I got hit by the antispyware soft virus also :(

View previous topic View next topic Go down

I got hit by the antispyware soft virus also :(

Post by Hikari012 on 3rd June 2010, 10:34 pm

Hello, again! Last night, I got hit by this virus and it crashed my computer. I wasn't able to boot up the computer and got something that said that Windows couldn't boot up. I have tried to go into safe mode but it wouldn't not let me back then. Today, I tried using my ThinkVantage system restore thing. I restored it to the last back up I had. I was able to get Windows booted, but I couldn't not log into my administrator account. I logged into another account (which I'm not sure is also an administrator account) but my computer crashed again. I tried this time to go into safe mode (which did work, obviously) and I'm okay so far. I have looked at other people's threads and some of them are also not on their administrator accounts, so I'm not sure if I should still follow the guide you have posted up on how to remove it since I'm a special case or something. Here is my log:

OTL logfile created on: 6/3/2010 6:12:59 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\puawenng.SHU.000\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.17 Gb Free Space | 26.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHU-USER-PC
Current User Name: puawenng
NOT logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/03 18:11:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.SHU.000\Desktop\OTL.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 16:19:22 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/01/20 22:23:36 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 18:11:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.SHU.000\Desktop\OTL.exe
MOD - [2009/04/10 23:21:40 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 17:07:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 17:07:28 | 000,000,000 | ---D | M]

[2010/06/03 20:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 17:07:27 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/30 15:53:49 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Templates
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Start Menu
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\SendTo
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Recent
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\PrintHood
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\NetHood
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\My Documents
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Local Settings
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Cookies
[2010/06/03 18:00:17 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.SHU.000\Application Data
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Videos
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Searches
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Saved Games
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Pictures
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Music
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Links
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Favorites
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Downloads
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Documents
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Desktop
[2010/06/03 18:00:02 | 000,000,000 | R--D | C] -- C:\Users\puawenng.SHU.000\Contacts
[2010/06/03 18:00:02 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.SHU.000\InstallAnywhere
[2010/06/03 18:00:02 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.SHU.000\AppData
[2010/06/03 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\puawenng.SHU.000\Roaming
[2010/06/03 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\puawenng.SHU.000\Library
[2010/06/03 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\puawenng.SHU.000\Bluetooth Software
[2010/06/03 17:56:09 | 000,000,000 | ---D | C] -- C:\A
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/02 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/30 02:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/13 14:08:47 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/03 18:12:08 | 002,359,296 | -HS- | M] () -- C:\Users\puawenng.SHU.000\ntuser.dat
[2010/06/03 18:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 18:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 18:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/03 18:00:00 | 000,448,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/03 17:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/03 17:58:15 | 203,571,708 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/03 17:55:30 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 17:55:30 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2010/06/03 17:55:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/02 16:46:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\winuhm32.rom
[2010/06/02 01:49:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/27 14:51:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
[2010/05/27 12:37:29 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/21 18:21:16 | 000,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2010/05/13 14:11:41 | 000,001,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/05/12 14:39:53 | 000,004,822 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 18:00:12 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 18:00:12 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 18:00:12 | 000,262,144 | -H-- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat.LOG1
[2010/06/03 18:00:12 | 000,065,536 | -HS- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/03 18:00:12 | 000,000,000 | -H-- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat.LOG2
[2010/06/03 18:00:02 | 002,359,296 | -HS- | C] () -- C:\Users\puawenng.SHU.000\ntuser.dat
[2010/06/03 18:00:02 | 000,000,020 | -HS- | C] () -- C:\Users\puawenng.SHU.000\ntuser.ini
[2010/06/03 17:55:15 | 000,000,000 | ---- | C] () -- C:\tu0.1
[2010/06/03 17:53:55 | 203,571,708 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/03 01:22:27 | 000,063,360 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/03 01:22:27 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/02 16:46:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\winuhm32.rom
[2010/06/02 16:46:29 | 000,000,046 | ---- | C] () -- C:\file_id.diz
[2010/05/24 16:13:52 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/13 14:11:41 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/08 00:08:35 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/11 12:40:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/05 16:41:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/06/05 16:41:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/06/05 16:41:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/04/13 15:48:38 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2009/04/13 15:47:52 | 000,000,299 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/04/13 11:58:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/13 11:58:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/13 11:58:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/13 11:58:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/13 11:54:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/04/13 11:54:41 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/02 22:26:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/26 12:54:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/01/20 22:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/17 19:00:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\wdIconDll.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:28:18 | 001,730,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\apds.dll
[2009/03/16 16:19:24 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009/03/16 16:19:24 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/01/07 11:21:33 | 000,000,436 | ---- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/16 16:19:22 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Teefer2.sys
[2009/03/16 16:19:24 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2009/04/20 22:12:14 | 000,149,768 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/10 23:32:48 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/04/21 07:39:47 | 002,034,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/10/02 21:25:54 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/13 16:50:21 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/13 02:34:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/08 03:52:04 | 000,000,046 | ---- | M] () -- C:\file_id.diz
[2010/06/03 17:58:15 | 2956,009,472 | -HS- | M] () -- C:\pagefile.sys
[2010/01/08 22:19:01 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2009/04/12 20:53:16 | 000,000,323 | ---- | M] () -- C:\SALenApp.ini
[2010/06/03 17:55:41 | 000,124,396 | ---- | M] () -- C:\sysiclog.txt
[2009/10/30 16:06:23 | 000,000,000 | ---- | M] () -- C:\t1os.2
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2009/04/13 20:58:57 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2010/06/03 17:52:22 | 000,000,116 | ---- | M] () -- C:\tvttemp.txt

< %PROGRAMFILES%\*. >
[2009/04/13 17:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/30 15:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/02/07 22:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/02 14:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/07/22 03:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/04/12 20:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/04/13 11:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/10/30 15:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chicony Electronics Co.,Ltd
[2009/07/22 03:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2009/04/13 15:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/30 15:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/22 03:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/10/30 15:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/03/08 00:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/01/07 21:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/15 01:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2010/01/30 23:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2010/04/01 21:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Furcadia
[2009/10/30 15:26:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/12 22:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/10/30 16:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/30 15:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/07/22 03:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/10/30 15:26:45 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/12 11:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/12 11:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2009/10/30 15:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Fingerprint Software
[2009/10/30 15:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Group Limited
[2010/01/08 17:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 13
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/30 15:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2009/10/30 15:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/03 17:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/30 15:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/03 17:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/07 21:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/10/30 15:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\PCDR5
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Pharos
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\PharosSystems
[2009/10/30 15:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/22 03:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/10/30 15:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/10/30 15:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\RotateImage
[2009/10/30 15:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/10/30 15:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2010/06/03 01:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/07/22 03:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/07/22 03:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/02/09 02:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/02/07 22:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2009/04/12 22:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2009/07/22 03:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage
[2010/01/07 19:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2006/11/02 09:01:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/13 11:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\WebDrive
[2009/10/30 15:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/30 15:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/10/30 15:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/06/03 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
[2010/06/03 17:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/07 17:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/07 17:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/10/30 16:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/30 16:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/22 03:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/30 15:32:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/01/07 11:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/10/30 15:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/30 15:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/30 15:32:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2009/04/13 11:52:37 | 000,000,006 | -HS- | M] () -- C:\Users\puawenng.SHU.000\AppData\Roaming\desktop.ini


< MD5 for: AGP440.SYS >
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_56890bc4\atapi.sys
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20846_none_dbb64a313d9be26a\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4be07e13\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22191_none_dd6175e33aef8336\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\Drivers\IMSM\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_9d4a7637\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:23:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NETLOGON.DLL.MUI >
[2008/01/20 22:25:16 | 000,009,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\netlogon.dll.mui

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-10-30 20:47:03
< End of report >

There is also and EXTRAS log that came with this. I can't post it since the message will be too big and I can't reply to my own thread. Sad tearing

Thank you in advance though! You guys helped me a lot! Smile

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Belahzur on 4th June 2010, 9:14 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 4th June 2010, 10:28 pm

I have tried to install Combofix, but the installation always failed. I made sure that all windows were closed and I'm unable to disable my AV because it's actually malfunctioning. I renamed the file also. When I tried to install it the first time, it told me that the installation failed and the name of the file was automatically renamed to ComboFix. I tried to install it a second time and it also failed.

It also says that it can't open a file called nircmd.cfxxe

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 7th June 2010, 12:08 am

Should I try installing it through USB?

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 7th June 2010, 1:20 am

I tried to go on normal mode again. I can actually get into normal mode, but I can't get on my administrative account. I was able to log into a normal account and the computer was very slow. I was able to get online and I didn't have to do the proxy thing. I tried downloading combofix through normal mode but I was still unable to install it. I also tried to disable my antivirus because apparently it's working well in normal mode but it was faded out. I wasn't able to disable it because I was not an administrator. I tried to run a scan which it let me, but suddenly the scan said it was scanning [You must be registered and logged in to see this link.] without any file next to it and said the scan was done and that nothing was detected. I tried running malwarebytes but it only made my screen go black and I had to restart it.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 7th June 2010, 10:38 pm

Bump

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 8th June 2010, 12:03 am

Is there any hope for my computer or should I attempt to do a wipe? I have tried to run things but the virus (or because I'm not administrator) is keeping me from running things properly. I really hope I do not have to resort to wiping.

Edit: Also while I kept my computer on, my scheduled weekly scan started up It caught some things and the AV soft virus. The only problem is that the AV soft virus says that the risk was partially removed. Something went into quarantine but I don't know if I should delete it. It found many other things with it though.

SpywareGuard Deleted
SpywareGuard Deleted
Trojan FakeAV Partial (Non Critical Failure)
Trojan. Gen (Quarantined)
Downloader Log only
Downloader Cleaned by deletion
Downloader cleaned by deletion
If you need more information (I only posted what was under risk and action) I'll be happy to type it up here. Smile Sorry for updating so much.

Another Edit: Backdoor.Tidserv!inf was also found in a second scan but it quarantined (supposedly)

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Belahzur on 8th June 2010, 4:56 pm

Hello.
Sorry for the late response, forum problems appeared yesterday and it's making my job here so much harder than it needs to be atm.

Looking at the OTL log, I can guess what infection you have, and it's nasty.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%DesktopTDSSKiller.exe" -l C:TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 8th June 2010, 8:05 pm

I have downloaded the tool and copy and pasted the text above and it tells me this:

"Windows cannot find 'C:Userspuawenng.SHU.000DesktopTDSSKiller.exe'. Make sure you typed the name correctly, and then try again."

I extracted the contents of the folder and tried again. Gave me the same thing. I took the file needed out of the folder and put it on the desktop. Same thing Sad tearing

And it's alright! I was just worried that the lack of reply meant that my computer was screwed.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Belahzur on 8th June 2010, 11:43 pm

-.- Stupid forum bug.

Please run TDSSKiller as normal, just double click and run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 9th June 2010, 4:54 am

Eeek ;.; It is telling me this:

"Start log failed!
SetPrivileges failed!
Driver load error!
Press any key to continue..."

Is this because I am not on an administration account?

Edit: Oh I did get a log anyway. I don't think it will be anything useful, but here it is!

01:11:18:722 3336 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
01:11:18:722 3336 ================================================================================
01:11:18:722 3336 SystemInfo:

01:11:18:722 3336 OS Version: 6.0.6002 ServicePack: 2.0
01:11:18:722 3336 Product type: Workstation
01:11:18:722 3336 ComputerName: SHU-USER-PC
01:11:18:722 3336 UserName: puawenng
01:11:18:722 3336 Windows directory: C:Windows
01:11:18:722 3336 Processor architecture: Intel x86
01:11:18:722 3336 Number of processors: 2
01:11:18:722 3336 Page size: 0x1000
01:11:18:722 3336 Boot type: Safe boot with network
01:11:18:722 3336 ================================================================================
01:11:18:722 3336 SetPrivilegesW: AdjustTokenPrivileges(SeDebugPrivilege) error 1300
01:11:18:722 3336 SetPrivilegesW: AdjustTokenPrivileges(SeBackupPrivilege) error 1300
01:11:18:722 3336 SetPrivilegesW: AdjustTokenPrivileges(SeRestorePrivilege) error 1300
01:11:18:722 3336 SetPrivilegesW: AdjustTokenPrivileges(SeLoadDriverPrivilege) error 1300
01:11:18:722 3336 SetPrivileges failed!
01:11:18:722 3336 RegExUnlockDeleteW: RegCreateKeyExW(SystemCurrentControlSetServicesklmd23) error 5
01:11:18:722 3336 RegExUnlockDeleteW: RegCreateKeyExW(SystemCurrentControlSetControlSafeBootMinimalklmd23.sys) error 5
01:11:18:722 3336 RegExUnlockDeleteW: RegCreateKeyExW(SystemCurrentControlSetControlSafeBootNetworkklmd23.sys) error 5
01:11:18:722 3336 DropResourceW: MyNtCreateFileW(C:Windowssystem32driversklmd.sys) error 5
01:11:18:722 3336 Driver load error!
01:11:18:722 3336 KLMD_Unload(ARK) error 87

I'm sorry that my computer is so much trouble ;.;

Another edit: I looked up information on the TDSS rootkit and it seriously looks like there is no hope. Sad tearing I would like to still attempt to clean the computer or would it be actually better to wipe the computer and see if there would be any remains of the viruses and the TDSS rootkit still lingering on the computer? If I continue with trying to clean out the computer is there a possibility of doing irreversible damage to the computer?

Third Edit: By wipe, I meant that I would restore it to a point that my school made on all the computers it issued called "base" (so I guess you wouldn't call it a wipe) But even then, I have tried to fix a vaio computer by using the recovery CD to restore it to base and whatever virus was on it was still there but the computer was more functional at least. So if I do restore to base, will I most likely have to hunt down the virus still? Or is a real wipe required if the cleaning efforts don't work?

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 10th June 2010, 9:17 pm

I went to the PC Support at my school and they were able to let me gain admin! They were able to clean it since the tools that I you told me to use could not run because I was not admin. I am not sure if it is fully clean but I'm going to run the TDSSkiller just in case Smile Thank you for your help! I am not sure if the fight against this is finished yet though. Is there anything else you would like me to do just in case? The PC man also ran malwarebytes many times to make sure it was truly clean.

Edit: I ran TDSSKiller and it found nothing. This is what it said

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.3.2.0 May 31 2010 10:39:48

Scanning Services ...

Scanning Drivers ...

Completed

Results:
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Belahzur on 10th June 2010, 9:25 pm

Hello.
Please run TDSSKiller anyway, I wanna see the log under administrator rights.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 10th June 2010, 10:11 pm

17:15:54:406 2488 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:15:54:406 2488 ================================================================================
17:15:54:406 2488 SystemInfo:

17:15:54:406 2488 OS Version: 6.0.6002 ServicePack: 2.0
17:15:54:406 2488 Product type: Workstation
17:15:54:406 2488 ComputerName: 146611-L3AVW8D
17:15:54:407 2488 UserName: puawenng
17:15:54:407 2488 Windows directory: C:\Windows
17:15:54:407 2488 Processor architecture: Intel x86
17:15:54:407 2488 Number of processors: 2
17:15:54:407 2488 Page size: 0x1000
17:15:54:408 2488 Boot type: Normal boot
17:15:54:409 2488 ================================================================================
17:16:35:090 2488 Initialize success
17:16:35:091 2488
17:16:35:091 2488 Scanning Services ...
17:16:35:640 2488 Raw services enum returned 513 services
17:16:35:650 2488
17:16:35:651 2488 Scanning Drivers ...
17:16:38:392 2488 5U875UVC (63284b5c1bfd106d3db685bd22820960) C:\Windows\system32\DRIVERS\RCUVCMNP.sys
17:16:38:436 2488 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:16:38:512 2488 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:16:38:651 2488 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:16:38:708 2488 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:16:39:020 2488 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:16:39:093 2488 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
17:16:39:136 2488 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:16:39:192 2488 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:16:39:233 2488 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:16:39:321 2488 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:16:39:499 2488 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:16:39:547 2488 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:16:39:601 2488 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:16:39:734 2488 amdkmdag (e332cee98470c3b57e589a584b59daa9) C:\Windows\system32\DRIVERS\atikmdag.sys
17:16:39:951 2488 amdkmdap (88839985c86cff086b1ee0dd551594af) C:\Windows\system32\DRIVERS\atikmpag.sys
17:16:40:055 2488 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:16:40:120 2488 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:16:40:160 2488 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:40:229 2488 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:16:40:280 2488 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
17:16:40:310 2488 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:16:40:451 2488 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:16:40:509 2488 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
17:16:40:562 2488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:16:40:608 2488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:16:40:636 2488 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:16:40:660 2488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:16:40:691 2488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:16:40:753 2488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:16:40:801 2488 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:16:40:862 2488 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:16:41:078 2488 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:16:41:192 2488 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
17:16:41:270 2488 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
17:16:41:338 2488 btwaudio (463483285b2d2d345443aaee7b9391e7) C:\Windows\system32\drivers\btwaudio.sys
17:16:41:540 2488 btwavdt (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
17:16:41:586 2488 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:16:41:641 2488 btwrchid (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
17:16:41:701 2488 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:41:745 2488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:41:794 2488 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:16:41:877 2488 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:16:42:075 2488 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:42:098 2488 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:16:42:344 2488 CnxtHdAudService (20e4014af8b2cf2e63bd9a20a6a1d5b1) C:\Windows\system32\drivers\CHDRT32.sys
17:16:42:527 2488 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\Windows\system32\Drivers\COH_Mon.sys
17:16:42:547 2488 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:42:596 2488 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:16:42:640 2488 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:16:42:688 2488 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
17:16:42:725 2488 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
17:16:42:779 2488 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:16:42:842 2488 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
17:16:42:920 2488 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
17:16:43:051 2488 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
17:16:43:109 2488 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
17:16:43:136 2488 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
17:16:43:169 2488 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
17:16:43:254 2488 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
17:16:43:329 2488 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
17:16:43:378 2488 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
17:16:43:511 2488 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
17:16:43:722 2488 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:16:43:779 2488 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
17:16:43:853 2488 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
17:16:43:962 2488 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
17:16:44:210 2488 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:16:44:267 2488 e1yexpress (64a6cf14de229b0edcd21fdb923e0b03) C:\Windows\system32\DRIVERS\e1y6032.sys
17:16:44:362 2488 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:16:44:591 2488 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:16:45:010 2488 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:16:45:247 2488 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:16:45:395 2488 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:16:45:555 2488 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:16:45:677 2488 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:16:45:718 2488 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:16:45:816 2488 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:16:45:848 2488 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:16:45:986 2488 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:46:156 2488 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:16:46:260 2488 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:16:46:342 2488 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
17:16:46:398 2488 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:16:46:606 2488 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:16:46:767 2488 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:16:46:892 2488 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:16:47:101 2488 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
17:16:47:268 2488 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:16:47:354 2488 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:16:47:434 2488 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:16:47:488 2488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:16:47:589 2488 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:16:47:805 2488 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:16:48:017 2488 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:16:48:169 2488 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys
17:16:48:329 2488 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:16:48:382 2488 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:16:48:463 2488 iastor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\Drivers\iaStor.sys
17:16:48:513 2488 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:16:48:633 2488 IBMPMDRV (15dddb0cf28ba9877927b4b7125173b0) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:16:48:682 2488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:16:48:711 2488 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:16:48:830 2488 intelkmd (a74f485dc208ea867c72c1fe4529b68a) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:16:49:122 2488 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:16:49:282 2488 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:49:339 2488 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:16:49:437 2488 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:16:49:480 2488 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:16:49:527 2488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:16:49:654 2488 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:16:49:783 2488 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:16:49:808 2488 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:16:49:849 2488 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:16:49:966 2488 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:16:50:084 2488 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
17:16:50:150 2488 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:16:50:222 2488 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
17:16:50:367 2488 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:16:50:511 2488 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:16:50:581 2488 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:16:50:643 2488 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:16:50:689 2488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:16:50:758 2488 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:16:50:786 2488 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:16:50:848 2488 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:16:51:048 2488 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:16:51:202 2488 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:16:51:304 2488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:16:51:352 2488 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:16:51:424 2488 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:16:51:473 2488 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:16:51:515 2488 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:16:51:581 2488 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:16:51:662 2488 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:16:51:768 2488 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:51:821 2488 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:51:880 2488 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:51:920 2488 msahci (27161ed701dc84636a45132ef9e2eca0) C:\Windows\system32\drivers\msahci.sys
17:16:51:975 2488 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:16:52:094 2488 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:16:52:227 2488 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:16:52:414 2488 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:16:52:457 2488 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:52:496 2488 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:16:52:595 2488 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:16:52:645 2488 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:16:52:734 2488 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:16:52:772 2488 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:16:53:131 2488 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:16:53:468 2488 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100610.003\NAVENG.SYS
17:16:53:545 2488 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100610.003\NAVEX15.SYS
17:16:53:779 2488 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:16:53:841 2488 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:53:894 2488 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:53:971 2488 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:54:065 2488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:16:54:120 2488 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:16:54:190 2488 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:16:54:521 2488 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:16:54:870 2488 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:16:54:920 2488 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:16:54:961 2488 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:16:55:065 2488 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:16:55:251 2488 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:16:55:485 2488 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:16:55:609 2488 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:16:55:656 2488 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:16:55:705 2488 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:16:55:841 2488 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:16:56:028 2488 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:16:56:131 2488 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:16:56:209 2488 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:16:56:322 2488 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:16:56:370 2488 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:16:56:416 2488 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
17:16:56:515 2488 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:16:56:704 2488 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:16:56:835 2488 prepdrvr (2a3e82aeaf8a4a1ed7bd22f6a2424a35) C:\Windows\system32\CCM\prepdrv.sys
17:16:56:880 2488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:16:56:945 2488 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\Windows\system32\DRIVERS\psadd.sys
17:16:57:064 2488 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:16:57:140 2488 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
17:16:57:458 2488 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:16:57:532 2488 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:16:57:582 2488 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:16:57:656 2488 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:16:57:716 2488 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:57:813 2488 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:57:917 2488 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:16:57:965 2488 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:16:58:085 2488 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:58:209 2488 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
17:16:58:247 2488 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:16:58:457 2488 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:16:58:597 2488 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:16:58:647 2488 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:16:58:706 2488 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:16:58:742 2488 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:16:58:813 2488 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:16:58:861 2488 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:16:58:940 2488 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:16:59:184 2488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:16:59:238 2488 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
17:16:59:392 2488 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
17:16:59:475 2488 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:16:59:505 2488 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:16:59:545 2488 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:16:59:680 2488 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:16:59:818 2488 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:16:59:947 2488 Shockprf (dbda6c0c646571d3f6102e030d70fce7) C:\Windows\system32\DRIVERS\Apsx86.sys
17:17:00:091 2488 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:17:00:197 2488 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:17:00:247 2488 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:17:00:288 2488 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:17:00:459 2488 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:17:00:640 2488 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:17:00:710 2488 SRTSP (e217480cc878061d7603a8cdca06c188) C:\Windows\system32\Drivers\SRTSP.SYS
17:17:00:809 2488 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\Windows\system32\Drivers\SRTSPL.SYS
17:17:00:878 2488 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\Windows\system32\Drivers\SRTSPX.SYS
17:17:01:024 2488 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
17:17:01:150 2488 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
17:17:01:297 2488 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
17:17:01:455 2488 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:17:01:498 2488 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:17:01:522 2488 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:17:01:547 2488 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
17:17:01:584 2488 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
17:17:01:655 2488 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:17:01:707 2488 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:17:01:761 2488 SynTP (130332e29759fd0eeffbb143edf4e8d3) C:\Windows\system32\DRIVERS\SynTP.sys
17:17:01:860 2488 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
17:17:02:079 2488 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
17:17:02:143 2488 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
17:17:02:201 2488 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:17:02:255 2488 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:17:02:313 2488 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:17:02:383 2488 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\Windows\system32\DRIVERS\teefer2.sys
17:17:02:495 2488 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:17:02:560 2488 TPDIGIMN (693b736063c73fea0144fda209de7be0) C:\Windows\system32\DRIVERS\ApsHM86.sys
17:17:02:698 2488 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
17:17:02:749 2488 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
17:17:02:825 2488 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:02:895 2488 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:17:02:937 2488 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
17:17:03:043 2488 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
17:17:03:110 2488 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
17:17:03:301 2488 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:17:03:472 2488 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:17:03:537 2488 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:17:03:655 2488 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:17:03:707 2488 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:17:03:791 2488 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:17:03:847 2488 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:17:03:944 2488 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:04:162 2488 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:17:04:266 2488 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:17:04:359 2488 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:17:04:431 2488 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:17:04:504 2488 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:17:04:551 2488 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:04:600 2488 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:17:04:671 2488 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:17:04:718 2488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:04:870 2488 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:17:05:006 2488 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:17:05:078 2488 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:17:05:240 2488 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:17:05:299 2488 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:17:05:954 2488 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:17:06:547 2488 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:17:06:790 2488 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:17:07:359 2488 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:17:07:409 2488 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:07:438 2488 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:07:481 2488 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:17:07:550 2488 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:17:07:635 2488 WebDriveFSD (0fbd1ab598cf164d15ebfc8fdbf93d70) C:\Program Files\WebDrive\wdfsd.sys
17:17:07:770 2488 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:17:07:918 2488 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:17:07:958 2488 WPS (4017e55ea0c71aff4f0f90fa97eb199f) C:\Windows\system32\drivers\wpsdrvnt.sys
17:17:08:058 2488 WpsHelper (d253d6ebd33fffa6d229c8df8d76121a) C:\Windows\system32\drivers\WpsHelper.sys
17:17:08:112 2488 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:17:08:208 2488 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:08:320 2488 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:17:08:328 2488
17:17:08:328 2488 Completed
17:17:08:328 2488
17:17:08:328 2488 Results:
17:17:08:328 2488 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:17:08:328 2488 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:17:08:329 2488
17:17:08:333 2488 KLMD(ARK) unloaded successfully

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Belahzur on 10th June 2010, 11:39 pm

Okay, looks good.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I got hit by the antispyware soft virus also :(

Post by Hikari012 on 11th June 2010, 12:04 am

Yay! Big Grin

And nope, I'm good for now. Smile Thank you for all your help! Thank You!

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28505
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum