1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer trashed by S.M.A.R.T. Data Recovery

Discussion in 'Virus & Other Malware Removal' started by PJL, May 18, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Introduction
    My niece apparently fell victim to a fake AV program on March 28, since the that's the date her calendar was stuck on and all directory entries end on that date. I believe that she then was hoodwinked into using the fake data recovery program. Unfortunately, she failed to mention the problem until this Monday, so I'm way behind on trying to fix it. I managed to clear up a few things by using Ad-aware, Spybot S&D and Housecall before running HijackThis. All of those programs were utilized by downloading them onto a DVD onto my laptop and running them from the DVD, which then was completely wiped clean by her computer. While I haven't yet tried this procedure to run the other programs listed in Read This First, I have a preliminary question:
    As I shut down her computer for the last time, I noted that her D: directory is called "Data" and is almost full, apparently with gaming stuff. Do I need to do a separate repeat of all the programs on that drive?

    Thanks for any answer you could provide to the above question while I'm downloading and, I hope, running the other programs.
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi PJL and welcome to TSG, my name is Mark and I will be helping you.

    You only need to run the scans as per the instructions.

    Does the infected PC have a working internet connection?

    Have all the important files on the system been backed up, if not please follow this:


     
  3. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Thank you for your answer, Mark. I probably understated the extent of the problem in my first message. The screen is totally black and the Start/Program Files show no information. While I might be able to reach the internet or back-up the files, I think the only way I could perform these tasks wold be through MS-DOS commands and I haven't used those in over 30 years.

    However, by switcihng back and forth between my working computer and my niece's infected version,
    I have managed to get the information you need.

    First, the system information from the System Info program:
    Next, here's the the HijackThis results:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:30:30 PM, on 3/28/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\PLFSetI.exe
    C:\Users\Laura\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AD-AWA~1\AdAware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\ProgramFiles\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 93.113.196.124 www.google.com
    O1 - Hosts: 93.113.196.125 www.bing.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
    O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SanctionedMedia] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer
    O4 - HKCU\..\Run: [Adobe] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [edcefafaceccdfdct] "C:\ProgramData\edcefafaceccdfdct.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SanctionedMedia] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Adobe] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10421 bytes
    I believe that the two 04 items referinng to [sanctioned media]
    and tp "pigpew" are not legitimate, because every time one tries
    to start C:,the are listed as "Access Denied"

    Finally, here are the DDS.text and Attach.tts files. I did not run GMER, since this is a 64-bit gaming computer.

    DDS>txt

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
    Run by Laura at 20:16:10 on 2012-03-28

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1783 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\PLFSetI.exe
    C:\Users\Laura\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AD-AWA~1\AdAware.exe
    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4530
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [SanctionedMedia] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\temp\sanctionedmedia\rulgejmj.dll",DllRegisterServer
    uRun: [Adobe] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\temp\adobe\pigpew.dll",DllRegisterServer
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\SBRC.exe"
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    dRun: [edcefafaceccdfdct] "c:\programdata\edcefafaceccdfdct.exe"
    dRun: [SanctionedMedia] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\temp\sanctionedmedia\rulgejmj.dll",DllRegisterServer
    dRun: [Adobe] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\temp\adobe\pigpew.dll",DllRegisterServer
    StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    TCP: Interfaces\{C45E3F37-A4A2-4EC6-B0DA-D21D750A7935} : DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL
    Hosts: 93.113.196.124 www.google.com
    Hosts: 93.113.196.125 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\7ml8dt1t.default\
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\users\laura\appdata\roaming\mozilla\firefox\profiles\7ml8dt1t.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.brc, BRI/1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-3-25 223864]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-18 2253120]
    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-10-10 210432]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-3-25 94584]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-3-25 93816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-25 1153368]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-9 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 135664]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-3-25 94584]
    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-26 22:24:08 388096 ----a-r- c:\users\laura\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-03-26 22:24:07 -------- dc----w- C:\ProgramFiles
    2012-03-26 11:07:05 14664 ---ha-w- c:\windows\stinger.sys
    2012-03-26 11:06:40 159608 ---ha-w- c:\windows\system32\mfevtps.exe.07f5.deleteme
    2012-03-26 11:02:10 -------- d-----w- c:\program files\stinger
    2012-03-26 00:32:45 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
    2012-03-26 00:32:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-03-25 23:59:03 -------- d--h--w- c:\users\laura\appdata\local\adaware
    2012-03-25 23:58:42 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-03-25 23:57:57 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-03-25 23:57:56 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-03-25 23:57:52 -------- d-----w- c:\windows\system32\drivers\VDD
    2012-03-25 23:57:51 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2012-03-25 23:57:24 -------- d--h--w- c:\users\laura\appdata\local\adawarebp
    2012-03-25 23:57:22 -------- d--h--w- c:\programdata\Ad-Aware Browsing Protection
    2012-03-25 23:57:09 -------- d-----w- c:\program files\Toolbar Cleaner
    2012-03-25 23:56:46 -------- d-----w- c:\program files\adawaretb
    2012-03-25 23:55:39 -------- d--h--w- c:\users\laura\appdata\roaming\Ad-Aware Antivirus
    2012-03-25 23:52:27 250880 ---ha-w- c:\programdata\h6uNCcOMeZeaK7.exe
    2012-03-25 23:48:24 102400 ---ha-w- c:\windows\RegBootClean.exe
    2012-03-25 21:33:56 766816 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    .
    ==================== Find3M ====================
    .
    2012-03-28 00:30:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-19 20:59:48 309876581 ---ha-w- c:\windows\DUMP61dd.tmp
    .
    ============= FINISH: 20:18:35.30 ===============


    ATTACH.txt
    (sorry, but 7.zip wants to hide right now
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista&#8482; Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/1/2008 10:38:17 AM System Uptime: 3/28/2012 8:12:35 PM (0 hours ago) . Motherboard: Acer, Inc. | | Grasmoor Processor: AMD Athlon(tm) X2 Dual-Core QL-60 | Socket M2/S1G1 | 1900/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 70 GiB total, 0.595 GiB free. D: is FIXED (NTFS) - 70 GiB total, 19.592 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acer Assist Acer Crystal Eye Webcam 2.0.9.1 Acer GridVista Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Ad-Aware Antivirus Ad-Aware Browsing Protection Ad-Aware Security Toolbar Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.3 Adobe Shockwave Player 11.5 Allods Online 2.0.04.49 Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Bandisoft MPEG-1 Decoder Bastion Bing Bar Bing Bar Platform Bing Rewards Client Installer Bonjour Coupon Printer for Windows Dungeons of Dredmor Google Desktop Google Update Helper Guild Wars HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photo Creations HP Photosmart Plus B210 series Basic Device Software HP Photosmart Plus B210 series Help HP Photosmart Plus B210 series Product Improvement Study HP Update iTunes Java Auto Updater Java(TM) 6 Update 26 Java(TM) 6 Update 7 K-Lite Codec Pack 7.0.0 (Standard) Launch Manager LightScribe 1.4.142.1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Default Manager Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mobile Broadband Generic Drivers Mozilla Firefox (3.0.19) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTI Backup Now 5 NTI Backup Now Standard NVIDIA Control Panel 285.62 NVIDIA Drivers NVIDIA Graphics Driver 285.62 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 260.99 NVIDIA Update 1.5.20 NVIDIA Update Components OpenOffice.org 3.0 Pando Media Booster PhotoNow! QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy Steam Synaptics Pointing Device Driver System Requirements Lab Terraria The Elder Scrolls V: Skyrim Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Ventrilo Client WD SmartWare WinRAR 4.01 (32-bit) World of Warcraft World of Warcraft Public Test Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 3/28/2012 7:16:33 PM, Error: EventLog [6008] - The previous system shutdown at 7:14:49 PM on 3/28/2012 was unexpected. 3/28/2012 10:56:52 AM, Error: EventLog [6008] - The previous system shutdown at 9:25:05 PM on 3/27/2012 was unexpected. 3/27/2012 8:45:25 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411249 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.17:123) is working properly. 3/27/2012 8:30:03 PM, Error: EventLog [6008] - The previous system shutdown at 8:27:29 PM on 3/27/2012 was unexpected. 3/27/2012 8:18:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:15:55 PM on 3/27/2012 was unexpected. 3/27/2012 8:12:38 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411248 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.17:123) is working properly. 3/27/2012 8:11:55 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:10 PM on 3/27/2012 was unexpected. 3/27/2012 7:39:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:37:43 PM on 3/27/2012 was unexpected. 3/27/2012 7:09:06 PM, Error: EventLog [6008] - The previous system shutdown at 7:07:36 PM on 3/27/2012 was unexpected. 3/26/2012 7:55:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SbFw Smb spldr Tcpip tdx Wanarpv6 3/26/2012 7:54:37 AM, Error: EventLog [6008] - The previous system shutdown at 7:51:09 AM on 3/26/2012 was unexpected. 3/26/2012 7:13:27 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411249 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working properly. 3/26/2012 6:58:09 AM, Error: EventLog [6008] - The previous system shutdown at 9:39:45 PM on 3/25/2012 was unexpected. 3/26/2012 6:14:34 PM, Error: Service Control Manager [7023] - The Vpnva service terminated with the following error: The specified module could not be found. 3/26/2012 2:14:14 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411250 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.24:123) is working properly. 3/26/2012 2:04:42 PM, Error: Service Control Manager [7023] - The PTproct service terminated with the following error: The specified module could not be found. 3/26/2012 2:03:41 PM, Error: Service Control Manager [7023] - The Se2Cunic service terminated with the following error: The specified module could not be found. 3/26/2012 2:02:37 PM, Error: Service Control Manager [7023] - The Id2scaps service terminated with the following error: The specified module could not be found. 3/26/2012 2:01:35 PM, Error: Service Control Manager [7023] - The Nimcdldu service terminated with the following error: The specified module could not be found. 3/26/2012 12:51:09 PM, Error: Service Control Manager [7023] - The Srservice service terminated with the following error: The specified module could not be found. 3/26/2012 1:59:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:56:15 PM on 3/26/2012 was unexpected. 3/26/2012 1:05:04 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411249 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly. 3/25/2012 9:32:57 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411249 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.23:123) is working properly. 3/25/2012 9:20:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 3/25/2012 9:20:43 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2012 9:18:56 PM, Error: Service Control Manager [7023] - The Contentindex service terminated with the following error: The specified module could not be found. 3/25/2012 9:18:56 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process. 3/25/2012 9:17:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:15:13 PM on 3/25/2012 was unexpected. 3/25/2012 8:36:24 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411248 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly. 3/25/2012 8:10:51 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper. 3/25/2012 8:06:35 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411248 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working properly. 3/25/2012 7:53:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 3/25/2012 7:53:25 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2012 7:52:45 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 3/25/2012 7:36:00 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411248 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working properly. 3/25/2012 7:27:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 3/25/2012 7:20:48 PM, Error: EventLog [6008] - The previous system shutdown at 7:14:05 PM on 3/25/2012 was unexpected. 3/25/2012 7:09:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 3/25/2012 7:09:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/25/2012 7:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/25/2012 7:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/25/2012 7:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/25/2012 7:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 3/25/2012 7:08:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/25/2012 7:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/25/2012 7:08:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:08:33 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/25/2012 7:07:23 PM, Error: EventLog [6008] - The previous system shutdown at 5:41:14 PM on 3/25/2012 was unexpected. 3/25/2012 5:24:43 PM, Error: EventLog [6008] - The previous system shutdown at 8:34:54 PM on 3/21/2012 was unexpected. 3/21/2012 7:11:06 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411252 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.17:123) is working properly. 3/21/2012 6:55:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:54:32 PM on 3/21/2012 was unexpected. 3/21/2012 5:53:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 3/21/2012 5:53:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 3/21/2012 3:36:45 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +4411250 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working properly. 3/21/2012 3:22:49 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/21/2012 3:22:49 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/21/2012 3:22:49 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/21/2012 3:22:49 AM, Error: Service Control Manager [7000] - The Spooler service failed to start due to the following error: The system cannot find the file specified. 3/21/2012 3:22:49 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/21/2012 3:21:42 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126 . ==== End Of File ===========================

































    t





    i
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    We need to run Malwarebytes on the infected PC, please follow these instructions. After the scan has been run and the system rebooted, see if there is any improvement in its performance, see if it will connect to the internet and report back. The system is infected and very much out of date so there will be more to do even if Malwarebytes gets it working again. Ad-Aware and Spybot are no longer recommended as good security software so they will also need to be replaced, I'll give instructions for this later.

    Let me know if there are any problems encountered and any error messages you receive.


    Installing and running Malwarebytes with no internet connection


    STEP 1
    • Using a working PC with an internet connection click on both of these two links to download Malwarebytes and MBAM Rules.exe and save both to the desktop. Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Copy both to a memory stick or a rewritable CD/DVD (a writable CD/DVD will be fine if you have nothing else).
    • Put the memory stick or disc into the infected PC and copy the files onto the desktop.
    • Double click on the Malwarebytes file to install it. Near the end of the installation uncheck the boxes to Update Malwarebytes Anti-Malware and to Launch Malwarebytes Anti-Malware
    • Once installed double click on MBAM Rules.exe file to update the program.
    STEP 2
    • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Double click on the Malwarebytes icon [​IMG] (Decline the offer of the full trial version).
    • Perform Quick Scan should already appear as selected, click on the Scan button and let it run.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy the log and transfer it to the PC with internet connection, open the log in Notepad then copy and paste it into your next post. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    NOTE: Some types of malware will target Malwarebytes and may stop it from running. If that's the case, follow the instructions in this link on the working PC to use Malwarebytes Chameleon.
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    I forgot to add, if you need to back up any important data follow the instructions I gave in post 2 and use the last option which uses an Ubuntu live CD, this will run in dos and should give access to the files you may wish to save.
     
  6. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    ======================

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.21.02

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    Laura :: INAC [administrator]

    3/31/2012 2:34:50 PM
    mbam-log-2012-03-31 (15-02-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214541
    Time elapsed: 8 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SanctionedMedia (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer -> No action taken.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SanctionedMedia (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer -> No action taken.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

    Registry Data Items Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 19
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll (Trojan.Happili.XGen) -> No action taken.
    C:\ProgramData\h6uNCcOMeZeaK7.exe (Rogue.FakeAV) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\ooawh.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\Temp\0.044558822435540546 (Trojan.Happili) -> No action taken.
    C:\Windows\Temp\0.13488998419135512 (Trojan.Happili) -> No action taken.
    C:\Windows\Temp\0.41624833408118644 (Trojan.Happili) -> No action taken.
    C:\Windows\Temp\0.4841467003257599 (Trojan.Happili) -> No action taken.
    C:\Windows\Temp\0.6046062653884048 (Trojan.Happili) -> No action taken.
    C:\Windows\Temp\5.070198365187197E8.tmp (Trojan.FakeMS) -> No action taken.
    C:\Windows\Temp\hwkfwismsweq.exe (Trojan.Cleaman) -> No action taken.
    C:\Windows\Temp\tuqhrjcxhxmswqztsvpu.exe (Trojan.Cleaman) -> No action taken.
    C:\Windows\Temp\cqyfbpgdmawpcemccgfdhsfkf.exe (Trojan.Cleaman) -> No action taken.
    C:\Windows\Temp\xmncsdiibgqcwedc.exe (Rootkit.TDSS) -> No action taken.
    C:\Windows\Temp\nsa3776.tmp\ynvul.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\Temp\nscE7A2.tmp\ooawh.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\Temp\nscE7A2.tmp\rulgejmj.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\Temp\nsqF104.tmp\wfibwnka.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\Temp\nsw6A10.tmp\pigpew.dll (Trojan.Happili.XGen) -> No action taken.

    (end)
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, a lot of those detections are in Temprary folders so lets clean out all the temporary files following the guide below, then run Malwarebytes again and we will see what we are left to deal with. There is also a TDSS Rootkit detected so please also run TDSSKiller.

    Step 1
    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

    Step 2
    Re-run Malwarebytes and post the log.

    Step 3
    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

    Be sure to print out and follow the instructions for performing a scan.
    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
    • When the program opens, click the Change parameters.
      [​IMG]
    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
      [​IMG]
    • Click the Start Scan button.
      [​IMG]
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.
      [​IMG]
    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
      [​IMG]
    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
    • Copy and paste the contents of that file in your next reply.
    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Are you still with us PJL?
    If you no longer require assistance then please let me know so I can move on to helping others that are waiting.
    If you require more time, due to other commitments, then please tell me.
    If you are having difficulty with the instructions then please tell me so I can help guide you through them.
     
  9. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Sorry I didn't get the message you had replied. Looks like a bunch to do. Will do as soon as possble and report results.

    TX, PJL
     
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
  11. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Okay, Mark. here's the latest log from Malware Bytes. I'm off to rendezvous with Kaspersky's Killer:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.21.02

    Windows Vista Service Pack 1 x86 UDF
    Internet Explorer 7.0.6001.18000
    Laura :: INAC [administrator]

    4/5/2012 5:53:26 PM
    mbam-log-2012-04-05 (18-18-39)

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212306
    Time elapsed: 6 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SanctionedMedia (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer -> No action taken.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SanctionedMedia (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll",DllRegisterServer -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer -> No action taken.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll",DllRegisterServer -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

    Registry Data Items Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\apq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\rulgejmj.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\Adobe\pigpew.dll (Trojan.Happili.XGen) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Temp\SanctionedMedia\ooawh.dll (Trojan.Happili.XGen) -> No action taken.

    (end)
     
  12. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Finally, I have the results from the TDSSKiller. It took a while since I didn't notice that the Report button up in the top left corner and had to pull out my MS DOS cheat sheet (it's on Wikipedia) in order to find the report and move it to my DVD so that I could change computers and send this to you. Despite all that we've done so far, the screen remains virtually blank as does the whole start bar, including the Program files. The only changes are that some of the programs I've installed are now listed in one or both of those locations.

    As to the blank Program Files, there's one thing that I may not have mentioned earlier. After the two suspicious "Access Denied" messages, there appears a box that has text arranged somewhat like this:
    -----------------------------------------

    System Startup
    Global Entry nYdUInRnEpi.exe
    __________________________________
    Old Data: C:\Programdata\nYdUInRnEpi.exe
    -------------------------------------------
    Anyway, here's the Killer Message (note that the date and time are advancing but they still cannot be manually corrected):

    19:09:52.0334 3740 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    19:09:52.0380 3740 ============================================================
    19:09:52.0380 3740 Current date / time: 2012/04/05 19:09:52.0380
    19:09:52.0380 3740 SystemInfo:
    19:09:52.0380 3740
    19:09:52.0380 3740 OS Version: 6.0.6001 ServicePack: 1.0
    19:09:52.0380 3740 Product type: Workstation
    19:09:52.0380 3740 ComputerName: INAC
    19:09:52.0381 3740 UserName: Laura
    19:09:52.0381 3740 Windows directory: C:\Windows
    19:09:52.0381 3740 System windows directory: C:\Windows
    19:09:52.0381 3740 Processor architecture: Intel x86
    19:09:52.0381 3740 Number of processors: 2
    19:09:52.0381 3740 Page size: 0x1000
    19:09:52.0381 3740 Boot type: Normal boot
    19:09:52.0381 3740 ============================================================
    19:09:53.0905 3740 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:09:53.0909 3740 ============================================================
    19:09:53.0909 3740 \Device\Harddisk0\DR0:
    19:09:53.0909 3740 MBR partitions:
    19:09:53.0909 3740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x8B0C000
    19:09:53.0909 3740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0C800, BlocksNum 0x8B0C800
    19:09:53.0909 3740 ============================================================
    19:09:53.0941 3740 C: <-> \Device\Harddisk0\DR0\Partition0
    19:09:54.0002 3740 D: <-> \Device\Harddisk0\DR0\Partition1
    19:09:54.0002 3740 ============================================================
    19:09:54.0002 3740 Initialize success
    19:09:54.0003 3740 ============================================================
    19:10:33.0432 2600 ============================================================
    19:10:33.0432 2600 Scan started
    19:10:33.0432 2600 Mode: Manual; SigCheck; TDLFS;
    19:10:33.0432 2600 ============================================================
    19:10:34.0144 2600 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    19:10:34.0282 2600 ACPI - ok
    19:10:34.0651 2600 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    19:10:34.0720 2600 Ad-Aware Service - ok
    19:10:34.0927 2600 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    19:10:34.0992 2600 adp94xx - ok
    19:10:35.0050 2600 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    19:10:35.0111 2600 adpahci - ok
    19:10:35.0132 2600 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    19:10:35.0151 2600 adpu160m - ok
    19:10:35.0198 2600 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    19:10:35.0220 2600 adpu320 - ok
    19:10:35.0265 2600 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    19:10:35.0299 2600 AeLookupSvc - ok
    19:10:35.0365 2600 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    19:10:35.0441 2600 AFD - ok
    19:10:35.0478 2600 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    19:10:35.0495 2600 agp440 - ok
    19:10:35.0520 2600 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    19:10:35.0552 2600 aic78xx - ok
    19:10:35.0576 2600 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    19:10:35.0617 2600 ALG - ok
    19:10:35.0638 2600 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    19:10:35.0672 2600 aliide - ok
    19:10:35.0700 2600 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    19:10:35.0715 2600 amdagp - ok
    19:10:35.0740 2600 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    19:10:35.0753 2600 amdide - ok
    19:10:35.0778 2600 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    19:10:35.0820 2600 AmdK7 - ok
    19:10:35.0849 2600 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    19:10:35.0906 2600 AmdK8 - ok
    19:10:35.0947 2600 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    19:10:35.0965 2600 Appinfo - ok
    19:10:36.0100 2600 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:10:36.0115 2600 Apple Mobile Device - ok
    19:10:36.0142 2600 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    19:10:36.0173 2600 arc - ok
    19:10:36.0202 2600 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    19:10:36.0219 2600 arcsas - ok
    19:10:36.0324 2600 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    19:10:36.0339 2600 aspnet_state - ok
    19:10:36.0391 2600 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:10:36.0427 2600 AsyncMac - ok
    19:10:36.0453 2600 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    19:10:36.0465 2600 atapi - ok
    19:10:36.0557 2600 athr (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys
    19:10:36.0663 2600 athr - ok
    19:10:36.0734 2600 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    19:10:36.0776 2600 AudioEndpointBuilder - ok
    19:10:36.0790 2600 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    19:10:36.0837 2600 Audiosrv - ok
    19:10:37.0023 2600 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:10:37.0062 2600 b57nd60x - ok
    19:10:37.0087 2600 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    19:10:37.0123 2600 Beep - ok
    19:10:37.0232 2600 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
    19:10:37.0283 2600 BITS - ok
    19:10:37.0308 2600 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    19:10:37.0344 2600 blbdrive - ok
    19:10:37.0496 2600 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    19:10:37.0522 2600 Bonjour Service - ok
    19:10:37.0565 2600 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    19:10:37.0610 2600 bowser - ok
    19:10:37.0646 2600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    19:10:37.0678 2600 BrFiltLo - ok
    19:10:37.0694 2600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    19:10:37.0727 2600 BrFiltUp - ok
    19:10:37.0781 2600 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    19:10:37.0819 2600 Browser - ok
    19:10:37.0854 2600 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    19:10:38.0054 2600 Brserid - ok
    19:10:38.0080 2600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    19:10:38.0146 2600 BrSerWdm - ok
    19:10:38.0168 2600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    19:10:38.0236 2600 BrUsbMdm - ok
    19:10:38.0247 2600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    19:10:38.0306 2600 BrUsbSer - ok
    19:10:38.0338 2600 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    19:10:38.0413 2600 BTHMODEM - ok
    19:10:38.0462 2600 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    19:10:38.0472 2600 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
    19:10:38.0472 2600 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
    19:10:38.0497 2600 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:10:38.0536 2600 cdfs - ok
    19:10:38.0561 2600 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    19:10:38.0599 2600 cdrom - ok
    19:10:38.0666 2600 cdudf_xp - ok
    19:10:38.0691 2600 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    19:10:38.0723 2600 CertPropSvc - ok
    19:10:38.0747 2600 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    19:10:38.0796 2600 circlass - ok
    19:10:38.0838 2600 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    19:10:38.0883 2600 CLFS - ok
    19:10:38.0978 2600 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:10:38.0996 2600 clr_optimization_v2.0.50727_32 - ok
    19:10:39.0072 2600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:10:39.0101 2600 clr_optimization_v4.0.30319_32 - ok
    19:10:39.0131 2600 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:10:39.0170 2600 CmBatt - ok
    19:10:39.0184 2600 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    19:10:39.0200 2600 cmdide - ok
    19:10:39.0236 2600 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    19:10:39.0251 2600 Compbatt - ok
    19:10:39.0259 2600 COMSysApp - ok
    19:10:39.0278 2600 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    19:10:39.0293 2600 crcdisk - ok
    19:10:39.0314 2600 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    19:10:39.0359 2600 Crusoe - ok
    19:10:39.0403 2600 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    19:10:39.0438 2600 CryptSvc - ok
    19:10:39.0527 2600 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    19:10:39.0555 2600 DcomLaunch - ok
    19:10:39.0621 2600 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    19:10:39.0683 2600 DfsC - ok
    19:10:39.0878 2600 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    19:10:39.0968 2600 DFSR - ok
    19:10:40.0119 2600 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    19:10:40.0158 2600 Dhcp - ok
    19:10:40.0223 2600 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    19:10:40.0245 2600 disk - ok
    19:10:40.0271 2600 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    19:10:40.0475 2600 DKbFltr - ok
    19:10:40.0540 2600 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
    19:10:40.0570 2600 Dnscache - ok
    19:10:40.0626 2600 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    19:10:40.0678 2600 dot3svc - ok
    19:10:40.0703 2600 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    19:10:40.0738 2600 DPS - ok
    19:10:40.0750 2600 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    19:10:40.0781 2600 drmkaud - ok
    19:10:40.0878 2600 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    19:10:40.0934 2600 DXGKrnl - ok
    19:10:40.0987 2600 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:10:41.0035 2600 E1G60 - ok
    19:10:41.0055 2600 EagleXNt - ok
    19:10:41.0110 2600 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    19:10:41.0140 2600 EapHost - ok
    19:10:41.0189 2600 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    19:10:41.0216 2600 Ecache - ok
    19:10:41.0300 2600 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    19:10:41.0335 2600 ehRecvr - ok
    19:10:41.0373 2600 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    19:10:41.0404 2600 ehSched - ok
    19:10:41.0422 2600 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    19:10:41.0439 2600 ehstart - ok
    19:10:41.0490 2600 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    19:10:41.0525 2600 elxstor - ok
    19:10:41.0603 2600 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
    19:10:41.0651 2600 EMDMgmt - ok
    19:10:41.0666 2600 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    19:10:41.0705 2600 ErrDev - ok
    19:10:41.0774 2600 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
    19:10:41.0794 2600 EventSystem - ok
    19:10:41.0825 2600 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    19:10:41.0872 2600 exfat - ok
    19:10:41.0904 2600 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    19:10:41.0941 2600 fastfat - ok
    19:10:41.0960 2600 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    19:10:41.0995 2600 fdc - ok
    19:10:42.0025 2600 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    19:10:42.0060 2600 fdPHost - ok
    19:10:42.0067 2600 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    19:10:42.0133 2600 FDResPub - ok
    19:10:42.0168 2600 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    19:10:42.0183 2600 FileInfo - ok
    19:10:42.0210 2600 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    19:10:42.0245 2600 Filetrace - ok
    19:10:42.0378 2600 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    19:10:42.0429 2600 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    19:10:42.0429 2600 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    19:10:42.0461 2600 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:10:42.0496 2600 flpydisk - ok
    19:10:42.0536 2600 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    19:10:42.0555 2600 FltMgr - ok
    19:10:42.0652 2600 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:10:42.0665 2600 FontCache3.0.0.0 - ok
    19:10:42.0709 2600 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    19:10:42.0737 2600 Fs_Rec - ok
    19:10:42.0771 2600 ftpds - ok
    19:10:42.0802 2600 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    19:10:42.0819 2600 gagp30kx - ok
    19:10:42.0859 2600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:10:42.0870 2600 GEARAspiWDM - ok
    19:10:42.0927 2600 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    19:10:42.0937 2600 GoogleDesktopManager-051210-111108 - ok
    19:10:43.0019 2600 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    19:10:43.0068 2600 gpsvc - ok
    19:10:43.0137 2600 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:10:43.0148 2600 gupdate - ok
    19:10:43.0154 2600 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:10:43.0166 2600 gupdatem - ok
    19:10:43.0227 2600 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    19:10:43.0295 2600 HdAudAddService - ok
    19:10:43.0333 2600 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:10:43.0367 2600 HDAudBus - ok
    19:10:43.0396 2600 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    19:10:43.0586 2600 HidBth - ok
    19:10:43.0613 2600 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    19:10:43.0675 2600 HidIr - ok
    19:10:43.0726 2600 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
    19:10:43.0782 2600 hidserv - ok
    19:10:43.0877 2600 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    19:10:43.0911 2600 HidUsb - ok
    19:10:43.0956 2600 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    19:10:43.0991 2600 hkmsvc - ok
    19:10:44.0039 2600 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    19:10:44.0083 2600 HpCISSs - ok
    19:10:44.0124 2600 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    19:10:44.0184 2600 HSFHWAZL - ok
    19:10:44.0326 2600 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    19:10:44.0451 2600 HSF_DPV - ok
    19:10:44.0498 2600 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    19:10:44.0522 2600 HSXHWAZL - ok
    19:10:44.0600 2600 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    19:10:44.0678 2600 HTTP - ok
    19:10:44.0721 2600 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    19:10:44.0739 2600 i2omp - ok
    19:10:44.0760 2600 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:10:44.0789 2600 i8042prt - ok
    19:10:44.0855 2600 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    19:10:44.0880 2600 iaStorV - ok
    19:10:45.0044 2600 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:10:45.0123 2600 idsvc - ok
    19:10:45.0164 2600 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    19:10:45.0179 2600 iirsp - ok
    19:10:45.0247 2600 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
    19:10:45.0288 2600 IKEEXT - ok
    19:10:45.0490 2600 IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
    19:10:45.0628 2600 IntcAzAudAddService - ok
    19:10:45.0793 2600 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    19:10:45.0813 2600 intelide - ok
    19:10:45.0832 2600 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    19:10:45.0867 2600 intelppm - ok
    19:10:45.0940 2600 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    19:10:46.0007 2600 IPBusEnum - ok
    19:10:46.0025 2600 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:10:46.0063 2600 IpFilterDriver - ok
    19:10:46.0071 2600 IpInIp - ok
    19:10:46.0100 2600 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    19:10:46.0136 2600 IPMIDRV - ok
    19:10:46.0165 2600 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    19:10:46.0213 2600 IPNAT - ok
    19:10:46.0343 2600 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
    19:10:46.0377 2600 iPod Service - ok
    19:10:46.0420 2600 IPSECSHM - ok
    19:10:46.0469 2600 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    19:10:46.0505 2600 IRENUM - ok
    19:10:46.0535 2600 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    19:10:46.0550 2600 isapnp - ok
    19:10:46.0588 2600 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:10:46.0602 2600 iScsiPrt - ok
    19:10:46.0628 2600 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    19:10:46.0642 2600 iteatapi - ok
    19:10:46.0670 2600 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    19:10:46.0683 2600 iteraid - ok
    19:10:46.0706 2600 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:10:46.0722 2600 kbdclass - ok
    19:10:46.0743 2600 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:10:46.0777 2600 kbdhid - ok
    19:10:46.0818 2600 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    19:10:46.0853 2600 KeyIso - ok
    19:10:46.0912 2600 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    19:10:46.0954 2600 KSecDD - ok
    19:10:47.0027 2600 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    19:10:47.0071 2600 KtmRm - ok
    19:10:47.0125 2600 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
    19:10:47.0145 2600 LanmanServer - ok
    19:10:47.0201 2600 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
    19:10:47.0221 2600 LanmanWorkstation - ok
    19:10:47.0328 2600 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    19:10:47.0338 2600 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    19:10:47.0338 2600 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    19:10:47.0398 2600 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:10:47.0435 2600 lltdio - ok
    19:10:47.0489 2600 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    19:10:47.0530 2600 lltdsvc - ok
    19:10:47.0545 2600 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    19:10:47.0603 2600 lmhosts - ok
    19:10:47.0635 2600 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    19:10:47.0651 2600 LSI_FC - ok
    19:10:47.0679 2600 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    19:10:47.0705 2600 LSI_SAS - ok
    19:10:47.0732 2600 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    19:10:47.0759 2600 LSI_SCSI - ok
    19:10:47.0794 2600 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    19:10:47.0849 2600 luafv - ok
    19:10:47.0869 2600 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    19:10:47.0891 2600 Mcx2Svc - ok
    19:10:47.0903 2600 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    19:10:47.0923 2600 mdmxsdk - ok
    19:10:47.0948 2600 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    19:10:47.0962 2600 megasas - ok
    19:10:48.0008 2600 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    19:10:48.0039 2600 MegaSR - ok
    19:10:48.0062 2600 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:10:48.0102 2600 MMCSS - ok
    19:10:48.0155 2600 MobilityService - ok
    19:10:48.0178 2600 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    19:10:48.0210 2600 Modem - ok
    19:10:48.0233 2600 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    19:10:48.0267 2600 monitor - ok
    19:10:48.0295 2600 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    19:10:48.0309 2600 mouclass - ok
    19:10:48.0332 2600 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    19:10:48.0368 2600 mouhid - ok
    19:10:48.0398 2600 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    19:10:48.0412 2600 MountMgr - ok
    19:10:48.0439 2600 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    19:10:48.0468 2600 mpio - ok
    19:10:48.0499 2600 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    19:10:48.0529 2600 mpsdrv - ok
    19:10:48.0554 2600 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    19:10:48.0569 2600 Mraid35x - ok
    19:10:48.0601 2600 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    19:10:48.0651 2600 MRxDAV - ok
    19:10:48.0699 2600 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:10:48.0750 2600 mrxsmb - ok
    19:10:48.0798 2600 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:10:48.0838 2600 mrxsmb10 - ok
    19:10:48.0864 2600 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:10:48.0897 2600 mrxsmb20 - ok
    19:10:48.0923 2600 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    19:10:48.0940 2600 msahci - ok
    19:10:48.0962 2600 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    19:10:48.0989 2600 msdsm - ok
    19:10:49.0023 2600 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    19:10:49.0072 2600 MSDTC - ok
    19:10:49.0090 2600 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    19:10:49.0131 2600 Msfs - ok
    19:10:49.0150 2600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    19:10:49.0166 2600 msisadrv - ok
    19:10:49.0207 2600 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    19:10:49.0256 2600 MSiSCSI - ok
    19:10:49.0286 2600 msiserver - ok
    19:10:49.0309 2600 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    19:10:49.0350 2600 MSKSSRV - ok
    19:10:49.0370 2600 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:10:49.0405 2600 MSPCLOCK - ok
    19:10:49.0432 2600 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    19:10:49.0466 2600 MSPQM - ok
    19:10:49.0498 2600 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    19:10:49.0524 2600 MsRPC - ok
    19:10:49.0550 2600 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:10:49.0562 2600 mssmbios - ok
    19:10:49.0578 2600 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    19:10:49.0615 2600 MSTEE - ok
    19:10:49.0649 2600 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    19:10:49.0663 2600 Mup - ok
    19:10:49.0723 2600 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    19:10:49.0764 2600 napagent - ok
    19:10:49.0807 2600 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    19:10:49.0840 2600 NativeWifiP - ok
    19:10:49.0900 2600 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    19:10:49.0923 2600 NDIS - ok
    19:10:49.0945 2600 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:10:49.0974 2600 NdisTapi - ok
    19:10:49.0996 2600 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:10:50.0032 2600 Ndisuio - ok
    19:10:50.0059 2600 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:10:50.0108 2600 NdisWan - ok
    19:10:50.0136 2600 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    19:10:50.0165 2600 NDProxy - ok
    19:10:50.0216 2600 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    19:10:50.0253 2600 NetBIOS - ok
    19:10:50.0291 2600 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    19:10:50.0350 2600 netbt - ok
    19:10:50.0387 2600 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    19:10:50.0403 2600 Netlogon - ok
    19:10:50.0466 2600 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    19:10:50.0503 2600 Netman - ok
    19:10:50.0592 2600 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:10:50.0609 2600 NetMsmqActivator - ok
    19:10:50.0614 2600 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:10:50.0628 2600 NetPipeActivator - ok
    19:10:50.0665 2600 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    19:10:50.0702 2600 netprofm - ok
    19:10:50.0707 2600 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:10:50.0720 2600 NetTcpActivator - ok
    19:10:50.0730 2600 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:10:50.0743 2600 NetTcpPortSharing - ok
    19:10:50.0784 2600 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    19:10:50.0799 2600 nfrd960 - ok
    19:10:50.0836 2600 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    19:10:50.0873 2600 NlaSvc - ok
    19:10:50.0896 2600 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    19:10:50.0932 2600 Npfs - ok
    19:10:50.0970 2600 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    19:10:51.0003 2600 nsi - ok
    19:10:51.0030 2600 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    19:10:51.0064 2600 nsiproxy - ok
    19:10:51.0182 2600 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    19:10:51.0253 2600 Ntfs - ok
    19:10:51.0344 2600 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    19:10:51.0352 2600 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
    19:10:51.0352 2600 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
    19:10:51.0378 2600 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    19:10:51.0424 2600 NTIDrvr - ok
    19:10:51.0460 2600 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    19:10:51.0968 2600 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
    19:10:51.0968 2600 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
    19:10:52.0030 2600 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    19:10:52.0093 2600 ntrigdigi - ok
    19:10:52.0108 2600 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    19:10:52.0142 2600 Null - ok
    19:10:52.0982 2600 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:10:53.0394 2600 nvlddmkm - ok
    19:10:53.0649 2600 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    19:10:53.0676 2600 nvraid - ok
    19:10:53.0688 2600 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
    19:10:53.0715 2600 nvsmu - ok
    19:10:53.0746 2600 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    19:10:53.0760 2600 nvstor - ok
    19:10:53.0899 2600 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
    19:10:54.0111 2600 nvsvc - ok
    19:10:54.0458 2600 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    19:10:54.0618 2600 nvUpdatusService - ok
    19:10:54.0856 2600 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    19:10:54.0877 2600 nv_agp - ok
    19:10:54.0933 2600 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
    19:10:54.0951 2600 NWADI - ok
    19:10:54.0957 2600 NwlnkFlt - ok
    19:10:54.0970 2600 NwlnkFwd - ok
    19:10:54.0998 2600 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
    19:10:55.0017 2600 NWUSBCDFIL - ok
    19:10:55.0086 2600 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbmdm.sys
    19:10:55.0137 2600 NWUSBModem - ok
    19:10:55.0172 2600 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser.sys
    19:10:55.0212 2600 NWUSBPort - ok
    19:10:55.0287 2600 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser2.sys
    19:10:55.0370 2600 NWUSBPort2 - ok
    19:10:55.0453 2600 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    19:10:55.0512 2600 ohci1394 - ok
    19:10:55.0639 2600 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    19:10:55.0723 2600 p2pimsvc - ok
    19:10:55.0734 2600 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    19:10:55.0766 2600 p2psvc - ok
    19:10:55.0807 2600 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    19:10:55.0871 2600 Parport - ok
    19:10:55.0902 2600 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    19:10:55.0917 2600 partmgr - ok
    19:10:55.0948 2600 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    19:10:56.0020 2600 Parvdm - ok
    19:10:56.0058 2600 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    19:10:56.0077 2600 PcaSvc - ok
    19:10:56.0126 2600 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    19:10:56.0193 2600 pci - ok
    19:10:56.0232 2600 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    19:10:56.0264 2600 pciide - ok
    19:10:56.0307 2600 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    19:10:56.0332 2600 pcmcia - ok
    19:10:56.0450 2600 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    19:10:56.0572 2600 PEAUTH - ok
    19:10:56.0775 2600 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    19:10:56.0870 2600 pla - ok
    19:10:57.0120 2600 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    19:10:57.0158 2600 PlugPlay - ok
    19:10:57.0257 2600 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    19:10:57.0291 2600 PNRPAutoReg - ok
    19:10:57.0353 2600 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    19:10:57.0390 2600 PNRPsvc - ok
    19:10:57.0456 2600 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
    19:10:57.0480 2600 PolicyAgent - ok
    19:10:57.0540 2600 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    19:10:57.0576 2600 PptpMiniport - ok
    19:10:57.0621 2600 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    19:10:57.0656 2600 Processor - ok
    19:10:57.0710 2600 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    19:10:57.0747 2600 ProfSvc - ok
    19:10:57.0769 2600 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    19:10:57.0803 2600 ProtectedStorage - ok
    19:10:58.0011 2600 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
    19:10:58.0030 2600 ProtexisLicensing - ok
    19:10:58.0045 2600 proxyserverservice - ok
    19:10:58.0139 2600 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    19:10:58.0188 2600 PSched - ok
    19:10:58.0248 2600 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    19:10:58.0301 2600 PxHelp20 - ok
    19:11:00.0227 2600 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    19:11:00.0408 2600 ql2300 - ok
    19:11:00.0511 2600 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    19:11:00.0528 2600 ql40xx - ok
    19:11:00.0590 2600 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    19:11:00.0622 2600 QWAVE - ok
    19:11:00.0647 2600 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    19:11:00.0667 2600 QWAVEdrv - ok
    19:11:00.0687 2600 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    19:11:00.0725 2600 RasAcd - ok
    19:11:00.0750 2600 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    19:11:00.0799 2600 RasAuto - ok
    19:11:00.0834 2600 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:11:00.0870 2600 Rasl2tp - ok
    19:11:00.0913 2600 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
    19:11:00.0954 2600 RasMan - ok
    19:11:00.0986 2600 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:11:01.0022 2600 RasPppoe - ok
    19:11:01.0064 2600 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    19:11:01.0099 2600 RasSstp - ok
    19:11:01.0160 2600 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    19:11:01.0209 2600 rdbss - ok
    19:11:01.0236 2600 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:11:01.0271 2600 RDPCDD - ok
    19:11:01.0314 2600 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    19:11:01.0377 2600 rdpdr - ok
    19:11:01.0386 2600 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    19:11:01.0427 2600 RDPENCDD - ok
    19:11:01.0490 2600 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    19:11:01.0544 2600 RDPWD - ok
    19:11:01.0618 2600 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    19:11:01.0687 2600 RemoteAccess - ok
    19:11:01.0741 2600 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    19:11:01.0801 2600 RemoteRegistry - ok
    19:11:01.0849 2600 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    19:11:01.0871 2600 RpcLocator - ok
    19:11:01.0955 2600 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    19:11:01.0986 2600 RpcSs - ok
    19:11:02.0067 2600 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    19:11:02.0103 2600 rspndr - ok
    19:11:02.0117 2600 rsvp - ok
    19:11:02.0160 2600 RTSTOR (830b682cb24206f457ea8a617605209f) C:\Windows\system32\drivers\RTSTOR.SYS
    19:11:02.0199 2600 RTSTOR - ok
    19:11:02.0261 2600 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    19:11:02.0279 2600 SamSs - ok
    19:11:04.0664 2600 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    19:11:04.0859 2600 SBAMSvc - ok
    19:11:05.0067 2600 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
    19:11:05.0181 2600 sbapifs - ok
    19:11:05.0249 2600 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
    19:11:05.0360 2600 SbFw - ok
    19:11:05.0434 2600 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
    19:11:05.0498 2600 SBFWIMCL - ok
    19:11:05.0528 2600 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
    19:11:05.0577 2600 SBFWIMCLMP - ok
    19:11:05.0682 2600 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
    19:11:05.0743 2600 sbhips - ok
    19:11:05.0825 2600 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    19:11:05.0851 2600 sbp2port - ok
    19:11:05.0893 2600 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
    19:11:05.0957 2600 SBRE - ok
    19:11:06.0478 2600 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    19:11:06.0576 2600 SBSDWSCService - ok
    19:11:07.0219 2600 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
    19:11:07.0272 2600 sbwtis - ok
    19:11:07.0385 2600 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    19:11:07.0453 2600 SCardSvr - ok
    19:11:07.0542 2600 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
    19:11:07.0582 2600 Schedule - ok
    19:11:07.0666 2600 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    19:11:07.0700 2600 SCPolicySvc - ok
    19:11:07.0808 2600 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    19:11:07.0836 2600 SDRSVC - ok
    19:11:08.0012 2600 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    19:11:08.0034 2600 SeaPort - ok
    19:11:08.0127 2600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:11:08.0192 2600 secdrv - ok
    19:11:08.0267 2600 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    19:11:08.0301 2600 seclogon - ok
    19:11:08.0365 2600 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    19:11:08.0410 2600 SENS - ok
    19:11:08.0497 2600 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    19:11:08.0555 2600 Serenum - ok
    19:11:08.0590 2600 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    19:11:08.0675 2600 Serial - ok
    19:11:08.0708 2600 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    19:11:08.0744 2600 sermouse - ok
    19:11:08.0807 2600 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    19:11:08.0844 2600 SessionEnv - ok
    19:11:08.0872 2600 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    19:11:08.0902 2600 sffdisk - ok
    19:11:08.0947 2600 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    19:11:08.0984 2600 sffp_mmc - ok
    19:11:09.0005 2600 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    19:11:09.0046 2600 sffp_sd - ok
    19:11:09.0072 2600 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    19:11:09.0148 2600 sfloppy - ok
    19:11:09.0231 2600 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    19:11:09.0303 2600 SharedAccess - ok
    19:11:09.0365 2600 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
    19:11:09.0393 2600 ShellHWDetection - ok
    19:11:09.0433 2600 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    19:11:09.0449 2600 sisagp - ok
    19:11:09.0469 2600 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    19:11:09.0486 2600 SiSRaid2 - ok
    19:11:09.0511 2600 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    19:11:09.0551 2600 SiSRaid4 - ok
    19:11:09.0956 2600 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    19:11:10.0077 2600 slsvc - ok
    19:11:10.0529 2600 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    19:11:10.0568 2600 SLUINotify - ok
    19:11:10.0656 2600 Smb (788f295f36909b0c8cc214665cbbbe8f) C:\Windows\system32\DRIVERS\smb.sys
    19:11:10.0660 2600 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 788f295f36909b0c8cc214665cbbbe8f, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
    19:11:10.0661 2600 Smb ( Virus.Win32.ZAccess.k ) - infected
    19:11:10.0661 2600 Smb - detected Virus.Win32.ZAccess.k (0)
    19:11:10.0696 2600 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    19:11:10.0715 2600 SNMPTRAP - ok
    19:11:10.0757 2600 sony_ssm.sys - ok
    19:11:10.0779 2600 SPFDRV - ok
    19:11:10.0813 2600 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    19:11:10.0834 2600 spldr - ok
    19:11:10.0861 2600 Spooler - ok
    19:11:10.0920 2600 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    19:11:10.0981 2600 srv - ok
    19:11:11.0033 2600 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    19:11:11.0067 2600 srv2 - ok
    19:11:11.0113 2600 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    19:11:11.0135 2600 srvnet - ok
    19:11:11.0212 2600 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    19:11:11.0281 2600 SSDPSRV - ok
    19:11:11.0306 2600 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    19:11:11.0352 2600 SstpSvc - ok
    19:11:11.0556 2600 Steam Client Service - ok
    19:11:11.0579 2600 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    19:11:11.0611 2600 StillCam - ok
    19:11:11.0734 2600 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    19:11:11.0792 2600 stisvc - ok
    19:11:11.0812 2600 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    19:11:11.0830 2600 swenum - ok
    19:11:11.0910 2600 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    19:11:11.0974 2600 swprv - ok
    19:11:12.0015 2600 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    19:11:12.0030 2600 Symc8xx - ok
    19:11:12.0050 2600 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    19:11:12.0064 2600 Sym_hi - ok
    19:11:12.0083 2600 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    19:11:12.0100 2600 Sym_u3 - ok
    19:11:12.0137 2600 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
    19:11:12.0218 2600 SynTP - ok
    19:11:12.0336 2600 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    19:11:12.0384 2600 SysMain - ok
    19:11:12.0432 2600 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    19:11:12.0468 2600 TabletInputService - ok
    19:11:12.0508 2600 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    19:11:12.0547 2600 TapiSrv - ok
    19:11:12.0576 2600 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    19:11:12.0619 2600 TBS - ok
    19:11:12.0928 2600 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    19:11:13.0036 2600 Tcpip - ok
    19:11:13.0072 2600 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    19:11:13.0127 2600 Tcpip6 - ok
    19:11:13.0176 2600 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    19:11:13.0212 2600 tcpipreg - ok
    19:11:13.0232 2600 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    19:11:13.0269 2600 TDPIPE - ok
    19:11:13.0309 2600 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    19:11:13.0346 2600 TDTCP - ok
    19:11:13.0386 2600 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    19:11:13.0423 2600 tdx - ok
    19:11:13.0469 2600 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    19:11:13.0484 2600 TermDD - ok
    19:11:13.0563 2600 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    19:11:13.0608 2600 TermService - ok
    19:11:13.0665 2600 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
    19:11:13.0689 2600 Themes - ok
    19:11:13.0856 2600 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:11:13.0896 2600 THREADORDER - ok
    19:11:13.0987 2600 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    19:11:14.0025 2600 TrkWks - ok
    19:11:14.0153 2600 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    19:11:14.0196 2600 TrustedInstaller - ok
    19:11:14.0944 2600 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:11:15.0004 2600 tssecsrv - ok
    19:11:15.0602 2600 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    19:11:15.0644 2600 tunmp - ok
    19:11:15.0674 2600 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    19:11:15.0711 2600 tunnel - ok
    19:11:15.0748 2600 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    19:11:15.0797 2600 uagp35 - ok
    19:11:15.0844 2600 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    19:11:15.0978 2600 udfs - ok
    19:11:16.0063 2600 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    19:11:16.0101 2600 UI0Detect - ok
    19:11:16.0187 2600 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    19:11:16.0208 2600 uliagpkx - ok
    19:11:16.0253 2600 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    19:11:16.0278 2600 uliahci - ok
    19:11:16.0301 2600 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    19:11:16.0327 2600 UlSata - ok
    19:11:16.0347 2600 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    19:11:16.0374 2600 ulsata2 - ok
    19:11:16.0397 2600 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    19:11:16.0451 2600 umbus - ok
    19:11:16.0470 2600 upnp - ok
    19:11:16.0551 2600 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    19:11:16.0628 2600 upnphost - ok
    19:11:16.0674 2600 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    19:11:16.0703 2600 USBAAPL - ok
    19:11:16.0730 2600 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:11:16.0778 2600 usbccgp - ok
    19:11:16.0804 2600 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    19:11:16.0864 2600 usbcir - ok
    19:11:16.0888 2600 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    19:11:16.0933 2600 usbehci - ok
    19:11:16.0999 2600 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    19:11:17.0041 2600 usbhub - ok
    19:11:17.0056 2600 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    19:11:17.0103 2600 usbohci - ok
    19:11:17.0133 2600 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    19:11:17.0172 2600 usbprint - ok
    19:11:17.0196 2600 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:11:17.0235 2600 USBSTOR - ok
    19:11:17.0266 2600 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:11:17.0294 2600 usbuhci - ok
    19:11:17.0325 2600 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    19:11:17.0373 2600 usbvideo - ok
    19:11:17.0418 2600 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    19:11:17.0458 2600 UxSms - ok
    19:11:18.0002 2600 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    19:11:18.0080 2600 vds - ok
    19:11:18.0105 2600 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:11:18.0142 2600 vga - ok
    19:11:18.0158 2600 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    19:11:18.0223 2600 VgaSave - ok
    19:11:18.0249 2600 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    19:11:18.0264 2600 viaagp - ok
    19:11:18.0284 2600 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    19:11:18.0325 2600 ViaC7 - ok
    19:11:18.0341 2600 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    19:11:18.0357 2600 viaide - ok
    19:11:18.0367 2600 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    19:11:18.0383 2600 volmgr - ok
    19:11:18.0418 2600 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    19:11:18.0448 2600 volmgrx - ok
    19:11:18.0473 2600 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    19:11:18.0495 2600 volsnap - ok
    19:11:18.0522 2600 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    19:11:18.0547 2600 vsmraid - ok
    19:11:18.0725 2600 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    19:11:18.0856 2600 VSS - ok
    19:11:18.0928 2600 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    19:11:18.0970 2600 W32Time - ok
    19:11:19.0087 2600 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    19:11:19.0151 2600 WacomPen - ok
    19:11:19.0192 2600 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:19.0221 2600 Wanarp - ok
    19:11:19.0240 2600 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:19.0269 2600 Wanarpv6 - ok
    19:11:19.0362 2600 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    19:11:19.0389 2600 wcncsvc - ok
    19:11:19.0416 2600 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    19:11:19.0449 2600 WcsPlugInService - ok
    19:11:19.0484 2600 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    19:11:19.0501 2600 Wd - ok
    19:11:19.0553 2600 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    19:11:19.0816 2600 WDC_SAM - ok
    19:11:20.0422 2600 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    19:11:21.0149 2600 WDDMService ( UnsignedFile.Multi.Generic ) - warning
    19:11:21.0149 2600 WDDMService - detected UnsignedFile.Multi.Generic (1)
    19:11:21.0223 2600 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    19:11:21.0270 2600 Wdf01000 - ok
    19:11:21.0452 2600 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    19:11:21.0559 2600 WDFME ( UnsignedFile.Multi.Generic ) - warning
    19:11:21.0559 2600 WDFME - detected UnsignedFile.Multi.Generic (1)
    19:11:22.0304 2600 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:11:22.0339 2600 WdiServiceHost - ok
    19:11:22.0347 2600 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:11:22.0387 2600 WdiSystemHost - ok
    19:11:22.0455 2600 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    19:11:22.0693 2600 WDSC ( UnsignedFile.Multi.Generic ) - warning
    19:11:22.0693 2600 WDSC - detected UnsignedFile.Multi.Generic (1)
    19:11:22.0723 2600 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    19:11:22.0792 2600 WebClient - ok
    19:11:22.0830 2600 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    19:11:22.0871 2600 Wecsvc - ok
    19:11:22.0908 2600 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    19:11:22.0945 2600 wercplsupport - ok
    19:11:22.0990 2600 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
    19:11:23.0012 2600 WerSvc - ok
    19:11:23.0123 2600 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    19:11:23.0177 2600 winachsf - ok
    19:11:23.0301 2600 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    19:11:23.0317 2600 WinDefend - ok
    19:11:23.0338 2600 WinHttpAutoProxySvc - ok
    19:11:23.0441 2600 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    19:11:23.0497 2600 Winmgmt - ok
    19:11:23.0628 2600 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    19:11:23.0722 2600 WinRM - ok
    19:11:23.0817 2600 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
    19:11:23.0867 2600 Wlansvc - ok
    19:11:23.0944 2600 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    19:11:23.0970 2600 WmiAcpi - ok
    19:11:24.0067 2600 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    19:11:24.0113 2600 wmiApSrv - ok
    19:11:24.0240 2600 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:11:24.0302 2600 WMPNetworkSvc - ok
    19:11:24.0370 2600 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    19:11:24.0403 2600 WPCSvc - ok
    19:11:24.0440 2600 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    19:11:24.0479 2600 WPDBusEnum - ok
    19:11:24.0622 2600 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:11:24.0694 2600 WPFFontCache_v0400 - ok
    19:11:24.0755 2600 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:11:24.0793 2600 ws2ifsl - ok
    19:11:24.0835 2600 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
    19:11:24.0860 2600 wscsvc - ok
    19:11:24.0872 2600 WSearch - ok
    19:11:25.0107 2600 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    19:11:25.0186 2600 wuauserv - ok
    19:11:25.0381 2600 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:11:25.0419 2600 WUDFRd - ok
    19:11:25.0467 2600 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    19:11:25.0519 2600 wudfsvc - ok
    19:11:25.0561 2600 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    19:11:25.0581 2600 XAudio - ok
    19:11:25.0631 2600 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
    19:11:25.0656 2600 XAudioService - ok
    19:11:25.0661 2600 XDva390 - ok
    19:11:25.0690 2600 MBR (0x1B8) (a60bd2fea1c3064c80a4c68111d1f68a) \Device\Harddisk0\DR0
    19:11:25.0720 2600 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    19:11:25.0720 2600 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    19:11:25.0789 2600 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    19:11:25.0789 2600 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    19:11:25.0826 2600 Boot (0x1200) (6fab7cbcff75202df9067bc4772e2263) \Device\Harddisk0\DR0\Partition0
    19:11:25.0829 2600 \Device\Harddisk0\DR0\Partition0 - ok
    19:11:25.0852 2600 Boot (0x1200) (b797b578c45626505cc991ee4a67bba7) \Device\Harddisk0\DR0\Partition1
    19:11:25.0854 2600 \Device\Harddisk0\DR0\Partition1 - ok
    19:11:25.0858 2600 ============================================================
    19:11:25.0858 2600 Scan finished
    19:11:25.0858 2600 ============================================================
    19:11:25.0886 2968 Detected object count: 11
    19:11:25.0886 2968 Actual detected object count: 11
    19:16:32.0360 2968 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:32.0361 2968 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:32.0366 2968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:32.0366 2968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:32.0370 2968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:32.0370 2968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:32.0373 2968 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:32.0374 2968 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:32.0378 2968 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:32.0378 2968 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:32.0473 2968 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
    19:16:32.0517 2968 C:\Windows\$NtUninstallKB54505$\2284739783\@ - copied to quarantine
    19:16:32.0547 2968 C:\Windows\$NtUninstallKB54505$\2284739783\bckfg.tmp - copied to quarantine
    19:16:32.0560 2968 C:\Windows\$NtUninstallKB54505$\2284739783\cfg.ini - copied to quarantine
    19:16:32.0571 2968 C:\Windows\$NtUninstallKB54505$\2284739783\Desktop.ini - copied to quarantine
    19:16:32.0602 2968 C:\Windows\$NtUninstallKB54505$\2284739783\keywords - copied to quarantine
    19:16:32.0638 2968 C:\Windows\$NtUninstallKB54505$\2284739783\kwrd.dll - copied to quarantine
    19:16:32.0664 2968 C:\Windows\$NtUninstallKB54505$\2284739783\L\qnbwvoto - copied to quarantine
    19:16:32.0693 2968 C:\Windows\$NtUninstallKB54505$\2284739783\lsflt7.ver - copied to quarantine
    19:16:32.0704 2968 C:\Windows\$NtUninstallKB54505$\2284739783\oemid - copied to quarantine
    19:16:32.0747 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000001.@ - copied to quarantine
    19:16:32.0800 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000002.@ - copied to quarantine
    19:16:32.0834 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000004.@ - copied to quarantine
    19:16:32.0871 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000000.@ - copied to quarantine
    19:16:32.0887 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000004.@ - copied to quarantine
    19:16:32.0924 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000032.@ - copied to quarantine
    19:16:32.0955 2968 C:\Windows\$NtUninstallKB54505$\2284739783\version - copied to quarantine
    19:16:33.0037 2968 Backup copy found, using it..
    19:16:33.0051 2968 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
    19:16:36.0010 2968 C:\Windows\$NtUninstallKB54505$\2284739783\@ - will be deleted on reboot
    19:16:36.0030 2968 C:\Windows\$NtUninstallKB54505$\2284739783\bckfg.tmp - will be deleted on reboot
    19:16:36.0031 2968 C:\Windows\$NtUninstallKB54505$\2284739783\cfg.ini - will be deleted on reboot
    19:16:36.0032 2968 C:\Windows\$NtUninstallKB54505$\2284739783\Desktop.ini - will be deleted on reboot
    19:16:36.0042 2968 C:\Windows\$NtUninstallKB54505$\2284739783\keywords - will be deleted on reboot
    19:16:36.0043 2968 C:\Windows\$NtUninstallKB54505$\2284739783\kwrd.dll - will be deleted on reboot
    19:16:36.0046 2968 C:\Windows\$NtUninstallKB54505$\2284739783\lsflt7.ver - will be deleted on reboot
    19:16:36.0047 2968 C:\Windows\$NtUninstallKB54505$\2284739783\oemid - will be deleted on reboot
    19:16:36.0048 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000001.@ - will be deleted on reboot
    19:16:36.0049 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000002.@ - will be deleted on reboot
    19:16:36.0050 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\00000004.@ - will be deleted on reboot
    19:16:36.0051 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000000.@ - will be deleted on reboot
    19:16:36.0052 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000004.@ - will be deleted on reboot
    19:16:36.0052 2968 C:\Windows\$NtUninstallKB54505$\2284739783\U\80000032.@ - will be deleted on reboot
    19:16:36.0054 2968 C:\Windows\$NtUninstallKB54505$\2284739783\version - will be deleted on reboot
    19:16:36.0056 2968 C:\Windows\$NtUninstallKB54505$\751360520 - will be deleted on reboot
    19:16:36.0061 2968 Smb ( Virus.Win32.ZAccess.k ) - User select action: Cure
    19:16:36.0065 2968 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:36.0065 2968 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:36.0070 2968 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:36.0070 2968 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:36.0074 2968 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
    19:16:36.0074 2968 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:16:39.0483 2968 \Device\Harddisk0\DR0\# - copied to quarantine
    19:16:39.0494 2968 \Device\Harddisk0\DR0 - copied to quarantine
    19:16:39.0614 2968 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    19:16:39.0622 2968 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    19:16:39.0644 2968 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    19:16:39.0653 2968 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    19:16:39.0664 2968 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    19:16:39.0675 2968 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    19:16:39.0702 2968 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    19:16:39.0745 2968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    19:16:39.0746 2968 \Device\Harddisk0\DR0 - ok
    19:16:40.0039 2968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    19:16:40.0042 2968 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    19:16:40.0042 2968 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    19:16:46.0119 3808 Deinitialize success

















    0
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please follow this to check your settings for notifications.

    Click on My Account at the top of the page, then select Edit Options on the left hand side. Check under Default Thread Subscription Mode that it is set to Instant email notification, if not then change it. Click on Save Changes at the bottom of the page. At the top of this thread click on the Thread Tools tab, if it shows Unsubscribe then leave it as it is, if it shows Subscribe to thread then select it.
    If you still fail to get notifications then you should contact the Administarator Cookiegal


    Now back to the faulty PC, the TDSSKiller scan has confirmed it is infected with a Rootkit, in fact there appears to be more than one. Please read this and decide if you wish to continue:

    IMPORTANT NOTE: One or more of the identified infections is related to an advanced rootkit.
    Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Rootkits are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
    You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.



    Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired so you can never be sure that you have completely removed all components of a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You
    This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
    If you wish to continue please follow this:



    Please run Malwarebytes and post the log as follows:
    • Open Malwarebytes, then run a Quick Scan.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    Now run another scan with TDSSKiller and post the new log.
     
  14. PJL

    PJL Thread Starter

    Joined:
    May 18, 2012
    Messages:
    8
    Thanks for confirming what I suspected after that TDSSKiller run; rather than trying to empty the ocean with a spoon, we're going to go the flatten and rebuild route.
    I assume that reformat is accomplished by going to C: and typing del *.* But since the computer in question also has a separate DATA drive, I'm guessing that I should start with C:> del d:\*.* I will then have one license free from a Win7 three-pack but, as I recall, I had to install Win XP on the the computer that had been running Ubuntu before I could install Win7. If I'm wrong about the procedure, or there's an easier way to do this, I'd appreciate any additional advice you have.
    Thank you again for all of your expert assistance.
    Penny, a/k/a PJL
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You can install Windows 7 directly from the disc without doing anything else. Simply insert the disc in the CD/DVD drive and reboot the PC. If it does not boot from the disc you may need to boot into the Bios and set the CD/DVD drive to 1st in the boot order. You will get a choice of which drive to install Windows onto so just make sure you select the correct drive and it will format the drive during the installation.

    As a precaution I would run a Full scan on the Data drive with Malwarebytes just to make sure nothing harmfull has been copied to it before running the re-install. If you open Malwarebytes and then select Full Scan you will be given a choice of which drive to run it on. Anything found by it should be selected for removal, if in doubt please do ask.

    I have supplied some information below to help you better protect the PC in the future.

    Also, you should read the note below about Ad-Aware and Spybot and I would recommend that you install Microsoft Security Essentials for Anti Virus protection.

    You should also make sure Windows Update is turned on, the existing Vista installation was still on Service Pack 1, it should have been on SP2. Windows updates do include a lot of additional security protection and bug fixes.

    FYI: mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).

    What does the future hold for Ad-Aware?
    Ad-Aware has even been placed into the Installers Hall of Shame for bundling and pre-checking Google Chrome during the installation. Also read Lavasoft Turning to the Dark Side? written by a former volunteer (now a MVP) who provided support for Ad-Aware but no longer uses the program.
    As for Spybot S&D, most people don't understand how to use TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows Registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.



    Some additional security measures.
    If your present security software does not include a third party Firewall or AntiSpyware.
    Go Here for a selection of third party Firewalls.
    Go Here or Here for Anti Spyware.

    Always keep your Java, Adobe and Flash Player up to date.
    Why you should update Java
    Why you should update Adobe
    Why you should update Flash Player

    Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

    WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

    Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

    WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

    If you have no further questions please let me know and I will mark the thread as solved.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1053734