Reight

Help,please~ Successfully blocked access to malicious website messages

18 posts in this topic

Hello, Yesterday night I got a virus that was pretending to be a virus scan and I was able to remove it. But after that I am constantly get the messages saying "Malwarebytes anti-malware successfully blocked access to a potentially malicious website: [various IP addresses] ". I am looking for advice on how to resolve this.

Any help would be appreciated, thank you.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by MTL at 21:40:43 on 2012-03-10

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3545.2348 [GMT 7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskeng.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\TVHome Media2\ScheduleTV.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\MTL\AppData\Roaming\autonet.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\BitComet\tools\BitCometService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.112dh.com/#isoshu

uSearch Bar =

mStart Page = hxxp://www.bigseekpro.com/cheatengine/{A56A5A91-076B-4BC8-B96A-55839BBC197D}

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - c:\program files\inboxdollars\Toolbar.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - c:\program files\inboxdollars\Toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [bitComet] c:\program files\bitcomet\BitComet.exe /tray

uRun: [nstnb] rundll32.exe "c:\users\mtl\appdata\roaming\cwiqf.dll",rqzytu

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [remotefmt] c:\programdata\remotefmt.exe

uRun: [autonet] c:\users\mtl\appdata\roaming\autonet.exe

uRun: [sM?RT-Protection] c:\program files\smadav\SM?RTP.exe rtp

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [uVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe

mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\QTTask.exe" -atboottime

mRun: [scheduleTV] "c:\program files\tvhome media2\ScheduleTV.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\mtl\appdata\local\temp\nsv8b12.sh! c:\users\mtl\appdata\local\temp\2942017.sh! c:\users\mtl\appdata\local\micros~1\windows\tempor~1\content.ie5\mb9t22qw\_PAGE_~1.SH!

StartupFolder: c:\users\mtl\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\mtl\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\mtl\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{43D3BEB3-21D7-4471-B56E-EE409BE7CC3E} : DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer = 203.130.196.155,202.134.0.155

TCP: Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : DhcpNameServer = 89.107.66.225 202.134.0.155

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mtl\appdata\roaming\mozilla\firefox\profiles\nszc767u.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: browser.startup.page - 1

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-24 207656]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-24 81920]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-10 652360]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-24 29736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-10 20464]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]

R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 GadmeiBDA;USB TV Device;c:\windows\system32\drivers\UTVAD.sys [2011-6-2 690560]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-24 79240]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-24 35240]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-24 34152]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-24 40488]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-10 02:45:05 -------- d-----w- c:\users\mtl\appdata\roaming\Malwarebytes

2012-03-10 02:45:01 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:45:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:45:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-10 01:58:18 97792 ----a-w- c:\users\mtl\SmadExtc.dll

2012-03-10 01:58:18 73728 ----a-w- c:\users\mtl\Smadav-Updater.exe

2012-03-10 01:58:18 1503232 ----a-w- c:\users\mtl\Smadav 2012 Rev. 8.9.exe

2012-03-10 01:58:18 103936 ----a-w- c:\users\mtl\SmadEngine.dll

2012-03-09 13:40:30 479232 ----a-w- c:\users\mtl\appdata\local\hinvoj.exe

2012-03-09 13:40:23 72696 ----a-w- c:\users\mtl\appdata\roaming\autonet.exe

2012-03-09 13:40:23 72696 ----a-w- c:\programdata\remotefmt.exe

2012-03-09 13:37:39 -------- d-----w- c:\users\mtl\appdata\roaming\Byajug

2012-03-09 13:37:39 -------- d-----w- c:\users\mtl\appdata\roaming\Arux

2012-03-09 11:27:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{25b6c5a6-e30d-4208-a705-3098297426d5}\mpengine.dll

2012-03-08 02:02:16 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-03-08 02:02:16 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-03-08 02:02:16 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-03-08 02:02:15 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-02-16 16:24:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-02-16 16:08:34 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 16:00:56 680448 ----a-w- c:\windows\system32\msvcrt.dll

.

==================== Find3M ====================

.

2012-02-23 02:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-12 10:03:43 249856 ------w- c:\windows\Setup1.exe

2011-12-12 10:03:42 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-12-12 07:10:53 256 ----a-w- c:\windows\system32\pool.bin

.

============= FINISH: 21:46:19.10 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 24/03/2009 03:54:58

System Uptime: 10/03/2012 21:37:24 (0 hours ago)

.

Motherboard: Dell Inc. | | 0R639N

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 88.711 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 9.944 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\8&110F2BDC&0&EC9B5B2306D5_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\8&110F2BDC&0&EC9B5B2306D5_C00000000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS

Adobe Reader 9.5.0

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

ArcSoft Codec

BadCopy Pro

BBSAK

BitComet 1.29

BlackBerry Desktop Software 4.2

BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone

calibre

Cheat Engine 6.1

Dell Dock

Dell Getting Started Guide

Dell Support Center

Dell Touchpad

Dell Webcam Central

Dress Up Rush

EDocs

FormatFactory

Google Toolbar for Internet Explorer

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

InboxDollars

Integrated Webcam Driver (1.02.01.0320)

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 26

Java 6 Update 7

Kamus 2.04

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.60.1.1000

Managed DirectX (0901)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobile Partner

Mozilla Firefox 10.0.2 (x86 en-US)

MpcStar 5.0

NJStar Chinese WP

NJStar Communicator

OGA Notifier 2.0.0048.0

PowerDVD

QuickSet

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

RTP for RM2K (Png, Wav, Midi, Fonts)

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

SmartSound Quicktracks Plugin

SPSS 15.0 for Windows Evaluation Version

Titan Quest

TVHome Media2

Ulead VideoStudio 10

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Project 2007 Help (KB963668)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.4

WIDCOMM Bluetooth Software 6.1.0.4502

Winamp

Winamp Detector Plug-in

WinRAR archiver

Xfire (remove only)

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Bluetooth Device (Personal Area Network) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/03/2012 21:30:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/03/2012 21:30:15, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/03/2012 21:30:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/03/2012 09:34:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/03/2012 09:15:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/03/2012 08:55:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr Wanarpv6

10/03/2012 08:55:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/03/2012 08:54:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/03/2012 08:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/03/2012 08:54:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

09/03/2012 21:20:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

08/03/2012 22:35:12, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

06/03/2012 06:59:41, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 00225F3F2116 has been denied by the DHCP server 192.168.1.2 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Okay. here is the report...

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: MTL [Admin rights]

Mode: Scan -- Date: 03/13/2012 18:19:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 12 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND

[sUSP PATH] HKUS\.DEFAULT[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-3412689152-1959603396-70223304-1000[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND

[sUSP PATH] HKUS\S-1-5-18[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++

--- User ---

[MBR] c70f33a6cc10e4b539c73d6d9e406d52

[bSP] 54d20d43fa3e91f95afc60f155d7d2e4 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thanks for your help

Share this post


Link to post
Share on other sites

OK, these are.....

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND

From....

44399242.png

36372435.png

Do you recognize them?

If not > run RogueKiller and click scan then DNSFix

-------------------------------------

[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

Did you install Smadav?

------------------------------------

You can run RogueKiller again (scan) and Delete these (click on registry):

[bLACKLIST DLL] HKCU\[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-3412689152-1959603396-70223304-1000[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND

----------------------------------

Then please Update and run a Quick Scan with Malwarebytes and post the log, MrC

Share this post


Link to post
Share on other sites

I have done as you instructed. I don't recognize those IP address. Yes, I installed Smadav, It is a local antivirus.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.14.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

MTL :: USER-PC [administrator]

Protection: Enabled

14/03/2012 19:18:48

mbam-log-2012-03-14 (19-59-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 254870

Time elapsed: 35 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\MTL\AppData\Local\Temp\devicerss.exe (Trojan.Agent.UAGen) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

C:\Users\MTL\AppData\Local\Temp\devicerss.exe (Trojan.Agent.UAGen) -> No action taken.

You didn't delete this??

Scan again and.....

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

MrC

Share this post


Link to post
Share on other sites

No, I have deleted it, I make a mistake --> I posted the logs before I deleted that......

But, even after I deleted it, the messages still show up....

I will scan again and posted it here after I get the result.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.14.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

MTL :: USER-PC [administrator]

Protection: Enabled

14/03/2012 20:56:43

mbam-log-2012-03-14 (20-56-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255820

Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and post the new log.

----------------------

Then...............

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: MTL [Admin rights]

Mode: Scan -- Date: 03/14/2012 21:41:52

¤¤¤ Bad processes: 1 ¤¤¤

[HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 8 ¤¤¤

[PREVRUN] HKUS\.DEFAULT[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND

[PREVRUN] HKUS\S-1-5-18[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++

--- User ---

[MBR] c70f33a6cc10e4b539c73d6d9e406d52

[bSP] 54d20d43fa3e91f95afc60f155d7d2e4 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt

21:43:16.0717 1216 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

21:43:18.0434 1216 ============================================================

21:43:18.0435 1216 Current date / time: 2012/03/14 21:43:18.0434

21:43:18.0435 1216 SystemInfo:

21:43:18.0435 1216

21:43:18.0435 1216 OS Version: 6.0.6002 ServicePack: 2.0

21:43:18.0435 1216 Product type: Workstation

21:43:18.0435 1216 ComputerName: USER-PC

21:43:18.0435 1216 UserName: MTL

21:43:18.0435 1216 Windows directory: C:\Windows

21:43:18.0435 1216 System windows directory: C:\Windows

21:43:18.0435 1216 Processor architecture: Intel x86

21:43:18.0435 1216 Number of processors: 2

21:43:18.0435 1216 Page size: 0x1000

21:43:18.0435 1216 Boot type: Normal boot

21:43:18.0435 1216 ============================================================

21:43:19.0173 1216 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:43:19.0176 1216 \Device\Harddisk0\DR0:

21:43:19.0176 1216 MBR used

21:43:19.0176 1216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

21:43:19.0176 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

21:43:19.0261 1216 Initialize success

21:43:19.0261 1216 ============================================================

21:44:27.0457 5916 ============================================================

21:44:27.0457 5916 Scan started

21:44:27.0457 5916 Mode: Manual; SigCheck; TDLFS;

21:44:27.0457 5916 ============================================================

21:44:28.0503 5916 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:44:28.0676 5916 ACPI - ok

21:44:28.0859 5916 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:44:28.0888 5916 adp94xx - ok

21:44:28.0929 5916 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:44:28.0953 5916 adpahci - ok

21:44:29.0063 5916 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:44:29.0081 5916 adpu160m - ok

21:44:29.0115 5916 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:44:29.0132 5916 adpu320 - ok

21:44:29.0297 5916 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:44:29.0370 5916 AFD - ok

21:44:29.0486 5916 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:44:29.0502 5916 agp440 - ok

21:44:29.0542 5916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:44:29.0559 5916 aic78xx - ok

21:44:29.0664 5916 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:44:29.0681 5916 aliide - ok

21:44:29.0713 5916 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:44:29.0728 5916 amdagp - ok

21:44:29.0757 5916 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:44:29.0773 5916 amdide - ok

21:44:29.0866 5916 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:44:29.0993 5916 AmdK7 - ok

21:44:30.0090 5916 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:44:30.0159 5916 AmdK8 - ok

21:44:30.0288 5916 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys

21:44:30.0341 5916 ApfiltrService - ok

21:44:30.0399 5916 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:44:30.0417 5916 arc - ok

21:44:30.0550 5916 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:44:30.0567 5916 arcsas - ok

21:44:30.0625 5916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:44:30.0679 5916 AsyncMac - ok

21:44:30.0788 5916 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

21:44:30.0803 5916 atapi - ok

21:44:30.0863 5916 athr (ac89d6200482a3a72e7cd05c0db6113c) C:\Windows\system32\DRIVERS\athr.sys

21:44:30.0962 5916 athr - ok

21:44:31.0094 5916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:44:31.0155 5916 Beep - ok

21:44:31.0320 5916 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:44:31.0378 5916 blbdrive - ok

21:44:31.0510 5916 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:44:31.0566 5916 bowser - ok

21:44:31.0669 5916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:44:31.0771 5916 BrFiltLo - ok

21:44:31.0868 5916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:44:31.0907 5916 BrFiltUp - ok

21:44:31.0942 5916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:44:32.0187 5916 Brserid - ok

21:44:32.0297 5916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:44:32.0385 5916 BrSerWdm - ok

21:44:32.0412 5916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:44:32.0493 5916 BrUsbMdm - ok

21:44:32.0588 5916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:44:32.0671 5916 BrUsbSer - ok

21:44:32.0801 5916 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

21:44:32.0841 5916 BthEnum - ok

21:44:32.0971 5916 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys

21:44:33.0064 5916 BTHMODEM - ok

21:44:33.0100 5916 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

21:44:33.0165 5916 BthPan - ok

21:44:33.0314 5916 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

21:44:33.0375 5916 BthPort - ok

21:44:33.0513 5916 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

21:44:33.0544 5916 BTHUSB - ok

21:44:33.0584 5916 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys

21:44:33.0598 5916 btwaudio - ok

21:44:33.0688 5916 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys

21:44:33.0700 5916 btwavdt - ok

21:44:33.0752 5916 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys

21:44:33.0762 5916 btwl2cap - ok

21:44:33.0841 5916 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys

21:44:33.0852 5916 btwrchid - ok

21:44:33.0901 5916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:44:33.0951 5916 cdfs - ok

21:44:34.0056 5916 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:44:34.0102 5916 cdrom - ok

21:44:34.0141 5916 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:44:34.0195 5916 circlass - ok

21:44:34.0301 5916 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:44:34.0327 5916 CLFS - ok

21:44:34.0431 5916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

21:44:34.0485 5916 CmBatt - ok

21:44:34.0560 5916 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:44:34.0575 5916 cmdide - ok

21:44:34.0638 5916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

21:44:34.0657 5916 Compbatt - ok

21:44:34.0735 5916 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:44:34.0749 5916 crcdisk - ok

21:44:34.0789 5916 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:44:34.0844 5916 Crusoe - ok

21:44:34.0936 5916 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:44:35.0003 5916 DfsC - ok

21:44:35.0118 5916 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:44:35.0136 5916 disk - ok

21:44:35.0187 5916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:44:35.0229 5916 drmkaud - ok

21:44:35.0340 5916 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:44:35.0376 5916 DXGKrnl - ok

21:44:35.0461 5916 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

21:44:35.0519 5916 e1express - ok

21:44:35.0599 5916 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:44:35.0660 5916 E1G60 - ok

21:44:35.0738 5916 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:44:35.0759 5916 Ecache - ok

21:44:35.0867 5916 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:44:35.0892 5916 elxstor - ok

21:44:35.0940 5916 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

21:44:35.0972 5916 ErrDev - ok

21:44:36.0075 5916 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:44:36.0136 5916 exfat - ok

21:44:36.0240 5916 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:44:36.0287 5916 fastfat - ok

21:44:36.0328 5916 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:44:36.0386 5916 fdc - ok

21:44:36.0496 5916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:44:36.0512 5916 FileInfo - ok

21:44:36.0540 5916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:44:36.0593 5916 Filetrace - ok

21:44:36.0683 5916 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:44:36.0730 5916 flpydisk - ok

21:44:36.0786 5916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:44:36.0810 5916 FltMgr - ok

21:44:36.0925 5916 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:44:36.0968 5916 Fs_Rec - ok

21:44:37.0123 5916 GadmeiBDA (3c1818c2c3b4631000e5ae1df72e179c) C:\Windows\system32\DRIVERS\UTVAD.sys

21:44:37.0202 5916 GadmeiBDA - ok

21:44:37.0295 5916 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:44:37.0317 5916 gagp30kx - ok

21:44:37.0445 5916 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:44:37.0518 5916 HDAudBus - ok

21:44:37.0577 5916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:44:37.0681 5916 HidBth - ok

21:44:37.0787 5916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:44:37.0883 5916 HidIr - ok

21:44:38.0001 5916 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:44:38.0042 5916 HidUsb - ok

21:44:38.0078 5916 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:44:38.0095 5916 HpCISSs - ok

21:44:38.0212 5916 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

21:44:38.0272 5916 HTTP - ok

21:44:38.0400 5916 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys

21:44:38.0445 5916 hwdatacard - ok

21:44:38.0481 5916 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:44:38.0496 5916 i2omp - ok

21:44:38.0603 5916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:44:38.0647 5916 i8042prt - ok

21:44:38.0691 5916 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys

21:44:38.0711 5916 iaStor - ok

21:44:38.0818 5916 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:44:38.0838 5916 iaStorV - ok

21:44:39.0025 5916 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys

21:44:39.0149 5916 igfx - ok

21:44:39.0275 5916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:44:39.0290 5916 iirsp - ok

21:44:39.0343 5916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

21:44:39.0357 5916 intelide - ok

21:44:39.0495 5916 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:44:39.0536 5916 intelppm - ok

21:44:39.0593 5916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:44:39.0647 5916 IpFilterDriver - ok

21:44:39.0724 5916 IpInIp - ok

21:44:39.0754 5916 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:44:39.0813 5916 IPMIDRV - ok

21:44:39.0841 5916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:44:39.0890 5916 IPNAT - ok

21:44:39.0990 5916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:44:40.0042 5916 IRENUM - ok

21:44:40.0061 5916 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:44:40.0076 5916 isapnp - ok

21:44:40.0168 5916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:44:40.0190 5916 iScsiPrt - ok

21:44:40.0227 5916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:44:40.0246 5916 iteatapi - ok

21:44:40.0281 5916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:44:40.0295 5916 iteraid - ok

21:44:40.0370 5916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:44:40.0386 5916 kbdclass - ok

21:44:40.0440 5916 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

21:44:40.0485 5916 kbdhid - ok

21:44:40.0559 5916 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

21:44:40.0602 5916 KSecDD - ok

21:44:40.0736 5916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:44:40.0823 5916 lltdio - ok

21:44:40.0912 5916 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:44:40.0928 5916 LSI_FC - ok

21:44:40.0965 5916 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:44:40.0981 5916 LSI_SAS - ok

21:44:41.0029 5916 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:44:41.0046 5916 LSI_SCSI - ok

21:44:41.0142 5916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:44:41.0204 5916 luafv - ok

21:44:41.0338 5916 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

21:44:41.0351 5916 MBAMProtector - ok

21:44:41.0397 5916 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:44:41.0412 5916 megasas - ok

21:44:41.0445 5916 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:44:41.0479 5916 MegaSR - ok

21:44:41.0643 5916 mfeavfk (abe05f6853072fdb29d4523c8e344578) C:\Windows\system32\drivers\mfeavfk.sys

21:44:41.0656 5916 mfeavfk - ok

21:44:41.0703 5916 mfebopk (7728b3c34b5b13cacb520ccee2af8cc7) C:\Windows\system32\drivers\mfebopk.sys

21:44:41.0714 5916 mfebopk - ok

21:44:41.0738 5916 mfehidk (f2ae6af4817e612fc162dcc580b7a5cc) C:\Windows\system32\drivers\mfehidk.sys

21:44:41.0752 5916 mfehidk - ok

21:44:41.0850 5916 mferkdk (db75c83e3e57037390b7b4392bca5481) C:\Windows\system32\drivers\mferkdk.sys

21:44:41.0861 5916 mferkdk - ok

21:44:41.0918 5916 mfesmfk (702730b18c342b40cdce85cd98eee88e) C:\Windows\system32\drivers\mfesmfk.sys

21:44:41.0929 5916 mfesmfk - ok

21:44:41.0982 5916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:44:42.0035 5916 Modem - ok

21:44:42.0110 5916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:44:42.0167 5916 monitor - ok

21:44:42.0212 5916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:44:42.0228 5916 mouclass - ok

21:44:42.0254 5916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:44:42.0305 5916 mouhid - ok

21:44:42.0365 5916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:44:42.0381 5916 MountMgr - ok

21:44:42.0435 5916 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:44:42.0452 5916 mpio - ok

21:44:42.0483 5916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:44:42.0522 5916 mpsdrv - ok

21:44:42.0596 5916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:44:42.0610 5916 Mraid35x - ok

21:44:42.0660 5916 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:44:42.0727 5916 MRxDAV - ok

21:44:42.0839 5916 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:44:42.0871 5916 mrxsmb - ok

21:44:42.0943 5916 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:44:42.0983 5916 mrxsmb10 - ok

21:44:43.0110 5916 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:44:43.0132 5916 mrxsmb20 - ok

21:44:43.0178 5916 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

21:44:43.0192 5916 msahci - ok

21:44:43.0247 5916 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:44:43.0263 5916 msdsm - ok

21:44:43.0325 5916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:44:43.0380 5916 Msfs - ok

21:44:43.0445 5916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:44:43.0460 5916 msisadrv - ok

21:44:43.0526 5916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:44:43.0579 5916 MSKSSRV - ok

21:44:43.0643 5916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:44:43.0700 5916 MSPCLOCK - ok

21:44:43.0755 5916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:44:43.0810 5916 MSPQM - ok

21:44:43.0889 5916 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:44:43.0909 5916 MsRPC - ok

21:44:43.0982 5916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:44:43.0997 5916 mssmbios - ok

21:44:44.0064 5916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:44:44.0119 5916 MSTEE - ok

21:44:44.0173 5916 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:44:44.0190 5916 Mup - ok

21:44:44.0274 5916 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:44:44.0309 5916 NativeWifiP - ok

21:44:44.0419 5916 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:44:44.0452 5916 NDIS - ok

21:44:44.0518 5916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:44:44.0569 5916 NdisTapi - ok

21:44:44.0620 5916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:44:44.0672 5916 Ndisuio - ok

21:44:44.0743 5916 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:44:44.0776 5916 NdisWan - ok

21:44:44.0846 5916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:44:44.0894 5916 NDProxy - ok

21:44:44.0953 5916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:44:45.0004 5916 NetBIOS - ok

21:44:45.0072 5916 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:44:45.0124 5916 netbt - ok

21:44:45.0210 5916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:44:45.0227 5916 nfrd960 - ok

21:44:45.0328 5916 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys

21:44:45.0368 5916 nmwcd - ok

21:44:45.0483 5916 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys

21:44:45.0565 5916 nmwcdc - ok

21:44:45.0705 5916 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys

21:44:45.0747 5916 nmwcdcm - ok

21:44:45.0787 5916 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:44:45.0819 5916 Npfs - ok

21:44:45.0932 5916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:44:45.0989 5916 nsiproxy - ok

21:44:46.0063 5916 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:44:46.0115 5916 Ntfs - ok

21:44:46.0221 5916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:44:46.0307 5916 ntrigdigi - ok

21:44:46.0328 5916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:44:46.0381 5916 Null - ok

21:44:46.0481 5916 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:44:46.0499 5916 nvraid - ok

21:44:46.0527 5916 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:44:46.0544 5916 nvstor - ok

21:44:46.0580 5916 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:44:46.0597 5916 nv_agp - ok

21:44:46.0669 5916 NwlnkFlt - ok

21:44:46.0682 5916 NwlnkFwd - ok

21:44:46.0733 5916 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys

21:44:46.0765 5916 OA009Ufd - ok

21:44:46.0803 5916 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys

21:44:46.0832 5916 OA009Vid - ok

21:44:46.0951 5916 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

21:44:47.0039 5916 ohci1394 - ok

21:44:47.0161 5916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:44:47.0247 5916 Parport - ok

21:44:47.0289 5916 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:44:47.0307 5916 partmgr - ok

21:44:47.0344 5916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:44:47.0414 5916 Parvdm - ok

21:44:47.0517 5916 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms

21:44:47.0563 5916 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok

21:44:47.0659 5916 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:44:47.0679 5916 pci - ok

21:44:47.0719 5916 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

21:44:47.0734 5916 pciide - ok

21:44:47.0775 5916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:44:47.0793 5916 pcmcia - ok

21:44:47.0916 5916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:44:48.0030 5916 PEAUTH - ok

21:44:48.0153 5916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:44:48.0211 5916 PptpMiniport - ok

21:44:48.0236 5916 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

21:44:48.0293 5916 Processor - ok

21:44:48.0401 5916 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:44:48.0432 5916 PSched - ok

21:44:48.0482 5916 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

21:44:48.0494 5916 PxHelp20 - ok

21:44:48.0642 5916 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:44:48.0773 5916 ql2300 - ok

21:44:48.0896 5916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:44:48.0912 5916 ql40xx - ok

21:44:48.0927 5916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:44:48.0986 5916 QWAVEdrv - ok

21:44:49.0070 5916 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

21:44:49.0190 5916 R300 - ok

21:44:49.0299 5916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:44:49.0353 5916 RasAcd - ok

21:44:49.0376 5916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:44:49.0428 5916 Rasl2tp - ok

21:44:49.0547 5916 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:44:49.0579 5916 RasPppoe - ok

21:44:49.0596 5916 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:44:49.0617 5916 RasSstp - ok

21:44:49.0649 5916 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:44:49.0683 5916 rdbss - ok

21:44:49.0773 5916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:44:49.0829 5916 RDPCDD - ok

21:44:49.0864 5916 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:44:49.0907 5916 rdpdr - ok

21:44:49.0919 5916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:44:49.0976 5916 RDPENCDD - ok

21:44:50.0080 5916 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:44:50.0130 5916 RDPWD - ok

21:44:50.0243 5916 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

21:44:50.0291 5916 RFCOMM - ok

21:44:50.0351 5916 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

21:44:50.0396 5916 RimUsb - ok

21:44:50.0527 5916 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

21:44:50.0568 5916 RimVSerPort - ok

21:44:50.0595 5916 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

21:44:50.0645 5916 ROOTMODEM - ok

21:44:50.0735 5916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:44:50.0785 5916 rspndr - ok

21:44:50.0828 5916 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS

21:44:50.0880 5916 RTSTOR - ok

21:44:50.0979 5916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:44:50.0995 5916 sbp2port - ok

21:44:51.0042 5916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:44:51.0140 5916 secdrv - ok

21:44:51.0235 5916 Sedsercpsv - ok

21:44:51.0274 5916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:44:51.0354 5916 Serenum - ok

21:44:51.0384 5916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:44:51.0470 5916 Serial - ok

21:44:51.0567 5916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:44:51.0615 5916 sermouse - ok

21:44:51.0649 5916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:44:51.0691 5916 sffdisk - ok

21:44:51.0777 5916 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:44:51.0827 5916 sffp_mmc - ok

21:44:51.0838 5916 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:44:51.0878 5916 sffp_sd - ok

21:44:51.0906 5916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:44:51.0991 5916 sfloppy - ok

21:44:52.0100 5916 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:44:52.0116 5916 sisagp - ok

21:44:52.0136 5916 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:44:52.0152 5916 SiSRaid2 - ok

21:44:52.0181 5916 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:44:52.0197 5916 SiSRaid4 - ok

21:44:52.0313 5916 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:44:52.0363 5916 Smb - ok

21:44:52.0414 5916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:44:52.0430 5916 spldr - ok

21:44:52.0539 5916 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:44:52.0580 5916 srv - ok

21:44:52.0644 5916 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:44:52.0696 5916 srv2 - ok

21:44:52.0786 5916 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:44:52.0815 5916 srvnet - ok

21:44:52.0884 5916 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys

21:44:52.0942 5916 STHDA - ok

21:44:53.0080 5916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:44:53.0095 5916 swenum - ok

21:44:53.0128 5916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:44:53.0143 5916 Symc8xx - ok

21:44:53.0165 5916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:44:53.0180 5916 Sym_hi - ok

21:44:53.0205 5916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:44:53.0220 5916 Sym_u3 - ok

21:44:53.0398 5916 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

21:44:53.0442 5916 Tcpip - ok

21:44:53.0469 5916 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

21:44:53.0535 5916 Tcpip6 - ok

21:44:53.0637 5916 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:44:53.0693 5916 tcpipreg - ok

21:44:53.0741 5916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:44:53.0792 5916 TDPIPE - ok

21:44:53.0818 5916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:44:53.0858 5916 TDTCP - ok

21:44:53.0950 5916 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:44:53.0981 5916 tdx - ok

21:44:54.0022 5916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:44:54.0039 5916 TermDD - ok

21:44:54.0177 5916 TrueSight (0455d57c7fdb1252784202f2f7deb1d5) c:\windows\system32\drivers\TrueSight.sys

21:44:54.0183 5916 TrueSight ( UnsignedFile.Multi.Generic ) - warning

21:44:54.0183 5916 TrueSight - detected UnsignedFile.Multi.Generic (1)

21:44:54.0239 5916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:44:54.0294 5916 tssecsrv - ok

21:44:54.0441 5916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:44:54.0529 5916 tunmp - ok

21:44:54.0623 5916 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:44:54.0644 5916 tunnel - ok

21:44:54.0676 5916 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:44:54.0692 5916 uagp35 - ok

21:44:54.0741 5916 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:44:54.0775 5916 udfs - ok

21:44:54.0911 5916 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:44:54.0928 5916 uliagpkx - ok

21:44:54.0976 5916 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:44:54.0996 5916 uliahci - ok

21:44:55.0033 5916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:44:55.0049 5916 UlSata - ok

21:44:55.0150 5916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:44:55.0166 5916 ulsata2 - ok

21:44:55.0189 5916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:44:55.0240 5916 umbus - ok

21:44:55.0349 5916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:44:55.0398 5916 usbccgp - ok

21:44:55.0440 5916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:44:55.0522 5916 usbcir - ok

21:44:55.0615 5916 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:44:55.0646 5916 usbehci - ok

21:44:55.0682 5916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:44:55.0731 5916 usbhub - ok

21:44:55.0827 5916 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:44:55.0912 5916 usbohci - ok

21:44:55.0952 5916 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

21:44:56.0033 5916 usbprint - ok

21:44:56.0134 5916 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys

21:44:56.0180 5916 usbser - ok

21:44:56.0242 5916 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

21:44:56.0293 5916 UsbserFilt - ok

21:44:56.0384 5916 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:44:56.0425 5916 USBSTOR - ok

21:44:56.0468 5916 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:44:56.0543 5916 usbuhci - ok

21:44:56.0664 5916 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:44:56.0704 5916 vga - ok

21:44:56.0727 5916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:44:56.0767 5916 VgaSave - ok

21:44:56.0795 5916 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:44:56.0811 5916 viaagp - ok

21:44:56.0842 5916 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:44:56.0882 5916 ViaC7 - ok

21:44:56.0991 5916 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:44:57.0006 5916 viaide - ok

21:44:57.0046 5916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:44:57.0062 5916 volmgr - ok

21:44:57.0124 5916 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:44:57.0149 5916 volmgrx - ok

21:44:57.0243 5916 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:44:57.0265 5916 volsnap - ok

21:44:57.0322 5916 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:44:57.0340 5916 vsmraid - ok

21:44:57.0441 5916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:44:57.0511 5916 WacomPen - ok

21:44:57.0583 5916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:44:57.0627 5916 Wanarp - ok

21:44:57.0634 5916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:44:57.0668 5916 Wanarpv6 - ok

21:44:57.0765 5916 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:44:57.0780 5916 Wd - ok

21:44:57.0867 5916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

21:44:57.0910 5916 Wdf01000 - ok

21:44:58.0063 5916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

21:44:58.0095 5916 WmiAcpi - ok

21:44:58.0150 5916 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:44:58.0202 5916 WpdUsb - ok

21:44:58.0279 5916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:44:58.0327 5916 ws2ifsl - ok

21:44:58.0389 5916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:44:58.0437 5916 WUDFRd - ok

21:44:58.0554 5916 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys

21:44:58.0631 5916 yukonwlh - ok

21:44:58.0686 5916 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

21:44:59.0220 5916 \Device\Harddisk0\DR0 - ok

21:44:59.0256 5916 Boot (0x1200) (c65ebb53ad6ab8ce1915d4348cce8aee) \Device\Harddisk0\DR0\Partition0

21:44:59.0257 5916 \Device\Harddisk0\DR0\Partition0 - ok

21:44:59.0272 5916 Boot (0x1200) (3caf8afa1c4a4b927adc4d6f28acdaec) \Device\Harddisk0\DR0\Partition1

21:44:59.0273 5916 \Device\Harddisk0\DR0\Partition1 - ok

21:44:59.0275 5916 ============================================================

21:44:59.0275 5916 Scan finished

21:44:59.0275 5916 ============================================================

21:44:59.0333 5200 Detected object count: 1

21:44:59.0333 5200 Actual detected object count: 1

21:46:03.0461 5200 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

21:46:03.0461 5200 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

OK, that scan is clean.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-03-16.05 - MTL 17/03/2012 22:00:15.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3545.2116 [GMT 7:00]

Running from: c:\users\MTL\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\MTL\Documents\~WRL1243.tmp

c:\users\MTL\Documents\~WRL2017.tmp

c:\users\MTL\Smadav 2012 Rev. 8.9.exe

c:\users\MTL\SmadEngine.dll

c:\windows\system32\system

.

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys

.

.

((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))

.

.

2012-03-17 15:13 . 2012-03-17 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-15 02:05 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-15 02:05 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-15 02:05 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-15 02:05 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-15 02:05 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-15 02:05 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-15 02:05 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-03-15 02:04 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-15 02:04 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\users\MTL\AppData\Roaming\Malwarebytes

2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-10 02:45 . 2011-12-10 08:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 01:58 . 2011-07-10 10:45 73728 ----a-w- c:\users\MTL\Smadav-Updater.exe

2012-03-10 01:58 . 2010-02-19 11:26 97792 ----a-w- c:\users\MTL\SmadExtc.dll

2012-03-09 13:37 . 2012-03-10 05:48 -------- d-----w- c:\users\MTL\AppData\Roaming\Byajug

2012-03-09 13:37 . 2012-03-09 14:09 -------- d-----w- c:\users\MTL\AppData\Roaming\Arux

2012-03-08 02:02 . 2012-03-08 02:02 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-08 02:02 . 2012-03-08 02:02 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-03-08 02:02 . 2012-03-08 02:02 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-03-08 02:02 . 2012-03-08 02:02 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-16 16:00 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 02:18 . 2010-08-01 11:09 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-08 06:03 . 2012-03-16 09:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E11C10BA-8B8B-4B0A-B935-DECF15E8CC16}\mpengine.dll

2011-12-20 02:42 . 2011-12-20 02:42 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-20 02:42 . 2011-12-20 02:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-20 02:42 . 2011-12-20 02:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-20 02:42 . 2011-12-20 02:42 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-20 02:42 . 2011-12-20 02:42 161792 ----a-w- c:\windows\system32\msls31.dll

2011-12-20 02:42 . 2011-12-20 02:42 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-12-20 02:42 . 2011-12-20 02:42 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-12-20 02:42 . 2011-12-20 02:42 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-12-20 02:42 . 2011-12-20 02:42 367104 ----a-w- c:\windows\system32\html.iec

2011-12-20 02:42 . 2011-12-20 02:42 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-20 02:42 . 2011-12-20 02:42 152064 ----a-w- c:\windows\system32\wextract.exe

2011-12-20 02:42 . 2011-12-20 02:42 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-12-20 02:42 . 2011-12-20 02:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-20 02:42 . 2011-12-20 02:42 11776 ----a-w- c:\windows\system32\mshta.exe

2011-12-20 02:42 . 2011-12-20 02:42 101888 ----a-w- c:\windows\system32\admparse.dll

2011-12-20 02:42 . 2011-12-20 02:42 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-12-20 02:42 . 2011-12-20 02:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-08 02:02 . 2011-09-06 15:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]

2011-04-17 07:34 1547776 ----a-w- c:\program files\InboxDollars\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-04-17 1547776]

.

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]

[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]

[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-04-17 1547776]

.

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]

[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]

[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-09-23 11515184]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]

"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-11-29 421888]

"ScheduleTV"="c:\program files\TVHome Media2\ScheduleTV.exe" [2010-06-07 110592]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\users\MTL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2009-8-7 3656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-20 113664]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-6 752168]

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-9-7 1114217]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-03-24 02:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3412689152-1959603396-70223304-1000]

"EnableNotificationsRef"=dword:00000007

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]

.

2012-03-17 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.id/

mStart Page = hxxp://www.bigseekpro.com/cheatengine/{A56A5A91-076B-4BC8-B96A-55839BBC197D}

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\MTL\AppData\Roaming\Mozilla\Firefox\Profiles\nszc767u.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: browser.startup.page - 1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe

HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-17 22:22

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3412689152-1959603396-70223304-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):08,54,48,6f,ec,b0,d1,97,7a,f7,61,8f,3a,cc,96,df,f0,08,00,ac,9b,

ad,87,81,d0,f3,ba,c4,56,8b,54,e0,26,46,36,cb,b9,9f,c2,92,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3412689152-1959603396-70223304-1000_Classes\CLSID\{bb72e9b3-e6b1-4586-9c50-ef84617dcfa4}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000087

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,db,e3,4c,87,85,5d,43,c5,ec,f0,ab,9e,67,39,e7,91,bf,75,10,b9,30,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2820)

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\conime.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wsqmcons.exe

.

**************************************************************************

.

Completion time: 2012-03-17 22:31:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-17 15:30

.

Pre-Run: 94,593,359,872 bytes free

Post-Run: 95,741,407,232 bytes free

.

- - End Of File - - 6DD436CEBF279B026DF2640698D63971

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.18.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

MTL :: USER-PC [administrator]

Protection: Enabled

18/03/2012 12:42:13

mbam-log-2012-03-18 (12-42-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189084

Time elapsed: 7 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

The messages still show up, only this time from the upper left corner of the desktop, instead of upper right corner.

Share this post


Link to post
Share on other sites

The messages still show up

What's the message?

-----------------------------

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.