45:33.0583 4072 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:45:33.0583 4072 usbccgp - ok
    14:45:33.0646 4072 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    14:45:33.0646 4072 usbcir - ok
    14:45:33.0708 4072 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    14:45:33.0708 4072 usbehci - ok
    14:45:33.0771 4072 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    14:45:33.0786 4072 usbhub - ok
    14:45:33.0817 4072 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    14:45:33.0817 4072 usbohci - ok
    14:45:33.0849 4072 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    14:45:33.0849 4072 usbprint - ok
    14:45:33.0895 4072 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:45:33.0895 4072 USBSTOR - ok
    14:45:33.0911 4072 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:45:33.0911 4072 usbuhci - ok
    14:45:33.0989 4072 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    14:45:34.0005 4072 usbvideo - ok
    14:45:34.0036 4072 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    14:45:34.0051 4072 UxSms - ok
    14:45:34.0129 4072 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    14:45:34.0161 4072 vds - ok
    14:45:34.0207 4072 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:45:34.0207 4072 vga - ok
    14:45:34.0254 4072 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    14:45:34.0254 4072 VgaSave - ok
    14:45:34.0285 4072 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    14:45:34.0285 4072 viaagp - ok
    14:45:34.0301 4072 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    14:45:34.0317 4072 ViaC7 - ok
    14:45:34.0348 4072 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    14:45:34.0348 4072 viaide - ok
    14:45:34.0473 4072 Viewpoint Manager Service (b1bc5a7fd3c27aef2872cbb53372337f) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    14:45:34.0473 4072 Viewpoint Manager Service - ok
    14:45:34.0504 4072 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    14:45:34.0504 4072 volmgr - ok
    14:45:34.0597 4072 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    14:45:34.0613 4072 volmgrx - ok
    14:45:34.0691 4072 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    14:45:34.0707 4072 volsnap - ok
    14:45:34.0769 4072 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    14:45:34.0769 4072 vsmraid - ok
    14:45:35.0003 4072 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    14:45:35.0065 4072 VSS - ok
    14:45:35.0143 4072 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    14:45:35.0159 4072 W32Time - ok
    14:45:35.0253 4072 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    14:45:35.0253 4072 WacomPen - ok
    14:45:35.0299 4072 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:45:35.0299 4072 Wanarp - ok
    14:45:35.0315 4072 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:45:35.0331 4072 Wanarpv6 - ok
    14:45:35.0393 4072 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    14:45:35.0393 4072 wanatw - ok
    14:45:35.0518 4072 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    14:45:35.0549 4072 wcncsvc - ok
    14:45:35.0611 4072 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    14:45:35.0627 4072 WcsPlugInService - ok
    14:45:35.0658 4072 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    14:45:35.0658 4072 Wd - ok
    14:45:35.0752 4072 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    14:45:35.0783 4072 Wdf01000 - ok
    14:45:35.0830 4072 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    14:45:35.0830 4072 WdiServiceHost - ok
    14:45:35.0845 4072 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    14:45:35.0861 4072 WdiSystemHost - ok
    14:45:35.0923 4072 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    14:45:35.0939 4072 WebClient - ok
    14:45:36.0781 4072 WebrootSpySweeperService (c821918a1a6ece8255b9efd437d38b4e) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    14:45:36.0781 4072 Suspicious file (NoAccess): C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe. md5: c821918a1a6ece8255b9efd437d38b4e
    14:45:36.0828 4072 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - warning
    14:45:36.0828 4072 WebrootSpySweeperService - detected LockedFile.Multi.Generic (1)
    14:45:37.0031 4072 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
    14:45:37.0047 4072 Wecsvc - ok
    14:45:37.0093 4072 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    14:45:37.0093 4072 wercplsupport - ok
    14:45:37.0140 4072 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
    14:45:37.0156 4072 WerSvc - ok
    14:45:37.0343 4072 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    14:45:37.0374 4072 winachsf - ok
    14:45:37.0499 4072 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    14:45:37.0515 4072 WinDefend - ok
    14:45:37.0546 4072 WinHttpAutoProxySvc - ok
    14:45:37.0655 4072 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    14:45:37.0655 4072 Winmgmt - ok
    14:45:37.0842 4072 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
    14:45:37.0889 4072 WinRM - ok
    14:45:38.0029 4072 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
    14:45:38.0045 4072 Wlansvc - ok
    14:45:38.0139 4072 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:45:38.0139 4072 WmiAcpi - ok
    14:45:38.0232 4072 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    14:45:38.0248 4072 wmiApSrv - ok
    14:45:38.0497 4072 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    14:45:38.0529 4072 WMPNetworkSvc - ok
    14:45:38.0607 4072 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    14:45:38.0622 4072 WPCSvc - ok
    14:45:38.0669 4072 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    14:45:38.0685 4072 WPDBusEnum - ok
    14:45:38.0763 4072 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    14:45:38.0778 4072 WpdUsb - ok
    14:45:39.0043 4072 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:45:39.0059 4072 WPFFontCache_v0400 - ok
    14:45:39.0387 4072 WRConsumerService (091bde599fadc61df91150557462de14) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    14:45:39.0433 4072 WRConsumerService - ok
    14:45:39.0621 4072 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    14:45:39.0621 4072 ws2ifsl - ok
    14:45:39.0683 4072 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
    14:45:39.0699 4072 wscsvc - ok
    14:45:39.0714 4072 WSearch - ok
    14:45:40.0057 4072 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
    14:45:40.0135 4072 wuauserv - ok
    14:45:40.0385 4072 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:45:40.0401 4072 WUDFRd - ok
    14:45:40.0447 4072 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    14:45:40.0463 4072 wudfsvc - ok
    14:45:40.0510 4072 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    14:45:40.0510 4072 XAudio - ok
    14:45:40.0603 4072 XAudioService (31d3da3858c5dd6b58dbc40b0cb5641b) C:\Windows\system32\DRIVERS\xaudio.exe
    14:45:40.0619 4072 XAudioService - ok
    14:45:40.0713 4072 ZeoScanner (3fb1f9c11af05f2f414f2c5045932d48) C:\Windows\system32\DRIVERS\zeoscanner.sys
    14:45:40.0713 4072 ZeoScanner - ok
    14:45:40.0759 4072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:45:41.0056 4072 \Device\Harddisk0\DR0 - ok
    14:45:41.0071 4072 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    14:45:41.0087 4072 \Device\Harddisk1\DR1 - ok
    14:45:41.0103 4072 Boot (0x1200) (7b9dc6b17defcc2bf85c9035671597bb) \Device\Harddisk0\DR0\Partition0
    14:45:41.0118 4072 \Device\Harddisk0\DR0\Partition0 - ok
    14:45:41.0134 4072 Boot (0x1200) (e2bdf2114a9bddb2c4fd0f8404926e71) \Device\Harddisk0\DR0\Partition1
    14:45:41.0134 4072 \Device\Harddisk0\DR0\Partition1 - ok
    14:45:41.0149 4072 Boot (0x1200) (6909c472b4de3157a3088bf9e2c15a74) \Device\Harddisk1\DR1\Partition0
    14:45:41.0149 4072 \Device\Harddisk1\DR1\Partition0 - ok
    14:45:41.0165 4072 ============================================================
    14:45:41.0165 4072 Scan finished
    14:45:41.0165 4072 ============================================================
    14:45:41.0196 1616 Detected object count: 6
    14:45:41.0196 1616 Actual detected object count: 6
    14:46:07.0295 1616 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
    14:46:07.0342 1616 C:\Windows\$NtUninstallKB27935$\3549970808\@ - copied to quarantine
    14:46:07.0373 1616 C:\Windows\$NtUninstallKB27935$\3549970808\L\qnbwvoto - copied to quarantine
    14:46:07.0389 1616 C:\Windows\$NtUninstallKB27935$\3549970808\loader.tlb - copied to quarantine
    14:46:07.0404 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@00000001 - copied to quarantine
    14:46:07.0435 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000c0 - copied to quarantine
    14:46:07.0451 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cb - copied to quarantine
    14:46:07.0467 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cf - copied to quarantine
    14:46:07.0498 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@80000000 - copied to quarantine
    14:46:07.0529 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000c0 - copied to quarantine
    14:46:07.0560 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cb - copied to quarantine
    14:46:07.0591 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cf - copied to quarantine
    14:46:07.0607 1616 C:\Windows\assembly\GAC_MSIL\desktop.ini - copied to quarantine
    14:46:07.0607 1616 C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
    14:46:07.0623 1616 C:\Users\New 2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
    14:46:07.0638 1616 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
    14:46:08.0262 1616 Backup copy found, using it..
    14:46:08.0574 1616 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
    14:46:08.0855 1616 C:\WINDOWS\System32\c_10410.nls - will be deleted on reboot
    14:46:11.0398 1616 C:\Windows\$NtUninstallKB27935$\3549970808\@ - will be deleted on reboot
    14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\loader.tlb - will be deleted on reboot
    14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@00000001 - will be deleted on reboot
    14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000c0 - will be deleted on reboot
    14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cb - will be deleted on reboot
    14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cf - will be deleted on reboot
    14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@80000000 - will be deleted on reboot
    14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000c0 - will be deleted on reboot
    14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cb - will be deleted on reboot
    14:46:11.0445 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cf - will be deleted on reboot
    14:46:11.0445 1616 C:\Windows\$NtUninstallKB27935$\3734911066 - will be deleted on reboot
    14:46:11.0445 1616 C:\Windows\assembly\GAC_MSIL\desktop.ini - will be deleted on reboot
    14:46:11.0445 1616 C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
    14:46:11.0445 1616 C:\Users\New 2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
    14:46:11.0445 1616 cdrom ( Virus.Win32.ZAccess.g ) - User select action: Cure
    14:46:11.0507 1616 C:\Windows\2017564883:744996487.exe - copied to quarantine
    14:46:11.0507 1616 HKLM\SYSTEM\ControlSet001\services\d3984178 - will be deleted on reboot
    14:46:11.0538 1616 HKLM\SYSTEM\ControlSet010\services\d3984178 - will be deleted on reboot
    14:46:11.0569 1616 C:\Windows\2017564883:744996487.exe - will be deleted on reboot
    14:46:11.0569 1616 d3984178 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
    14:46:11.0647 1616 C:\Windows\system32\CBN.dll - copied to quarantine
    14:46:11.0647 1616 HKLM\SYSTEM\ControlSet001\services\Exportit - will be deleted on reboot
    14:46:11.0647 1616 HKLM\SYSTEM\ControlSet010\services\Exportit - will be deleted on reboot
    14:46:11.0663 1616 C:\Windows\system32\CBN.dll - will be deleted on reboot
    14:46:11.0663 1616 Exportit ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    14:46:11.0679 1616 MBAMService ( LockedFile.Multi.Generic ) - skipped by user
    14:46:11.0679 1616 MBAMService ( LockedFile.Multi.Generic ) - User select action: Skip
    14:46:11.0679 1616 NIS ( LockedFile.Multi.Generic ) - skipped by user
    14:46:11.0679 1616 NIS ( LockedFile.Multi.Generic ) - User select action: Skip
    14:46:11.0694 1616 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - skipped by user
    14:46:11.0694 1616 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - User select action: Skip
    14:46:23.0238 2804 Deinitialize success
     
  13. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    DDS worked with no problems. The logs for that are above. TDsskiller worked fine and found around 8 threats. 3 were just locked files of programs I have and were skipped and the rest were deleted or quarantined. The log is above in two parts. I scanned again and the only things that were found were the locked files that were skipped. What should I do next?
     
  14. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    One more thing I ran TDssKiller after I ran DDS so would you like me to run DDS again to see if tdsskiller made a difference?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    No.

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  16. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Boot Cleaner Log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
    001), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
    Press any key to quit...
     
  17. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    aswMBR Log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-25 16:58:41
    -----------------------------
    16:58:41.586 OS Version: Windows 6.0.6001 Service Pack 1
    16:58:41.586 Number of processors: 2 586 0x301
    16:58:41.586 ComputerName: LUKEMONEY-PC UserName: New 2
    16:58:58.497 Initialize success
    17:00:16.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    17:00:16.830 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
    17:00:16.861 Disk 0 MBR read successfully
    17:00:16.861 Disk 0 MBR scan
    17:00:16.877 Disk 0 Windows 7 default MBR code
    17:00:16.892 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 228380 MB offset 63
    17:00:16.924 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10091 MB offset 467724288
    17:00:16.939 Disk 0 scanning sectors +488390656
    17:00:17.126 Disk 0 scanning C:\Windows\system32\drivers
    17:00:29.045 Service scanning
    17:00:58.108 Modules scanning
    17:01:38.231 Disk 0 trace - called modules:
    17:01:38.262 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    17:01:38.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c91ac8]
    17:01:38.808 3 CLASSPNP.SYS[82b67745] -> nt!IofCallDriver -> [0x859e3918]
    17:01:38.839 5 acpi.sys[82a0b6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86353a40]
    17:01:38.870 Scan finished successfully
    17:01:50.945 Disk 0 MBR has been saved successfully to "C:\Users\New 2\Desktop\MBR.dat"
    17:01:51.007 The log file has been saved successfully to "C:\Users\New 2\Desktop\aswMBR.txt"


    What next?
     
  18. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Looks good.

    See if you can update and run MBAM now.
     
  19. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    MalwareBytes now works. Here is the log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.04.08
    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19048
    New 2 :: LUKEMONEY-PC [administrator]
    Protection: Disabled
    5/25/2012 5:43:29 PM
    mbam-log-2012-05-25 (17-43-29).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 248804
    Time elapsed: 42 minute(s), 8 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKLM\SYSTEM\CurrentControlSet\Services\MBAMService (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (Spyware.MarketScore) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Malwarebytes' Anti-Malware (Spyware.MarketScore) -> Data: "C:\Program Files\RelevantKnowledge\mbamgui.exe" /starttray -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 4
    C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
    C:\Program Files\RelevantKnowledge\Chameleon (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
    Files Detected: 83
    C:\WINDOWS\System32\elbycdfl.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\oracleorahome92pagingserver.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\CoolerXPDriver.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\harmony.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\mpfservice.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\MRESP50a64.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\napagent.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\NeroMediaHomeService.4.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\nfsds.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\Rawwan.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\rdnaoflsvc.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\roxwatch.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\tcpip6.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\amoagent.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\efs.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HH3Z65KL\MPLSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
    c:\program files\relevantknowledge\ (Spyware.MarketScore) -> Delete on reboot.
    C:\Program Files\RelevantKnowledge\changes.rtf (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\license.txt (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbam.chm (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbam.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbam.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbamcore.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbamgui.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbamnet.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\mbamservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\RelevantKnowledge.arc (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\unins000.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\unins000.msg (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\chameleon.chm (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\firefox.com (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\firefox.pif (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\firefox.scr (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\iexplore.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.com (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.pif (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.scr (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\mbam-killer.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\rundll32.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\svchost.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Chameleon\winlogon.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\greek.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\arabic.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\bosnian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\bulgarian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\catalan.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\chineseSI.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\chineseTR.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\croatian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\czech.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\danish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\dutch.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\english.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\estonian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\finnish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\french.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\german.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\hebrew.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\hungarian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\italian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\latvian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\lithuanian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\macedonian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\norwegian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\polish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\portugueseBR.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\portuguesePT.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\romanian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\russian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\serbian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\slovak.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\slovenian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\spanish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\swedish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\thai.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\turkish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\Program Files\RelevantKnowledge\Languages\vietnamese.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    (end)

    Is my system clean? What should I do next?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Not quite yet, but we're getting there.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    CoboFix ran fine I did not have to use Rkill. Here is the log:

    ComboFix 12-05-25.03 - New 2 05/25/2012 20:39:44.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1969 [GMT -7:00]
    Running from: c:\users\New 2\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
    c:\windows\$NtUninstallKB27935$\3549970808\L\qnbwvoto
    c:\windows\2017564883
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\system32\
    c:\windows\system32\cwafadmincontroller.dll
    c:\windows\system32\dds_log_ad13.cmd
    c:\windows\system32\dds_log_trash.cmd
    c:\windows\system32\shsvcs.dll.vgorg
    c:\windows\system32\themeui.dll.vgorg
    c:\windows\system32\uxtheme.dll.vgorg
    c:\windows\system32\drivers\ . . . . Failed to delete
    .
    Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
    Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    .
    Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
    Restored copy from - c:\program files\Google\Update\
    .
    Infected copy of c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe was found and disinfected
    Restored copy from - c:\program files\Hewlett-Packard\HP Health Check\
    .
    Infected copy of c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe was found and disinfected
    Restored copy from - c:\program files\Hewlett-Packard\Shared\
    .
    c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . is infected!!
    c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
    Restored copy from - c:\program files\iPod\bin\
    .
    Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected
    Restored copy from - c:\program files\Common Files\LightScribe\
    .
    c:\windows\system32\nvvsvc.exe . . . is infected!!
    c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to
    .
    c:\windows\SMINST\BLService.exe . . . is infected!!
    c:\windows\SMINST\BLService.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe was found and disinfected
    Restored copy from - c:\program files\NVIDIA Corporation\3D Vision\
    .
    c:\program files\Viewpoint\Common\ViewpointService.exe . . . is infected!!
    c:\program files\Viewpoint\Common\ViewpointService.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_RelevantKnowledge
    -------\Service_PCKeeperService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 04:18 . 2012-05-26 04:50 -------- d-----w- c:\users\New 2\AppData\Local\temp
    2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-05-26 00:42 . 2012-05-26 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-25 21:46 . 2012-05-25 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-25 20:32 . 2012-05-25 20:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2012-05-25 06:29 . 2012-05-25 06:30 -------- d-----w- c:\program files\ForGayViruses
    2012-05-25 05:57 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\users\New 2\AppData\Roaming\Malwarebytes
    2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-05 23:43 . 2012-05-05 23:43 -------- d-----w- c:\program files\Sierra
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-25 21:47 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-04-05 12:37 . 2012-04-05 12:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-08-08 17:55 . 2011-08-08 17:54 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
    2009-03-16 21:36 . 2009-03-16 21:36 1691464 ----a-w- c:\program files\dsetup32.dll
    2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe
    2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll
    2012-02-21 16:09 . 2011-04-02 14:48 0 ----a-w- c:\program files\opera\program\plugins\dapop.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
    2011-07-11 18:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cracked Steam Service"="c:\program files\steam\Cracked Steam.exe" [2011-04-26 337496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "GameBooster.exe"="c:\program files\IObit\Game Booster\GameBooster.exe" [2011-10-28 2185560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Exportit
    vnxservice
    EACSvrMngr
    ifxtcs
    Si3132
    MTDVC2
    AppnApi
    dtsrvc
    bocdrive
    rootmodem
    sentinel
    roxliveshare9
    mcshield
    pensup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
    TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKU-Default-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
    HKU-Default-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
    HKU-Default-Run-HKCU - c:\windows\System32\install\winchk.exe
    HKU-Default-Run-AOL Fast Start - c:\program files\AOL 9.0a\AOL.EXE
    HKU-Default-Explorer_Run-Policies - c:\windows\System32\install\winchk.exe
    SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    SafeBoot-15610563.sys
    MSConfigStartUp-Cracked Steam - (no file)
    MSConfigStartUp-ehTray - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-25 21:50
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:95,db,4a,fd,b4,f6,da,34,10,31,95,4c,79,69,73,6a,a6,a3,fe,e2,61,b4,86,
    2e,10,90,8d,4e,7a,4a,89,d6,49,e8,5d,52,09,7d,f0,f4,b3,01,b5,25,f2,dc,c9,10,\
    "??"=hex:dd,a1,0c,94,ce,1e,e7,50,fe,a5,4a,82,98,89,ca,bb
    .
    [HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\License information*]
    "datasecu"=hex:51,f5,eb,1b,e0,d2,cd,39,6d,57,da,42,6c,3f,5e,60,37,2e,e5,fd,34,
    0f,e4,6a,67,11,d1,1a,98,49,12,06,c3,d3,3d,06,74,be,fd,a7,55,f8,54,81,b3,e7,\
    "rkeysecu"=hex:b4,47,27,73,ba,8f,7d,1f,e8,ad,6d,b4,3d,b4,8b,03
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-25 22:01:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-26 05:01
    .
    Pre-Run: 41,791,078,400 bytes free
    Post-Run: 41,408,897,024 bytes free
    .
    - - End Of File - - 67D2CA3BA79C56D45D3B5A7E1F1641F8

    Whats next Broni?
     
  22. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Uninstall Advanced SystemCare 5.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==================================================================================

    Is your Norton in working condition or do I see some leftovers?

    Please re-run Combofix one more time.
     
  23. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Yup I have not use advanced system care 5 in awhile and I pledged not to use it after you said the same thing to someone on another thread. Also I need the internet to activate norton. The internet could not be used on my laptop when I tried to install a spare copy of norton that my friend had so I could get rid of the viruses. Ok ill run combofix again. Hopefully it will go quicker this time. The last time took 4 hours.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    We'll see about your internet when you're done with Combofix.
     
  25. Havingphun

    Havingphun TS Member Topic Starter Posts: 84

    Here is the log:

    ComboFix 12-05-25.03 - New 2 05/25/2012 23:13:38.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.2255 [GMT -7:00]
    Running from: c:\users\New 2\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 06:35 . 2012-05-26 06:40 -------- d-----w- c:\users\New 2\AppData\Local\temp
    2012-05-26 06:35 . 2012-05-26 06:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-05-26 06:35 . 2012-05-26 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-26 00:42 . 2012-05-26 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-25 21:46 . 2012-05-25 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-25 20:32 . 2012-05-25 20:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2012-05-25 06:29 . 2012-05-25 06:30 -------- d-----w- c:\program files\ForGayViruses
    2012-05-25 05:57 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\users\New 2\AppData\Roaming\Malwarebytes
    2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-05 23:43 . 2012-05-05 23:43 -------- d-----w- c:\program files\Sierra
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-25 21:47 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-04-05 12:37 . 2012-04-05 12:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-08-08 17:55 . 2011-08-08 17:54 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
    2009-03-16 21:36 . 2009-03-16 21:36 1691464 ----a-w- c:\program files\dsetup32.dll
    2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe
    2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll
    2012-02-21 16:09 . 2011-04-02 14:48 0 ----a-w- c:\program files\opera\program\plugins\dapop.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
    2011-07-11 18:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cracked Steam Service"="c:\program files\steam\Cracked Steam.exe" [2011-04-26 337496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "GameBooster.exe"="c:\program files\IObit\Game Booster\GameBooster.exe" [2011-10-28 2185560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Exportit
    vnxservice
    EACSvrMngr
    ifxtcs
    Si3132
    MTDVC2
    AppnApi
    dtsrvc
    bocdrive
    rootmodem
    sentinel
    roxliveshare9
    mcshield
    pensup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
    TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-25 23:40
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:95,db,4a,fd,b4,f6,da,34,10,31,95,4c,79,69,73,6a,a6,a3,fe,e2,61,b4,86,
    2e,10,90,8d,4e,7a,4a,89,d6,49,e8,5d,52,09,7d,f0,f4,b3,01,b5,25,f2,dc,c9,10,\
    "??"=hex:dd,a1,0c,94,ce,1e,e7,50,fe,a5,4a,82,98,89,ca,bb
    .
    [HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\License information*]
    "datasecu"=hex:51,f5,eb,1b,e0,d2,cd,39,6d,57,da,42,6c,3f,5e,60,37,2e,e5,fd,34,
    0f,e4,6a,67,11,d1,1a,98,49,12,06,c3,d3,3d,06,74,be,fd,a7,55,f8,54,81,b3,e7,\
    "rkeysecu"=hex:b4,47,27,73,ba,8f,7d,1f,e8,ad,6d,b4,3d,b4,8b,03
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-25 23:49:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-26 06:49
    ComboFix2.txt 2012-05-26 05:01
    .
    Pre-Run: 41,519,587,328 bytes free
    Post-Run: 41,359,884,288 bytes free
    .
    - - End Of File - - A89A146C098208CBDF0D68FF819627F2


    I want to check my internet but the only internet I have where I live is dial up. Its aol and my laptop does not have a copy of the aol program on it. I have to find the install cd to get it to work. Also combofix said that a virus insterted itself in the tcp/ip stack and that it would try to fix it. It said that the second time too. So I don't know if it will work until I can go to my friends and try on their internet. But the virus was also causing most programs that I installed to give this error when I tried to run them: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item." All of these programs worked before and never had that error. I checked the permissions then and I had permission to use them. Should I reinstall one of the programs that had that error. Also combofix only took 30 minutes to run this time.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.