TechSpot

Windows 7 maniacally uploads/downloads upon connecting – Malwarebytes installation ac

Solved
By SCnative
Feb 21, 2012
  1. Thank you in advance for any help you can offer.

    When I log into my Windows 7 computer, the moment it gets an internet connection, it begins to automatically upload/download data relentlessly. I thought it must be some sort of automatic update process by windows or some other software but this does not seem to be the case.

    My Firefox browser will not even open. When I open IE it might navigate to a web page or it might not and if it does it does it slowly.

    I had an updated version of Malwarebytes on my computer but it will not let me run it, even in safe mode. I tried to re-install it off of my usb drive (since my internet connection is basically useless) and access is denied.

    I’m not sure what to do next and do not want to run combofix unless instructed to do so.
    Please advise and again, thank you for your help.

    SJ
     
  2. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  3. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Thanks.

    I'll try this when I get home tonight. My work computer (county school district network) will not let me download the file (it sees it as a threat) but I will do it on my son's computer when I get home. I'll get back asap and again, thanks.

    SJ
     
  4. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Very well......
     
  5. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Latest ...

    OK. I created the CD and booted from it. I double-clicked on OTLPE and a Browse For Folder window came up asking me to Choose Windows Directory. I selected Local Disk (E:)/Windows. It did not ask Do you wish to load the remote registry?. But everything else was as described. Please see copied file below:

    OTL logfile created on: 2/21/2012 8:15:45 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows 7 Home Premium (Version = 6.1.7600) - Type = System
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\windows | %ProgramFiles% = E:\Program Files
    Drive C: | 200.00 Mb Total Space | 171.87 Mb Free Space | 85.94% Space Free | Partition Type: NTFS
    Drive D: | 30.25 Gb Total Space | 29.59 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
    Drive E: | 187.67 Gb Total Space | 88.77 Gb Free Space | 47.30% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/11/14 04:16:38 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto] -- E:\Users\Sullivan\AppData\Local\Temp\7zS36B2\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
    SRV - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] -- E:\windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- E:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
    SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- E:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
    SRV - [2010/05/07 07:16:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/07/28 09:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand] -- E:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
    SRV - [2009/07/28 09:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand] -- E:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
    SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- E:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
    SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
    SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/01/11 12:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
    DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01)
    DRV - [2011/04/14 13:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- E:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 13:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 13:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 13:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/09 04:56:16 | 000,054,800 | ---- | M] () [Kernel | System] -- E:\windows\System32\drivers\funfrm.sys -- (funfrm)
    DRV - [2009/07/30 04:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/28 16:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
    DRV - [2009/07/21 16:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wsvd.sys -- (wsvd)
    DRV - [2009/07/16 07:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2009/05/19 08:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV - [2009/03/13 11:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/08/06 07:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2000/02/22 14:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto] -- E:\windows\System32\drivers\TICalc.sys -- (TICalc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14597
    IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 31 A3 EF 1F 43 CB 01 [binary data]
    IE - HKU\Sullivan_ON_E\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\Sullivan_ON_E\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\Sullivan_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Sullivan_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: E:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/20 16:34:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 01:33:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 01:33:08 | 000,000,000 | ---D | M]

    [2012/02/17 01:33:08 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
    [2012/02/17 01:33:08 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/06/05 21:10:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- E:\Program Files\mozilla firefox\components\Scriptff.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/12 10:32:02 | 000,002,252 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/03/28 11:56:18 | 000,002,035 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\fcmdSrchFxt.xml
    [2012/02/12 10:32:02 | 000,002,040 | -H-- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - E:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111002181022.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] E:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Energy Management] E:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] E:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4 - HKLM..\Run: [facemoods] E:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)
    O4 - HKLM..\Run: [HandyShareStartup] E:\Program Files\ZOOM\HandyShare\HandyShare_startup.exe ()
    O4 - HKLM..\Run: [IAAnotif] E:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IdeaNotesUser] E:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PLFSetL] File not found
    O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [snp2uvc] File not found
    O4 - HKLM..\Run: [UpdateP2GShortCut] E:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VeriFaceManager] File not found
    O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: Error locating startup folders.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/21 19:24:03 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/02/20 19:54:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- E:\Users\Sullivan\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/02/13 20:22:04 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\DF366
    [2012/02/13 20:21:27 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\E89DF
    [2012/02/13 20:15:13 | 000,000,000 | -H-D | C] -- E:\Program Files\DF366
    [2012/02/13 20:14:37 | 000,000,000 | -H-D | C] -- E:\Program Files\LP
    [2012/02/12 16:29:55 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Local\fxMobileman
    [2012/02/12 11:27:38 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\Desktop\CofCSpring2012
    [2012/02/05 19:15:14 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\Desktop\MadoxPiano
    [2011/02/06 14:04:12 | 000,018,944 | ---- | C] ( ) -- E:\windows\System32\implode.dll
    [2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- E:\windows\System32\IGFXDEVLib.dll
    [2009/11/09 04:54:58 | 000,196,608 | ---- | C] ( ) -- E:\windows\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/02/21 19:33:25 | 000,067,584 | --S- | M] () -- E:\windows\bootstat.dat
    [2012/02/21 19:29:42 | 000,009,920 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/21 19:29:42 | 000,009,920 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/21 19:26:35 | 000,671,028 | ---- | M] () -- E:\windows\System32\perfh009.dat
    [2012/02/21 19:26:35 | 000,124,186 | ---- | M] () -- E:\windows\System32\perfc009.dat
    [2012/02/21 19:24:03 | 000,001,828 | ---- | M] () -- E:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2012/02/21 19:24:03 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/02/21 19:21:56 | 000,000,886 | ---- | M] () -- E:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/21 19:21:19 | 2384,920,576 | -HS- | M] () -- E:\hiberfil.sys
    [2012/02/21 19:17:21 | 000,000,890 | ---- | M] () -- E:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/20 20:31:55 | 000,002,239 | ---- | M] () -- E:\Users\Sullivan\Desktop\OneKey Recovery.lnk
    [2012/02/20 20:01:24 | 001,008,141 | ---- | M] () -- E:\Users\Sullivan\Desktop\rkill.com
    [2012/02/20 19:53:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- E:\Users\Sullivan\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/02/20 19:38:28 | 295,525,473 | ---- | M] () -- E:\windows\MEMORY.DMP
    [2012/02/17 01:34:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI InterActive!
    [2012/02/17 01:34:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    [2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/02/17 01:33:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZOOM
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Converter
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathType 6
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Notes
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Idea Central
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\HM Testing
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diploma 6
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft iPod to Computer
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor
    [2012/02/15 21:38:39 | 000,006,512 | ---- | M] () -- E:\bootsqm.dat
    [2012/01/23 20:01:25 | 007,624,620 | ---- | M] () -- E:\Users\Sullivan\Documents\Backup-(2012-01-23).ipd

    ========== Files Created - No Company Name ==========

    [2012/02/20 20:01:50 | 001,008,141 | ---- | C] () -- E:\Users\Sullivan\Desktop\rkill.com
    [2012/02/15 21:38:39 | 000,006,512 | ---- | C] () -- E:\bootsqm.dat
    [2012/01/23 20:01:25 | 007,624,620 | ---- | C] () -- E:\Users\Sullivan\Documents\Backup-(2012-01-23).ipd
    [2011/08/27 16:25:00 | 000,000,209 | ---- | C] () -- E:\windows\IC32.INI
    [2011/02/06 14:04:17 | 000,039,936 | ---- | C] () -- E:\windows\System32\Crxlat32.dll
    [2011/02/06 14:04:16 | 000,131,072 | ---- | C] () -- E:\windows\System32\P2sodbc.dll
    [2011/02/06 14:04:16 | 000,054,272 | ---- | C] () -- E:\windows\System32\P2irdao.dll
    [2011/02/06 14:04:16 | 000,050,176 | ---- | C] () -- E:\windows\System32\P2ctdao.dll
    [2011/02/06 14:04:12 | 000,748,160 | ---- | C] () -- E:\windows\System32\Co2c40en.dll
    [2011/02/06 14:04:11 | 000,409,600 | ---- | C] () -- E:\windows\System32\Tx32.dll
    [2011/02/06 14:04:11 | 000,210,944 | ---- | C] () -- E:\windows\System32\msvcrt10.dll
    [2011/02/06 14:04:11 | 000,000,151 | ---- | C] () -- E:\windows\System32\ic32.ini
    [2011/02/06 14:04:10 | 000,032,768 | ---- | C] () -- E:\windows\System32\textbmp.dll
    [2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- E:\windows\System32\igcompkrng500.bin
    [2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- E:\windows\System32\igkrng500.bin
    [2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- E:\windows\System32\igfcg500m.bin
    [2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- E:\windows\System32\GfxUI.exe.config
    [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- E:\windows\System32\iglhsip32.dll
    [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- E:\windows\System32\iglhcp32.dll
    [2010/03/12 10:36:43 | 000,057,344 | ---- | C] () -- E:\windows\System32\ff_vfw.dll
    [2009/11/09 04:56:59 | 002,110,728 | ---- | C] () -- E:\windows\System32\Apblend.dll
    [2009/11/09 04:56:59 | 001,410,312 | ---- | C] () -- E:\windows\System32\IcnOvrly.dll
    [2009/11/09 04:56:59 | 001,171,456 | ---- | C] () -- E:\windows\System32\PicNotify.dll
    [2009/11/09 04:56:59 | 000,660,744 | ---- | C] () -- E:\windows\System32\EncIcons.dll
    [2009/11/09 04:56:59 | 000,513,288 | ---- | C] () -- E:\windows\System32\SimpleExt.dll
    [2009/11/09 04:56:48 | 001,044,480 | ---- | C] () -- E:\windows\System32\3DImageRenderer.dll
    [2009/11/09 04:56:16 | 000,057,344 | ---- | C] () -- E:\windows\AsfHelper.dll
    [2009/11/09 04:56:16 | 000,054,800 | ---- | C] () -- E:\windows\System32\drivers\funfrm.sys
    [2009/11/09 04:54:58 | 001,759,616 | ---- | C] () -- E:\windows\System32\drivers\snp2uvc.sys
    [2009/11/09 04:54:58 | 000,028,544 | ---- | C] () -- E:\windows\System32\drivers\sncduvc.sys
    [2009/11/09 04:54:58 | 000,015,497 | ---- | C] () -- E:\windows\snp2uvc.ini
    [2009/11/09 04:53:34 | 000,140,288 | ---- | C] () -- E:\windows\System32\igfxtvcx.dll
    [2009/11/09 04:49:42 | 000,016,648 | R--- | C] () -- E:\windows\System32\LogAPI.dll
    [2009/11/09 04:47:44 | 000,134,592 | ---- | C] () -- E:\windows\System32\igfcg500.bin
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,502,272 | ---- | C] () -- E:\windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,671,028 | ---- | C] () -- E:\windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,124,186 | ---- | C] () -- E:\windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\windows\System32\dssec.dat
    [2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- E:\windows\System32\DShowRdpFilter.dll
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\windows\System32\BWContextHandler.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\windows\System32\mlang.dat
    [2008/06/30 15:29:21 | 000,631,472 | ---- | C] () -- E:\windows\System32\brgrt.DLL
    [2007/11/21 11:57:29 | 000,581,872 | ---- | C] () -- E:\windows\System32\WODCERTIFICATE.DLL
    [1999/08/31 15:00:20 | 000,009,152 | ---- | C] () -- E:\windows\System32\drivers\TICalc.sys

    ========== LOP Check ==========

    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
    [2012/02/17 01:23:12 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
    [2012/02/17 01:23:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\DDNI
    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
    [2009/11/09 04:56:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\EasyCapture
    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
    [2009/11/09 05:00:48 | 000,000,000 | -H-D | M] -- E:\ProgramData\GuardID Systems
    [2010/03/13 05:49:29 | 000,000,000 | -H-D | M] -- E:\ProgramData\iBackup
    [2010/03/13 05:50:23 | 000,000,000 | -H-D | M] -- E:\ProgramData\iPodtoComputer
    [2009/11/09 05:01:08 | 000,000,000 | -H-D | M] -- E:\ProgramData\IsolatedStorage
    [2010/03/13 11:06:22 | 000,000,000 | -H-D | M] -- E:\ProgramData\Pixela
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Renaissance Learning
    [2010/03/12 10:41:18 | 000,000,000 | -H-D | M] -- E:\ProgramData\Research In Motion
    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
    [2012/02/17 01:33:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
    [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
    [2012/02/17 01:33:18 | 000,000,000 | -H-D | M] -- E:\ProgramData\{0769790C-DF98-48E4-8259-ECB2F6CC0E75}
    [2012/02/17 01:33:18 | 000,000,000 | ---D | M] -- E:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2012/02/17 01:23:48 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/03/12 10:47:47 | 000,000,000 | -H-D | M] -- E:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/04/21 20:50:57 | 000,032,586 | ---- | M] () -- E:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 123 bytes -> E:\ProgramData\Temp:8CE646EE
    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\Sullivan_ON_E\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2012/02/13 20:22:04 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\DF366
    [2012/02/13 20:21:27 | 000,000,000 | -H-D | C] -- E:\Users\Sullivan\AppData\Roaming\E89DF
    [2012/02/13 20:15:13 | 000,000,000 | -H-D | C] -- E:\Program Files\DF366
    @Alternate Data Stream - 123 bytes -> E:\ProgramData\Temp:8CE646EE
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Remove the CD and shut down computer manually.
    • Attempt to reboot normally into Windows.
     
  7. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Log file from fix

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\Sullivan_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    E:\Users\Sullivan\AppData\Roaming\DF366 folder moved successfully.
    E:\Users\Sullivan\AppData\Roaming\E89DF folder moved successfully.
    E:\Program Files\DF366 folder moved successfully.
    ADS E:\ProgramData\Temp:8CE646EE deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    OTLPE by OldTimer - Version 3.1.48.0 log created on 02212012_204305
     
  8. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    ...
     
  9. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Well ...

    I'm actually rebooting with the CD and then I'll reboot normally. I'll keep you posted.
     
  10. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    OK ...

    I booted it up and its still the same. When I enabled my internet connection it started up with the data transfer again, yet IE doesn't really work. I've had my internet connection disabled since yesterday to stop the data transfer. Malwarebytes installation is still Access Denied.
     
  11. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
     
  12. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Nirkmd

    Combofix is running...but keeps popping up"

    Windows cannot find 'NIRKMD'. Make sure you typrd the name correctly, and then try again.

    I just click ok and then it goes to the next stage ...
     
  13. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    That's fine. Disregard those messages.
     
  14. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Combofix Log

    Please advise ...Combo Fix Log:

    ComboFix 12-02-21.01 - Sullivan 02/21/2012 21:25:05.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3033.2032 [GMT -5:00]
    Running from: c:\users\Sullivan\Desktop\ComboFix.exe
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\facemoods.com
    c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
    c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.crx
    c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.png
    c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll
    c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll
    c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
    c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
    c:\program files\LP
    c:\program files\LP\E86E\42DA.tmp
    c:\program files\LP\E86E\9913.tmp
    c:\program files\LP\E86E\A40B.tmp
    c:\program files\LP\E86E\AC09.tmp
    c:\program files\LP\E86E\B222.tmp
    c:\users\Sullivan\AppData\Local\Temp\7zS36B2\HPSLPSVC32.DLL
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_HPSLPSVC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-22 02:39 . 2012-02-22 02:41 -------- d-----w- c:\users\Sullivan\AppData\Local\temp
    2012-02-22 02:39 . 2012-02-22 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-22 01:43 . 2012-02-22 01:43 -------- d-----w- C:\_OTL
    2012-02-12 21:29 . 2012-02-15 03:42 -------- d--h--w- c:\users\Sullivan\AppData\Local\fxMobileman
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 20:24 . 2010-05-03 04:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-24 04:23 . 2011-12-14 22:26 2340352 ----a-w- c:\windows\system32\win32k.sys
    2011-06-06 02:10 . 2011-06-06 02:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 18:01 . 2011-10-02 22:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
    "IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
    "UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "HandyShareStartup"="c:\program files\ZOOM\HandyShare\HandyShare_startup.exe" [2010-10-06 1729024]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2010-3-13 253952]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 136176]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 136176]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
    R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
    R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-07 1343400]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
    S1 funfrm;funfrm; [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
    S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
    S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 95200]
    S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:15]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=14597
    mStart Page = hxxp://lenovo.live.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Sullivan\AppData\Roaming\Mozilla\Firefox\Profiles\7frfk11a.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=29749e57-4bb1-474b-875b-aefa7f8deeed&apn_ptnrs=FV&apn_sauid=DB55345B-172C-40B2-9A5C-F772B6E46E51&apn_dtid=YYYYYYYYUS&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
    HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
    HKLM-Run-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe
    HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
    AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\conhost.exe
    c:\program files\Apoint2K\ApMsgFwd.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-21 21:50:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-22 02:50
    .
    Pre-Run: 95,004,246,016 bytes free
    Post-Run: 95,404,027,904 bytes free
    .
    - - End Of File - - 6396EBDACC17976DF6CEA6DBEC6F46D5
     
  15. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Looks good.

    See if you can....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  16. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    After I installed Avast ...

    ...my computer will not boot up in normal mode. It keeps giving me a blue screen memory dump. So I started it in safe mode and ran Avast and clean a couple of things and then tried to boot it up normally this morning and still the memory dump.

    I thank you so much for hanging with me on this. Any suggestions?
     
  17. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Oh ..

    the blue screen says something about iastor.sys
     
  18. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    While in safe mode....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  19. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Log ...

    OK ... it rebooted and hasnt dumped my memory .... here's the log from tdskiller ...

    13:02:02.0625 0864 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    13:02:02.0656 0864 ============================================================
    13:02:02.0656 0864 Current date / time: 2012/02/22 13:02:02.0656
    13:02:02.0656 0864 SystemInfo:
    13:02:02.0656 0864
    13:02:02.0656 0864 OS Version: 6.1.7600 ServicePack: 0.0
    13:02:02.0656 0864 Product type: Workstation
    13:02:02.0656 0864 ComputerName: SULLIVAN-PC
    13:02:02.0656 0864 UserName: Sullivan
    13:02:02.0656 0864 Windows directory: C:\windows
    13:02:02.0656 0864 System windows directory: C:\windows
    13:02:02.0656 0864 Processor architecture: Intel x86
    13:02:02.0656 0864 Number of processors: 2
    13:02:02.0656 0864 Page size: 0x1000
    13:02:02.0656 0864 Boot type: Safe boot
    13:02:02.0656 0864 ============================================================
    13:02:03.0249 0864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:02:03.0264 0864 \Device\Harddisk0\DR0:
    13:02:03.0264 0864 MBR used
    13:02:03.0264 0864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
    13:02:03.0264 0864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1775FAC0
    13:02:03.0280 0864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x177C52C0, BlocksNum 0x3C7E000
    13:02:03.0342 0864 Initialize success
    13:02:03.0342 0864 ============================================================
    13:02:05.0589 1424 ============================================================
    13:02:05.0589 1424 Scan started
    13:02:05.0589 1424 Mode: Manual;
    13:02:05.0589 1424 ============================================================
    13:02:06.0338 1424 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    13:02:06.0338 1424 1394ohci - ok
    13:02:06.0462 1424 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    13:02:06.0478 1424 ACPI - ok
    13:02:06.0572 1424 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    13:02:06.0572 1424 AcpiPmi - ok
    13:02:06.0665 1424 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
    13:02:06.0665 1424 ACPIVPC - ok
    13:02:06.0790 1424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    13:02:06.0806 1424 adp94xx - ok
    13:02:06.0915 1424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    13:02:06.0930 1424 adpahci - ok
    13:02:07.0024 1424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    13:02:07.0024 1424 adpu320 - ok
    13:02:07.0118 1424 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
    13:02:07.0118 1424 Afc - ok
    13:02:07.0227 1424 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
    13:02:07.0227 1424 AFD - ok
    13:02:07.0289 1424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    13:02:07.0289 1424 agp440 - ok
    13:02:07.0430 1424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    13:02:07.0430 1424 aic78xx - ok
    13:02:07.0539 1424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    13:02:07.0539 1424 aliide - ok
    13:02:07.0586 1424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    13:02:07.0586 1424 amdagp - ok
    13:02:07.0664 1424 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    13:02:07.0679 1424 amdide - ok
    13:02:07.0757 1424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    13:02:07.0757 1424 AmdK8 - ok
    13:02:07.0820 1424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    13:02:07.0820 1424 AmdPPM - ok
    13:02:07.0882 1424 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
    13:02:07.0898 1424 amdsata - ok
    13:02:08.0007 1424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    13:02:08.0007 1424 amdsbs - ok
    13:02:08.0054 1424 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
    13:02:08.0054 1424 amdxata - ok
    13:02:08.0178 1424 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\windows\system32\DRIVERS\Apfiltr.sys
    13:02:08.0178 1424 ApfiltrService - ok
    13:02:08.0288 1424 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    13:02:08.0288 1424 AppID - ok
    13:02:08.0475 1424 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    13:02:08.0475 1424 arc - ok
    13:02:08.0522 1424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    13:02:08.0522 1424 arcsas - ok
    13:02:08.0646 1424 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\windows\system32\drivers\aswFsBlk.sys
    13:02:08.0646 1424 aswFsBlk - ok
    13:02:08.0740 1424 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\windows\system32\drivers\aswMonFlt.sys
    13:02:08.0740 1424 aswMonFlt - ok
    13:02:08.0818 1424 aswRdr (352d5a48ebab35a7693b048679304831) C:\windows\system32\drivers\aswRdr.sys
    13:02:08.0818 1424 aswRdr - ok
    13:02:08.0927 1424 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\windows\system32\drivers\aswSnx.sys
    13:02:08.0943 1424 aswSnx - ok
    13:02:09.0068 1424 aswSP (010012597333da1f46c3243f33f8409e) C:\windows\system32\drivers\aswSP.sys
    13:02:09.0068 1424 aswSP - ok
    13:02:09.0177 1424 aswTdi (f9f84364416658e9786235904d448d37) C:\windows\system32\drivers\aswTdi.sys
    13:02:09.0177 1424 aswTdi - ok
    13:02:09.0270 1424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    13:02:09.0270 1424 AsyncMac - ok
    13:02:09.0395 1424 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    13:02:09.0395 1424 atapi - ok
    13:02:09.0536 1424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    13:02:09.0551 1424 b06bdrv - ok
    13:02:09.0660 1424 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
    13:02:09.0660 1424 b57nd60x - ok
    13:02:09.0863 1424 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
    13:02:09.0926 1424 BCM43XX - ok
    13:02:10.0066 1424 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    13:02:10.0066 1424 Beep - ok
    13:02:10.0160 1424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    13:02:10.0160 1424 blbdrive - ok
    13:02:10.0300 1424 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
    13:02:10.0300 1424 bowser - ok
    13:02:10.0362 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    13:02:10.0362 1424 BrFiltLo - ok
    13:02:10.0425 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    13:02:10.0425 1424 BrFiltUp - ok
    13:02:10.0503 1424 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
    13:02:10.0503 1424 Bridge0 - ok
    13:02:10.0628 1424 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
    13:02:10.0628 1424 BridgeMP - ok
    13:02:10.0752 1424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    13:02:10.0752 1424 Brserid - ok
    13:02:10.0799 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    13:02:10.0799 1424 BrSerWdm - ok
    13:02:10.0877 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    13:02:10.0877 1424 BrUsbMdm - ok
    13:02:10.0908 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    13:02:10.0908 1424 BrUsbSer - ok
    13:02:11.0002 1424 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
    13:02:11.0002 1424 BthEnum - ok
    13:02:11.0064 1424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    13:02:11.0064 1424 BTHMODEM - ok
    13:02:11.0127 1424 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    13:02:11.0127 1424 BthPan - ok
    13:02:11.0220 1424 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
    13:02:11.0220 1424 BTHPORT - ok
    13:02:11.0298 1424 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
    13:02:11.0298 1424 BTHUSB - ok
    13:02:11.0470 1424 catchme - ok
    13:02:11.0579 1424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    13:02:11.0579 1424 cdfs - ok
    13:02:11.0688 1424 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    13:02:11.0688 1424 cdrom - ok
    13:02:11.0829 1424 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\windows\system32\drivers\cfwids.sys
    13:02:11.0829 1424 cfwids - ok
    13:02:11.0876 1424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    13:02:11.0876 1424 circlass - ok
    13:02:11.0954 1424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    13:02:11.0954 1424 CLFS - ok
    13:02:12.0078 1424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    13:02:12.0078 1424 CmBatt - ok
    13:02:12.0125 1424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    13:02:12.0125 1424 cmdide - ok
    13:02:12.0219 1424 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    13:02:12.0219 1424 CNG - ok
    13:02:12.0328 1424 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
    13:02:12.0344 1424 CnxtHdAudService - ok
    13:02:12.0453 1424 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    13:02:12.0453 1424 Compbatt - ok
    13:02:12.0515 1424 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    13:02:12.0515 1424 CompositeBus - ok
    13:02:12.0609 1424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    13:02:12.0609 1424 crcdisk - ok
    13:02:12.0765 1424 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
    13:02:12.0765 1424 DfsC - ok
    13:02:12.0796 1424 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    13:02:12.0812 1424 discache - ok
    13:02:12.0905 1424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    13:02:12.0905 1424 Disk - ok
    13:02:12.0983 1424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    13:02:12.0983 1424 drmkaud - ok
    13:02:13.0092 1424 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
    13:02:13.0124 1424 DXGKrnl - ok
    13:02:13.0280 1424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    13:02:13.0342 1424 ebdrv - ok
    13:02:13.0482 1424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    13:02:13.0498 1424 elxstor - ok
    13:02:13.0560 1424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    13:02:13.0560 1424 ErrDev - ok
    13:02:13.0638 1424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    13:02:13.0638 1424 exfat - ok
    13:02:13.0685 1424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    13:02:13.0685 1424 fastfat - ok
    13:02:13.0763 1424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    13:02:13.0763 1424 fdc - ok
    13:02:13.0826 1424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    13:02:13.0826 1424 FileInfo - ok
    13:02:13.0872 1424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    13:02:13.0872 1424 Filetrace - ok
    13:02:13.0935 1424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    13:02:13.0935 1424 flpydisk - ok
    13:02:14.0013 1424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    13:02:14.0028 1424 FltMgr - ok
    13:02:14.0106 1424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    13:02:14.0106 1424 FsDepends - ok
    13:02:14.0184 1424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    13:02:14.0184 1424 Fs_Rec - ok
    13:02:14.0309 1424 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
    13:02:14.0325 1424 funfrm - ok
    13:02:14.0387 1424 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    13:02:14.0387 1424 fvevol - ok
    13:02:14.0496 1424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    13:02:14.0496 1424 gagp30kx - ok
    13:02:14.0574 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    13:02:14.0574 1424 GEARAspiWDM - ok
    13:02:14.0684 1424 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\windows\system32\drivers\grmnusb.sys
    13:02:14.0684 1424 grmnusb - ok
    13:02:14.0808 1424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    13:02:14.0824 1424 hcw85cir - ok
    13:02:14.0871 1424 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    13:02:14.0886 1424 HdAudAddService - ok
    13:02:14.0964 1424 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    13:02:14.0964 1424 HDAudBus - ok
    13:02:15.0011 1424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    13:02:15.0011 1424 HidBatt - ok
    13:02:15.0058 1424 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    13:02:15.0074 1424 HidBth - ok
    13:02:15.0120 1424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    13:02:15.0120 1424 HidIr - ok
    13:02:15.0214 1424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    13:02:15.0214 1424 HidUsb - ok
    13:02:15.0292 1424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    13:02:15.0308 1424 HpSAMD - ok
    13:02:15.0417 1424 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    13:02:15.0432 1424 HTTP - ok
    13:02:15.0495 1424 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    13:02:15.0495 1424 hwpolicy - ok
    13:02:15.0573 1424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    13:02:15.0588 1424 i8042prt - ok
    13:02:15.0682 1424 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    13:02:15.0698 1424 iaStor - ok
    13:02:15.0791 1424 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
    13:02:15.0791 1424 iaStorV - ok
    13:02:16.0088 1424 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
    13:02:16.0244 1424 igfx - ok
    13:02:16.0368 1424 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    13:02:16.0368 1424 iirsp - ok
    13:02:16.0400 1424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    13:02:16.0400 1424 intelide - ok
    13:02:16.0509 1424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    13:02:16.0509 1424 intelppm - ok
    13:02:16.0618 1424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    13:02:16.0618 1424 IpFilterDriver - ok
    13:02:16.0696 1424 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    13:02:16.0696 1424 IPMIDRV - ok
    13:02:16.0758 1424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    13:02:16.0758 1424 IPNAT - ok
    13:02:16.0883 1424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    13:02:16.0883 1424 IRENUM - ok
    13:02:16.0914 1424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    13:02:16.0914 1424 isapnp - ok
    13:02:16.0977 1424 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    13:02:16.0992 1424 iScsiPrt - ok
    13:02:17.0055 1424 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
    13:02:17.0055 1424 k57nd60x - ok
    13:02:17.0148 1424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    13:02:17.0148 1424 kbdclass - ok
    13:02:17.0211 1424 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    13:02:17.0211 1424 kbdhid - ok
    13:02:17.0320 1424 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
    13:02:17.0320 1424 KSecDD - ok
    13:02:17.0398 1424 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
    13:02:17.0414 1424 KSecPkg - ok
    13:02:17.0554 1424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    13:02:17.0554 1424 lltdio - ok
    13:02:17.0663 1424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    13:02:17.0663 1424 LSI_FC - ok
    13:02:17.0757 1424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    13:02:17.0757 1424 LSI_SAS - ok
    13:02:17.0804 1424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    13:02:17.0804 1424 LSI_SAS2 - ok
    13:02:17.0882 1424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    13:02:17.0882 1424 LSI_SCSI - ok
    13:02:18.0006 1424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    13:02:18.0006 1424 luafv - ok
    13:02:18.0162 1424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    13:02:18.0162 1424 megasas - ok
    13:02:18.0256 1424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    13:02:18.0256 1424 MegaSR - ok
    13:02:18.0381 1424 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\windows\system32\drivers\mfeapfk.sys
    13:02:18.0381 1424 mfeapfk - ok
    13:02:18.0459 1424 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\windows\system32\drivers\mfeavfk.sys
    13:02:18.0474 1424 mfeavfk - ok
    13:02:18.0568 1424 mfebopk (a528b15e330edb83ea649be318d841d5) C:\windows\system32\drivers\mfebopk.sys
    13:02:18.0568 1424 mfebopk - ok
    13:02:18.0646 1424 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\windows\system32\drivers\mfefirek.sys
    13:02:18.0662 1424 mfefirek - ok
    13:02:18.0740 1424 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\windows\system32\drivers\mfehidk.sys
    13:02:18.0740 1424 mfehidk - ok
    13:02:18.0833 1424 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\windows\system32\DRIVERS\mfenlfk.sys
    13:02:18.0833 1424 mfenlfk - ok
    13:02:18.0911 1424 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\windows\system32\drivers\mferkdet.sys
    13:02:18.0911 1424 mferkdet - ok
    13:02:19.0005 1424 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\windows\system32\drivers\mfewfpk.sys
    13:02:19.0020 1424 mfewfpk - ok
    13:02:19.0083 1424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    13:02:19.0083 1424 Modem - ok
    13:02:19.0145 1424 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    13:02:19.0161 1424 monitor - ok
    13:02:19.0254 1424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    13:02:19.0254 1424 mouclass - ok
    13:02:19.0395 1424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    13:02:19.0395 1424 mouhid - ok
    13:02:19.0457 1424 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    13:02:19.0457 1424 mountmgr - ok
    13:02:19.0504 1424 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    13:02:19.0504 1424 mpio - ok
    13:02:19.0582 1424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    13:02:19.0582 1424 mpsdrv - ok
    13:02:19.0660 1424 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    13:02:19.0660 1424 MRxDAV - ok
    13:02:19.0785 1424 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
    13:02:19.0785 1424 mrxsmb - ok
    13:02:19.0847 1424 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
    13:02:19.0863 1424 mrxsmb10 - ok
    13:02:19.0956 1424 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
    13:02:19.0956 1424 mrxsmb20 - ok
    13:02:20.0003 1424 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    13:02:20.0003 1424 msahci - ok
    13:02:20.0066 1424 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    13:02:20.0066 1424 msdsm - ok
    13:02:20.0175 1424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    13:02:20.0175 1424 Msfs - ok
    13:02:20.0222 1424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    13:02:20.0222 1424 mshidkmdf - ok
    13:02:20.0284 1424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    13:02:20.0284 1424 msisadrv - ok
    13:02:20.0378 1424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    13:02:20.0378 1424 MSKSSRV - ok
    13:02:20.0440 1424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    13:02:20.0440 1424 MSPCLOCK - ok
    13:02:20.0471 1424 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    13:02:20.0471 1424 MSPQM - ok
    13:02:20.0518 1424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    13:02:20.0518 1424 MsRPC - ok
    13:02:20.0580 1424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    13:02:20.0580 1424 mssmbios - ok
    13:02:20.0690 1424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    13:02:20.0690 1424 MSTEE - ok
    13:02:20.0721 1424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    13:02:20.0721 1424 MTConfig - ok
    13:02:20.0799 1424 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    13:02:20.0799 1424 Mup - ok
    13:02:20.0877 1424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    13:02:20.0877 1424 NativeWifiP - ok
    13:02:20.0970 1424 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    13:02:20.0986 1424 NDIS - ok
    13:02:21.0064 1424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    13:02:21.0064 1424 NdisCap - ok
    13:02:21.0173 1424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    13:02:21.0173 1424 NdisTapi - ok
    13:02:21.0251 1424 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    13:02:21.0251 1424 Ndisuio - ok
    13:02:21.0298 1424 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    13:02:21.0298 1424 NdisWan - ok
    13:02:21.0345 1424 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    13:02:21.0345 1424 NDProxy - ok
    13:02:21.0423 1424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    13:02:21.0423 1424 NetBIOS - ok
    13:02:21.0470 1424 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    13:02:21.0470 1424 NetBT - ok
    13:02:21.0641 1424 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
    13:02:21.0735 1424 netw5v32 - ok
    13:02:21.0828 1424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    13:02:21.0828 1424 nfrd960 - ok
    13:02:21.0922 1424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    13:02:21.0922 1424 Npfs - ok
    13:02:21.0953 1424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    13:02:21.0953 1424 nsiproxy - ok
    13:02:22.0078 1424 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
    13:02:22.0094 1424 Ntfs - ok
    13:02:22.0172 1424 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    13:02:22.0172 1424 Null - ok
    13:02:22.0218 1424 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
    13:02:22.0218 1424 nvraid - ok
    13:02:22.0312 1424 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
    13:02:22.0312 1424 nvstor - ok
    13:02:22.0374 1424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    13:02:22.0374 1424 nv_agp - ok
    13:02:22.0437 1424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    13:02:22.0437 1424 ohci1394 - ok
    13:02:22.0562 1424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    13:02:22.0562 1424 Parport - ok
    13:02:22.0640 1424 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    13:02:22.0655 1424 partmgr - ok
    13:02:22.0718 1424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    13:02:22.0718 1424 Parvdm - ok
    13:02:22.0764 1424 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    13:02:22.0780 1424 pci - ok
    13:02:22.0858 1424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    13:02:22.0858 1424 pciide - ok
    13:02:22.0920 1424 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    13:02:22.0920 1424 pcmcia - ok
    13:02:22.0998 1424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    13:02:22.0998 1424 pcw - ok
    13:02:23.0030 1424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    13:02:23.0061 1424 PEAUTH - ok
    13:02:23.0201 1424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    13:02:23.0201 1424 PptpMiniport - ok
    13:02:23.0264 1424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    13:02:23.0264 1424 Processor - ok
    13:02:23.0373 1424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    13:02:23.0373 1424 Psched - ok
    13:02:23.0498 1424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys
    13:02:23.0498 1424 PxHelp20 - ok
    13:02:23.0622 1424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    13:02:23.0654 1424 ql2300 - ok
    13:02:23.0732 1424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    13:02:23.0732 1424 ql40xx - ok
    13:02:23.0810 1424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    13:02:23.0810 1424 QWAVEdrv - ok
    13:02:23.0856 1424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    13:02:23.0856 1424 RasAcd - ok
    13:02:23.0950 1424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    13:02:23.0966 1424 RasAgileVpn - ok
    13:02:24.0059 1424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    13:02:24.0059 1424 Rasl2tp - ok
    13:02:24.0200 1424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    13:02:24.0200 1424 RasPppoe - ok
    13:02:24.0293 1424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    13:02:24.0293 1424 RasSstp - ok
    13:02:24.0340 1424 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    13:02:24.0340 1424 rdbss - ok
    13:02:24.0402 1424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    13:02:24.0402 1424 rdpbus - ok
    13:02:24.0465 1424 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    13:02:24.0465 1424 RDPCDD - ok
    13:02:24.0574 1424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    13:02:24.0574 1424 RDPENCDD - ok
    13:02:24.0590 1424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    13:02:24.0590 1424 RDPREFMP - ok
    13:02:24.0699 1424 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
    13:02:24.0699 1424 RDPWD - ok
    13:02:24.0808 1424 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    13:02:24.0808 1424 rdyboost - ok
    13:02:24.0917 1424 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    13:02:24.0917 1424 RFCOMM - ok
    13:02:25.0026 1424 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
    13:02:25.0026 1424 RimUsb - ok
    13:02:25.0120 1424 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
    13:02:25.0120 1424 RimVSerPort - ok
    13:02:25.0214 1424 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
    13:02:25.0214 1424 ROOTMODEM - ok
    13:02:25.0338 1424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    13:02:25.0338 1424 rspndr - ok
    13:02:25.0448 1424 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\System32\Drivers\RtsUStor.sys
    13:02:25.0463 1424 RSUSBSTOR - ok
    13:02:25.0541 1424 RtsUIR - ok
    13:02:25.0619 1424 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    13:02:25.0619 1424 sbp2port - ok
    13:02:25.0697 1424 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    13:02:25.0697 1424 scfilter - ok
    13:02:25.0822 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    13:02:25.0822 1424 secdrv - ok
    13:02:25.0931 1424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    13:02:25.0931 1424 Serenum - ok
    13:02:25.0994 1424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    13:02:25.0994 1424 Serial - ok
    13:02:26.0056 1424 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    13:02:26.0056 1424 sermouse - ok
    13:02:26.0150 1424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
    13:02:26.0150 1424 sffdisk - ok
    13:02:26.0228 1424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
    13:02:26.0228 1424 sffp_mmc - ok
    13:02:26.0274 1424 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
    13:02:26.0274 1424 sffp_sd - ok
    13:02:26.0352 1424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    13:02:26.0352 1424 sfloppy - ok
    13:02:26.0462 1424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    13:02:26.0462 1424 sisagp - ok
    13:02:26.0555 1424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    13:02:26.0555 1424 SiSRaid2 - ok
    13:02:26.0618 1424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    13:02:26.0618 1424 SiSRaid4 - ok
    13:02:26.0742 1424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    13:02:26.0742 1424 Smb - ok
    13:02:26.0898 1424 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\windows\system32\DRIVERS\snp2uvc.sys
    13:02:26.0930 1424 SNP2UVC - ok
    13:02:27.0008 1424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    13:02:27.0008 1424 spldr - ok
    13:02:27.0164 1424 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
    13:02:27.0164 1424 srv - ok
    13:02:27.0257 1424 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
    13:02:27.0273 1424 srv2 - ok
    13:02:27.0320 1424 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
    13:02:27.0320 1424 srvnet - ok
    13:02:27.0476 1424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    13:02:27.0476 1424 stexstor - ok
    13:02:27.0585 1424 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    13:02:27.0585 1424 swenum - ok
    13:02:27.0772 1424 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
    13:02:27.0803 1424 Tcpip - ok
    13:02:27.0928 1424 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
    13:02:27.0944 1424 TCPIP6 - ok
    13:02:28.0037 1424 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    13:02:28.0037 1424 tcpipreg - ok
    13:02:28.0068 1424 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    13:02:28.0068 1424 TDPIPE - ok
    13:02:28.0131 1424 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
    13:02:28.0131 1424 TDTCP - ok
    13:02:28.0178 1424 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    13:02:28.0178 1424 tdx - ok
    13:02:28.0240 1424 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    13:02:28.0240 1424 TermDD - ok
    13:02:28.0365 1424 TICalc (0dabaa63799b0bf20f95c73ce5d9ca87) C:\windows\system32\drivers\TICalc.sys
    13:02:28.0365 1424 TICalc - ok
    13:02:28.0490 1424 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    13:02:28.0490 1424 tssecsrv - ok
    13:02:28.0583 1424 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    13:02:28.0583 1424 tunnel - ok
    13:02:28.0646 1424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    13:02:28.0646 1424 uagp35 - ok
    13:02:28.0708 1424 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
    13:02:28.0708 1424 udfs - ok
    13:02:28.0770 1424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    13:02:28.0770 1424 uliagpkx - ok
    13:02:28.0848 1424 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    13:02:28.0848 1424 umbus - ok
    13:02:28.0880 1424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    13:02:28.0880 1424 UmPass - ok
    13:02:28.0989 1424 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
    13:02:28.0989 1424 usbccgp - ok
    13:02:29.0036 1424 USBCCID - ok
    13:02:29.0098 1424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    13:02:29.0098 1424 usbcir - ok
    13:02:29.0176 1424 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
    13:02:29.0176 1424 usbehci - ok
    13:02:29.0270 1424 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
    13:02:29.0285 1424 usbhub - ok
    13:02:29.0348 1424 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
    13:02:29.0348 1424 usbohci - ok
    13:02:29.0457 1424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    13:02:29.0457 1424 usbprint - ok
    13:02:29.0535 1424 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
    13:02:29.0535 1424 USBSTOR - ok
    13:02:29.0566 1424 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
    13:02:29.0566 1424 usbuhci - ok
    13:02:29.0691 1424 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
    13:02:29.0691 1424 usbvideo - ok
    13:02:29.0738 1424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    13:02:29.0738 1424 vdrvroot - ok
    13:02:29.0847 1424 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    13:02:29.0847 1424 vga - ok
    13:02:29.0894 1424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    13:02:29.0894 1424 VgaSave - ok
    13:02:29.0972 1424 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    13:02:29.0972 1424 vhdmp - ok
    13:02:30.0034 1424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    13:02:30.0034 1424 viaagp - ok
    13:02:30.0096 1424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    13:02:30.0096 1424 ViaC7 - ok
    13:02:30.0143 1424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    13:02:30.0143 1424 viaide - ok
    13:02:30.0190 1424 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    13:02:30.0190 1424 volmgr - ok
    13:02:30.0252 1424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    13:02:30.0252 1424 volmgrx - ok
    13:02:30.0315 1424 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    13:02:30.0330 1424 volsnap - ok
    13:02:30.0440 1424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    13:02:30.0440 1424 vsmraid - ok
    13:02:30.0518 1424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    13:02:30.0518 1424 vwifibus - ok
    13:02:30.0611 1424 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    13:02:30.0611 1424 vwififlt - ok
    13:02:30.0658 1424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    13:02:30.0658 1424 WacomPen - ok
    13:02:30.0752 1424 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    13:02:30.0752 1424 WANARP - ok
    13:02:30.0767 1424 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    13:02:30.0767 1424 Wanarpv6 - ok
    13:02:30.0892 1424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    13:02:30.0892 1424 Wd - ok
    13:02:30.0986 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    13:02:30.0986 1424 Wdf01000 - ok
    13:02:31.0110 1424 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
    13:02:31.0110 1424 wdmirror - ok
    13:02:31.0220 1424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    13:02:31.0220 1424 WfpLwf - ok
    13:02:31.0282 1424 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
    13:02:31.0282 1424 WimFltr - ok
    13:02:31.0344 1424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    13:02:31.0344 1424 WIMMount - ok
    13:02:31.0485 1424 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
    13:02:31.0485 1424 WinUsb - ok
    13:02:31.0563 1424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    13:02:31.0563 1424 WmiAcpi - ok
    13:02:31.0703 1424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    13:02:31.0703 1424 ws2ifsl - ok
    13:02:31.0766 1424 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
    13:02:31.0766 1424 wsvd - ok
    13:02:31.0844 1424 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    13:02:31.0844 1424 WudfPf - ok
    13:02:31.0937 1424 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
    13:02:31.0937 1424 WUDFRd - ok
    13:02:31.0984 1424 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    13:02:31.0984 1424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    13:02:31.0984 1424 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    13:02:32.0000 1424 Boot (0x1200) (e6e6769161a62cd25275a00ecf6f34a2) \Device\Harddisk0\DR0\Partition0
    13:02:32.0000 1424 \Device\Harddisk0\DR0\Partition0 - ok
    13:02:32.0015 1424 Boot (0x1200) (3d705971e7c0b87a6eb5e46de300c4da) \Device\Harddisk0\DR0\Partition1
    13:02:32.0015 1424 \Device\Harddisk0\DR0\Partition1 - ok
    13:02:32.0031 1424 Boot (0x1200) (8eb76115317b6f406c5dc758358da6b6) \Device\Harddisk0\DR0\Partition2
    13:02:32.0031 1424 \Device\Harddisk0\DR0\Partition2 - ok
    13:02:32.0031 1424 ============================================================
    13:02:32.0031 1424 Scan finished
    13:02:32.0031 1424 ============================================================
    13:02:32.0046 2036 Detected object count: 1
    13:02:32.0046 2036 Actual detected object count: 1
    13:03:04.0416 2036 \Device\Harddisk0\DR0\# - copied to quarantine
    13:03:04.0416 2036 \Device\Harddisk0\DR0 - copied to quarantine
    13:03:04.0448 2036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    13:03:04.0463 2036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    13:03:04.0479 2036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    13:03:04.0494 2036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    13:03:04.0494 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    13:03:04.0494 2036 \Device\Harddisk0\DR0 - ok
    13:03:04.0526 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    13:03:15.0882 1612 Deinitialize success
     
  20. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    I assume it booted fine to normal mode?

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  21. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    Malwarebytes

    My new malwarebytes download will not finish installing. It says "access denied" at the very end. I do have an older version (the mbam.exe file does not have the MWB icon associated with it, but i clicked and it ran. I updated the database, ran the quick scan, restarted (successfully in normal mode) and here is the log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.22.03

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Sullivan :: SULLIVAN-PC [administrator]

    2/22/2012 1:39:43 PM
    mbam-log-2012-02-22 (13-39-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194635
    Time elapsed: 9 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\config\systemprofile\AppData\Roaming\E89DF\D66E8.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

    (end)


    Thanks,

    SJ
     
  22. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Good :)
    Go on....
     
  23. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    aswMBR log - Thanks

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-22 14:20:03
    -----------------------------
    14:20:03.463 OS Version: Windows 6.1.7600
    14:20:03.463 Number of processors: 2 586 0x170A
    14:20:03.467 ComputerName: SULLIVAN-PC UserName: Sullivan
    14:20:12.804 Initialize success
    14:20:14.007 AVAST engine defs: 12022200
    14:20:30.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:20:30.316 Disk 0 Vendor: FUJITSU_ 0084 Size: 238475MB BusType: 3
    14:20:30.350 Disk 0 MBR read successfully
    14:20:30.353 Disk 0 MBR scan
    14:20:30.357 Disk 0 Windows 7 default MBR code
    14:20:30.370 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
    14:20:30.386 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 192191 MB offset 411648
    14:20:30.390 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 394021568
    14:20:30.421 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 457454272
    14:20:30.452 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 394023616
    14:20:30.463 Disk 0 scanning sectors +488397168
    14:20:30.757 Disk 0 scanning C:\windows\system32\drivers
    14:20:47.312 Service scanning
    14:21:24.507 Modules scanning
    14:21:39.162 Disk 0 trace - called modules:
    14:21:39.184 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys
    14:21:39.191 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87057760]
    14:21:39.198 3 CLASSPNP.SYS[8ba0459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86262028]
    14:21:40.087 AVAST engine scan C:\windows
    14:21:48.700 AVAST engine scan C:\windows\system32
    14:26:33.811 AVAST engine scan C:\windows\system32\drivers
    14:26:47.080 AVAST engine scan C:\Users\Sullivan
    14:54:17.984 AVAST engine scan C:\ProgramData
    14:58:56.153 Scan finished successfully
    15:21:16.360 Disk 0 MBR has been saved successfully to "C:\Users\Sullivan\Desktop\MBR.dat"
    15:21:16.375 The log file has been saved successfully to "C:\Users\Sullivan\Desktop\aswMBR.txt"
     
  24. Broni

    Broni Malware Annihilator Posts: 48,054   +272

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. SCnative

    SCnative TS Rookie Topic Starter Posts: 20

    I will be out of town ...

    and away from my computer until Saturday. I will then pick it back up and continue these processes and post those logs.

    I am, again, much appreciative for all the help and I will update you this weekend. You are a very knowledgeable, kind person.

    SJ
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.