Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Sep 2011
    Posts
    7
    Points
    0

    Default Bad image errors

    I'm getting bad image errors on everything. I have my HIJACK THIS and MALWAReBYTES
    logs listed..Please HELP


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:04:43 PM, on 9/12/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\ScanSoft\PaperPort\Pptd40nt.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
    C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ATT.NET - Email, News, Sports, Entertainment and Games
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - Welcome to Toshiba
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
    O4 - Global Startup: ApproveIt StartUp.lnk = ?
    O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: Home - Welcome to Charter.net
    O15 - Trusted Zone: GAMLS
    O15 - Trusted Zone: *.rexplorer.net
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.4.24.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet...tInstaller.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9708 bytes



    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7702

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    9/12/2011 4:32:23 PM
    mbam-log-2011-09-12 (16-32-23).txt

    Scan type: Quick scan
    Objects scanned: 374437
    Time elapsed: 1 hour(s), 42 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, crapshoot and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Gowe get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Sep 2011
    Posts
    7
    Points
    0

    Default Bad image errors

    I can't thank you enough for your help. I have no idea what I would have
    done had i not found your site. I will post the scans you requested below
    and will await instruction, thanks again.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by singlel at 23:41:28 on 2011-09-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.123 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\System32\LEXPPS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\ScanSoft\PaperPort\Pptd40nt.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
    C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.charter.net/google/index.php?q=
    uStart Page = hxxp://www.att.net
    uWindow Title = Powered by Charter Communications
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [AprvRemoveLegacyWordKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\word\addins\OfficeAddIn.OfficeAddIn
    mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn
    mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\singlel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\singlel\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
    StartupFolder: c:\users\singlel\appdata\roaming\micros~1\windows\startm~1\programs\startup\remind~1.lnk - c:\program files\scansoft\paperport\config\ereg\REMIND32.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\approv~1.lnk - c:\windows\installer\{79c967b1-635d-4b9a-963e-7c82f7fa46d7}\Icon9557F1BC1.ico
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\brothe~1.lnk - c:\program files\scansoft\paperport\popup\SmartUI.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: //www.1st-addition.com/
    Trusted Zone: //www.1st-forms.com/
    Trusted Zone: //www.fmls.com/
    Trusted Zone: charter.net\www
    Trusted Zone: gamls.com\www
    Trusted Zone: marketlinx.com
    Trusted Zone: rexplorer.net
    Trusted Zone: topproducer8i.com\www
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{2B7A66F1-34C4-492C-A422-4ADD89F1BC60} : DhcpNameServer = 192.168.1.254
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\singlel\appdata\roaming\mozilla\firefox\profiles\m5oy1m5f.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=X-SD&o=13959&locale=en_US&apn_uid=8f98abf1-6861-4f36-ba75-448856bfc891&apn_ptnrs=SV&apn_sauid=8F2741FD-479B-4CDD-8C25-2034F8FA49BE&apn_dtid=YYYYYYYYUS&q=
    FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\7\NP_wtapp.dll
    FF - plugin: c:\users\singlel\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl078598a0;MpKsl078598a0;c:\programdata\microsoft\microsoft antimalware\definition updates\{88e72f6c-4118-4bcb-ba32-bd1bcf4276c4}\MpKsl078598a0.sys [2011-9-13 28752]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-12 22216]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S1 MpKslec3be58a;MpKslec3be58a;c:\programdata\microsoft\microsoft antimalware\definition updates\{88e72f6c-4118-4bcb-ba32-bd1bcf4276c4}\MpKslec3be58a.sys [2011-9-13 28752]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2007-5-16 727908]
    .
    =============== Created Last 30 ================
    .
    2011-09-14 03:32:54 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88e72f6c-4118-4bcb-ba32-bd1bcf4276c4}\MpKsl078598a0.sys
    2011-09-14 03:22:43 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-09-14 03:20:17 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88e72f6c-4118-4bcb-ba32-bd1bcf4276c4}\mpengine.dll
    2011-09-13 13:58:04 -------- d-----w- c:\program files\Best Spyware Scanner
    2011-09-13 04:14:59 -------- d-----w- c:\programdata\RegistryOptimizerFree
    2011-09-13 02:33:04 -------- d-----w- c:\programdata\DriverCure
    2011-09-13 02:33:03 -------- d-----w- c:\program files\ParetoLogic
    2011-09-13 02:27:20 -------- d-----w- c:\programdata\Uniblue
    2011-09-13 00:03:37 388096 ----a-r- c:\users\singlel\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-09-13 00:03:31 -------- d-----w- c:\program files\Trend Micro
    2011-09-12 22:23:09 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d9f4a5dd-6e20-47a4-bd75-e01c769b8764}\gapaengine.dll
    2011-09-12 21:57:55 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-12 21:55:51 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-09-12 18:47:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-12 18:47:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-11 23:51:29 7152464 ------w- c:\programdata\microsoft\windows defender\definition updates\{f2726a37-1b27-4699-9408-d66eb5c80493}\mpengine.dll
    2011-09-10 18:12:01 -------- d-----w- c:\program files\Ask.com
    2011-09-10 18:10:15 -------- d-----w- c:\program files\ARO 2011
    2011-09-10 14:32:55 -------- d-----w- c:\users\singlel\appdata\roaming\GlarySoft
    2011-09-10 14:30:30 -------- d-----w- c:\program files\Glarysoft
    2011-09-09 13:04:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-09-09 13:04:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-09-08 23:53:12 -------- d-----w- c:\users\singlel\appdata\roaming\Malwarebytes
    2011-09-08 23:53:01 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-08 23:26:41 -------- d-----w- c:\users\singlel\appdata\roaming\Sammsoft
    2011-09-08 18:55:52 -------- d-----w- c:\users\singlel\appdata\roaming\DriverCure
    2011-09-08 18:55:37 -------- d-----w- c:\users\singlel\appdata\roaming\SpeedMaxPc
    2011-09-08 18:53:20 -------- d-----w- c:\programdata\SpeedMaxPc
    2011-09-08 18:53:20 -------- d-----w- c:\program files\SpeedMaxPc
    2011-08-23 22:28:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-16 13:09:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-24 12:44:59 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-06-24 12:44:59 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-06-24 12:44:57 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-24 12:44:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-17 20:13:55 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-17 13:31:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    .
    ============= FINISH: 23:45:58.91 ===============


    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-09-14 02:10:11
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
    Running: gmer.exe; Driver: C:\Users\singlel\AppData\Local\Temp\kxtirfob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[856] ntdll.dll!LdrLoadDll 777193A8 5 Bytes JMP 01231410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{D2563600-5B7C-29E2-3622-E00B16E4521A}\IqyveWuVTr@ XonOMruzC?sHtF}Ffs
    Reg HKLM\SOFTWARE\Classes\CLSID\{D2563600-5B7C-29E2-3622-E00B16E4521A}\tbwpRp@ tixOUbBFZfyVljG}ST|]a^q~Vq
    Reg HKLM\SOFTWARE\Classes\CLSID\{D2563600-5B7C-29E2-3622-E00B16E4521A}\zsxgveice@ ELWq|Gs~n]YqfrqbJb}BPVZvGt\}LvB

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Sep 2011
    Posts
    7
    Points
    0

    Cool Bad image errors

    I ran combo fix and tddskiller, i have posted the results below. The bad image errors
    have subsided, THANK YOU.......I don't think my machine is running perfect but it's
    much better, thanks again. If there is anything else I can do to clean my machine up
    please let me know.

    ComboFix 11-09-14.02 - singlel 09/14/2011 19:16:33.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.309 [GMT -4:00]
    Running from: c:\users\singlel\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Best Spyware Scanner
    c:\program files\Best Spyware Scanner\BestSpywareScanner.exe
    c:\program files\Best Spyware Scanner\md5.dll
    c:\program files\Best Spyware Scanner\mtools.dll
    c:\program files\Best Spyware Scanner\networkdll.dll
    c:\program files\Best Spyware Scanner\opfile.dll
    c:\program files\Best Spyware Scanner\QAreaDLL.dll
    c:\program files\Best Spyware Scanner\RkHitApi.dll
    c:\program files\Best Spyware Scanner\sctdll.dll
    c:\program files\Best Spyware Scanner\spkdll.dll
    c:\program files\Best Spyware Scanner\udefend.dll
    c:\program files\Best Spyware Scanner\ussafe.dll
    c:\program files\Best Spyware Scanner\zlib1.dll
    c:\users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}
    c:\users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}\chrome.manifest
    c:\users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}\chrome\content\_cfg.js
    c:\users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}\chrome\content\overlay.xul
    c:\users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}\install.rdf
    c:\users\singlel\Documents\~WRL0005.tmp
    c:\users\singlel\Documents\~WRL0006.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RKHIT
    -------\Service_RkHit
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-14 23:28 . 2011-09-14 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-14 23:28 . 2011-09-14 23:28 -------- d-----w- c:\users\William\AppData\Local\temp
    2011-09-14 23:28 . 2011-09-14 23:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-09-14 23:28 . 2011-09-14 23:28 -------- d-----w- c:\users\Daddy\AppData\Local\temp
    2011-09-14 22:38 . 2011-09-14 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-09-14 19:18 . 2011-09-14 19:18 -------- d-----w- c:\users\singlel\AppData\Roaming\ParetoLogic
    2011-09-14 19:17 . 2011-09-14 19:17 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-09-14 03:22 . 2011-08-16 12:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
    2011-09-14 03:20 . 2011-08-16 12:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\mpengine.dll ERROR(0x00000005)
    2011-09-13 04:14 . 2011-09-13 04:14 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION
    2011-09-13 04:14 . 2011-09-13 04:14 -------- d-----w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\RegistryOptimizerFree ERROR(0x00000005)
    2011-09-13 02:33 . 2011-09-14 19:17 -------- d-----w- c:\program files\ParetoLogic
    2011-09-13 00:03 . 2011-09-13 00:03 388096 ----a-r- c:\users\singlel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-13 00:03 . 2011-09-13 00:03 -------- d-----w- c:\program files\Trend Micro
    2011-09-12 22:23 . 2010-11-30 15:43 439632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F4A5DD-6E20-47A4-BD75-E01C769B8764}\gapaengine.dll ERROR(0x00000005)
    2011-09-12 21:57 . 2011-09-12 22:01 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-12 21:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-09-12 18:47 . 2011-09-14 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-12 18:47 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-11 23:51 . 2011-08-16 12:48 7152464 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F2726A37-1B27-4699-9408-D66EB5C80493}\mpengine.dll ERROR(0x00000005)
    2011-09-10 18:12 . 2011-09-13 00:46 -------- d-----w- c:\program files\Ask.com
    2011-09-10 18:10 . 2011-09-11 00:11 -------- d-----w- c:\program files\ARO 2011
    2011-09-10 14:32 . 2011-09-10 14:32 -------- d-----w- c:\users\singlel\AppData\Roaming\GlarySoft
    2011-09-10 14:30 . 2011-09-11 23:37 -------- d-----w- c:\program files\Glarysoft
    2011-09-09 13:04 . 2011-09-09 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-09-08 23:53 . 2011-09-08 23:53 -------- d-----w- c:\users\singlel\AppData\Roaming\Malwarebytes
    2011-09-08 23:26 . 2011-09-10 23:58 -------- d-----w- c:\users\singlel\AppData\Roaming\Sammsoft
    2011-09-08 18:55 . 2011-09-13 02:33 -------- d-----w- c:\users\singlel\AppData\Roaming\DriverCure
    2011-09-08 18:55 . 2011-09-08 18:55 -------- d-----w- c:\users\singlel\AppData\Roaming\SpeedMaxPc
    2011-09-08 18:53 . 2011-09-08 18:53 -------- d-----w- c:\program files\SpeedMaxPc
    2011-08-16 13:09 . 2011-09-14 13:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-27 19:50 . 2011-07-27 19:50 652296 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll ERROR(0x00000005)
    2011-07-27 19:50 . 2011-07-27 19:50 749832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll ERROR(0x00000005)
    2011-07-27 19:50 . 2011-07-27 19:50 416128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll ERROR(0x00000005)
    2011-07-22 02:54 . 2011-08-11 07:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-11 07:20 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-11 07:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-18 21:06 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll ERROR(0x00000005)
    2011-07-18 21:06 . 2009-08-18 15:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ERROR(0x00000005)
    2011-07-11 13:25 . 2011-08-23 22:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-10 20:34 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-24 12:45 . 2011-06-24 12:45 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-06-24 12:45 . 2011-06-24 12:45 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-24 12:45 . 2011-06-24 12:45 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-24 12:45 . 2011-06-24 12:45 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-24 12:45 . 2011-06-24 12:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-24 12:45 . 2011-06-24 12:45 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-24 12:45 . 2011-06-24 12:45 367104 ----a-w- c:\windows\system32\html.iec
    2011-06-24 12:45 . 2011-06-24 12:45 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-24 12:45 . 2011-06-24 12:45 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-24 12:45 . 2011-06-24 12:45 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-24 12:45 . 2011-06-24 12:45 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-06-24 12:45 . 2011-06-24 12:45 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-24 12:45 . 2011-06-24 12:45 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-24 12:45 . 2011-06-24 12:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-24 12:44 . 2011-06-24 12:44 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-06-24 12:44 . 2011-06-24 12:44 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-06-24 12:44 . 2011-06-24 12:44 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-24 12:44 . 2011-06-24 12:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-20 08:54 . 2011-08-10 20:32 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54 . 2011-08-10 20:32 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-17 20:13 . 2011-08-10 20:32 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 16:03 . 2011-08-10 20:34 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-17 13:31 . 2011-08-10 20:32 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-06-16 04:17 . 2011-09-13 02:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
    "AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-23 409264]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-11-28 52912]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 446128]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-11-29 523952]
    "PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-04-02 26624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\singlel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OneNote Table Of Contents.onetoc2 [2009-10-31 3656]
    reminder-ScanSoft Product Registration.lnk - c:\program files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE [2007-7-2 45056]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ApproveIt StartUp.lnk - c:\windows\Installer\{79C967B1-635D-4B9A-963E-7C82F7FA46D7}\Icon9557F1BC1.ico [2007-5-14 9216]
    Brother SmartUI PopUp.lnk - c:\program files\ScanSoft\PaperPort\PopUp\SmartUI.exe [2007-7-2 360448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-668155360-3433717688-340548773-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R1 MpKslc0fc583d;MpKslc0fc583d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\MpKslc0fc583d.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys [2003-06-24 727908]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2011-06-24 12:44 114176 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-14 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
    .
    2011-09-14 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
    .
    2011-09-14 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    2011-09-14 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.att.net
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: //www.1st-addition.com/
    Trusted Zone: //www.1st-forms.com/
    Trusted Zone: //www.fmls.com/
    Trusted Zone: charter.net\www
    Trusted Zone: gamls.com\www
    Trusted Zone: marketlinx.com
    Trusted Zone: rexplorer.net
    Trusted Zone: topproducer8i.com\www
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-78989195.sys
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\System32\LEXBCES.EXE
    c:\windows\System32\LEXPPS.EXE
    c:\windows\system32\agrsmsvc.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\ScanSoft\PaperPort\Pptd40nt.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\ScanSoft\PaperPort\Pplinks.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-14 19:46:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-14 23:45
    .
    Pre-Run: 64,693,342,208 bytes free
    Post-Run: 64,371,556,352 bytes free
    .
    - - End Of File - - E02FFFE45A5807FC16260C3BAA58D1D7




    2011/09/14 18:16:45.0881 0904 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
    2011/09/14 18:16:46.0138 0904 ================================================================================
    2011/09/14 18:16:46.0138 0904 SystemInfo:
    2011/09/14 18:16:46.0138 0904
    2011/09/14 18:16:46.0138 0904 OS Version: 6.0.6002 ServicePack: 2.0
    2011/09/14 18:16:46.0138 0904 Product type: Workstation
    2011/09/14 18:16:46.0139 0904 ComputerName: SINGLEL-PC
    2011/09/14 18:16:46.0139 0904 UserName: singlel
    2011/09/14 18:16:46.0139 0904 Windows directory: C:\Windows
    2011/09/14 18:16:46.0139 0904 System windows directory: C:\Windows
    2011/09/14 18:16:46.0139 0904 Processor architecture: Intel x86
    2011/09/14 18:16:46.0139 0904 Number of processors: 2
    2011/09/14 18:16:46.0139 0904 Page size: 0x1000
    2011/09/14 18:16:46.0139 0904 Boot type: Normal boot
    2011/09/14 18:16:46.0139 0904 ================================================================================
    2011/09/14 18:16:48.0739 0904 Initialize success
    2011/09/14 18:19:00.0198 2904 ================================================================================
    2011/09/14 18:19:00.0198 2904 Scan started
    2011/09/14 18:19:00.0198 2904 Mode: Manual;
    2011/09/14 18:19:00.0198 2904 ================================================================================
    2011/09/14 18:19:02.0395 2904 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/09/14 18:19:02.0460 2904 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/14 18:19:02.0583 2904 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/09/14 18:19:02.0641 2904 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/09/14 18:19:02.0677 2904 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/09/14 18:19:02.0828 2904 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    2011/09/14 18:19:02.0974 2904 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/09/14 18:19:03.0107 2904 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/09/14 18:19:03.0231 2904 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/09/14 18:19:03.0293 2904 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/09/14 18:19:03.0395 2904 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/09/14 18:19:03.0445 2904 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/09/14 18:19:03.0502 2904 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/09/14 18:19:03.0526 2904 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/09/14 18:19:03.0605 2904 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/09/14 18:19:03.0687 2904 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/09/14 18:19:03.0743 2904 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/14 18:19:03.0786 2904 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/09/14 18:19:03.0919 2904 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/09/14 18:19:04.0073 2904 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/14 18:19:04.0126 2904 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/09/14 18:19:04.0235 2904 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/09/14 18:19:04.0310 2904 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
    2011/09/14 18:19:04.0343 2904 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/09/14 18:19:04.0372 2904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/09/14 18:19:04.0410 2904 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
    2011/09/14 18:19:04.0586 2904 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/09/14 18:19:04.0661 2904 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/14 18:19:04.0724 2904 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/14 18:19:04.0774 2904 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/09/14 18:19:04.0856 2904 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/09/14 18:19:05.0012 2904 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/14 18:19:05.0061 2904 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/09/14 18:19:05.0088 2904 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/14 18:19:05.0181 2904 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    2011/09/14 18:19:05.0419 2904 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/14 18:19:05.0451 2904 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/09/14 18:19:05.0559 2904 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/14 18:19:05.0641 2904 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/09/14 18:19:05.0798 2904 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/14 18:19:05.0902 2904 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/09/14 18:19:05.0929 2904 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
    2011/09/14 18:19:05.0960 2904 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/14 18:19:06.0056 2904 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/14 18:19:06.0205 2904 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/14 18:19:06.0297 2904 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/09/14 18:19:06.0496 2904 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/09/14 18:19:06.0610 2904 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/09/14 18:19:06.0758 2904 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/09/14 18:19:06.0864 2904 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/09/14 18:19:06.0922 2904 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/14 18:19:07.0031 2904 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/14 18:19:07.0094 2904 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/09/14 18:19:07.0127 2904 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/14 18:19:07.0238 2904 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/14 18:19:07.0384 2904 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/14 18:19:07.0436 2904 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/14 18:19:07.0495 2904 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/14 18:19:07.0583 2904 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/14 18:19:07.0795 2904 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/09/14 18:19:07.0858 2904 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/09/14 18:19:07.0934 2904 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/14 18:19:07.0987 2904 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/09/14 18:19:08.0066 2904 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/09/14 18:19:08.0232 2904 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/09/14 18:19:08.0291 2904 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/14 18:19:08.0399 2904 ialm (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/09/14 18:19:08.0549 2904 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/09/14 18:19:08.0666 2904 igfx (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/09/14 18:19:08.0840 2904 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/09/14 18:19:08.0949 2904 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/09/14 18:19:09.0100 2904 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/09/14 18:19:09.0134 2904 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/14 18:19:09.0207 2904 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/14 18:19:09.0297 2904 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/09/14 18:19:09.0428 2904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/09/14 18:19:09.0490 2904 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/09/14 18:19:09.0532 2904 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/09/14 18:19:09.0595 2904 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/09/14 18:19:09.0723 2904 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/09/14 18:19:09.0765 2904 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/09/14 18:19:09.0794 2904 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/14 18:19:09.0843 2904 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/14 18:19:10.0008 2904 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
    2011/09/14 18:19:10.0307 2904 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
    2011/09/14 18:19:10.0435 2904 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
    2011/09/14 18:19:10.0680 2904 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/14 18:19:10.0793 2904 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/14 18:19:10.0890 2904 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
    2011/09/14 18:19:10.0959 2904 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/14 18:19:10.0990 2904 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/14 18:19:11.0023 2904 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/14 18:19:11.0099 2904 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/09/14 18:19:11.0229 2904 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    2011/09/14 18:19:11.0306 2904 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/09/14 18:19:11.0351 2904 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/09/14 18:19:11.0494 2904 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/14 18:19:11.0544 2904 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/14 18:19:11.0570 2904 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/14 18:19:11.0617 2904 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/14 18:19:11.0746 2904 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/14 18:19:11.0806 2904 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/09/14 18:19:11.0940 2904 MpKsl75fc62ab (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\MpKsl75fc62ab.sys
    2011/09/14 18:19:12.0090 2904 MpKslaec4e1d7 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\MpKslaec4e1d7.sys
    2011/09/14 18:19:12.0152 2904 MpKslec3be58a (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\MpKslec3be58a.sys
    2011/09/14 18:19:12.0201 2904 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E72F6C-4118-4BCB-BA32-BD1BCF4276C4}\MpKslec3be58a.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
    2011/09/14 18:19:12.0209 2904 MpKslec3be58a - detected ForgedFile.Multi.Generic (1)
    2011/09/14 18:19:12.0344 2904 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/14 18:19:12.0421 2904 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/14 18:19:12.0468 2904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/09/14 18:19:12.0615 2904 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2011/09/14 18:19:12.0727 2904 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2011/09/14 18:19:12.0968 2904 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/14 18:19:13.0072 2904 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/14 18:19:13.0266 2904 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/14 18:19:13.0530 2904 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/14 18:19:13.0651 2904 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/09/14 18:19:13.0733 2904 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/09/14 18:19:13.0826 2904 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/09/14 18:19:13.0977 2904 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/14 18:19:14.0079 2904 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/14 18:19:14.0199 2904 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/14 18:19:14.0279 2904 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/14 18:19:14.0358 2904 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/14 18:19:14.0407 2904 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/14 18:19:14.0500 2904 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/14 18:19:14.0609 2904 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/09/14 18:19:14.0686 2904 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/14 18:19:14.0811 2904 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/09/14 18:19:14.0940 2904 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/14 18:19:15.0009 2904 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/14 18:19:15.0080 2904 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/14 18:19:15.0121 2904 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/14 18:19:15.0236 2904 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/14 18:19:15.0310 2904 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/14 18:19:15.0466 2904 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2011/09/14 18:19:15.0692 2904 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/09/14 18:19:15.0992 2904 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2011/09/14 18:19:16.0286 2904 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/09/14 18:19:16.0356 2904 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/14 18:19:16.0432 2904 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/09/14 18:19:16.0496 2904 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/14 18:19:16.0762 2904 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/14 18:19:16.0887 2904 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/09/14 18:19:16.0935 2904 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/09/14 18:19:17.0029 2904 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/09/14 18:19:17.0155 2904 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/09/14 18:19:17.0209 2904 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/09/14 18:19:17.0250 2904 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/14 18:19:17.0433 2904 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/09/14 18:19:17.0504 2904 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/09/14 18:19:17.0572 2904 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/09/14 18:19:17.0678 2904 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/09/14 18:19:17.0748 2904 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/09/14 18:19:17.0784 2904 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/09/14 18:19:17.0818 2904 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/14 18:19:17.0882 2904 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/09/14 18:19:18.0067 2904 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/14 18:19:18.0115 2904 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/09/14 18:19:18.0218 2904 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/14 18:19:18.0267 2904 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/09/14 18:19:18.0381 2904 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/09/14 18:19:18.0466 2904 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/14 18:19:18.0647 2904 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/14 18:19:18.0716 2904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/14 18:19:18.0795 2904 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/14 18:19:18.0932 2904 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/14 18:19:19.0049 2904 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/14 18:19:19.0120 2904 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/14 18:19:19.0176 2904 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/14 18:19:19.0286 2904 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/14 18:19:19.0339 2904 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/14 18:19:19.0418 2904 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/14 18:19:19.0628 2904 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/14 18:19:19.0672 2904 RTL8169 (455f7f7974211ea11b81f0f4e528e258) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/09/14 18:19:19.0747 2904 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/14 18:19:19.0862 2904 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/09/14 18:19:19.0938 2904 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/14 18:19:20.0010 2904 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/14 18:19:20.0115 2904 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/14 18:19:20.0200 2904 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/09/14 18:19:20.0267 2904 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/14 18:19:20.0308 2904 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/14 18:19:20.0386 2904 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/14 18:19:20.0446 2904 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/14 18:19:20.0544 2904 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/09/14 18:19:20.0647 2904 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/09/14 18:19:20.0733 2904 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/14 18:19:20.0821 2904 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/14 18:19:20.0928 2904 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/09/14 18:19:21.0051 2904 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/14 18:19:21.0274 2904 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/14 18:19:21.0394 2904 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/14 18:19:21.0494 2904 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/14 18:19:21.0641 2904 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/09/14 18:19:21.0672 2904 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/09/14 18:19:21.0736 2904 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/09/14 18:19:21.0790 2904 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/14 18:19:22.0177 2904 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
    2011/09/14 18:19:22.0233 2904 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/14 18:19:22.0273 2904 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/14 18:19:22.0326 2904 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/09/14 18:19:22.0370 2904 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/14 18:19:22.0465 2904 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/14 18:19:22.0534 2904 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/14 18:19:22.0588 2904 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/14 18:19:22.0655 2904 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
    2011/09/14 18:19:22.0816 2904 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
    2011/09/14 18:19:22.0846 2904 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    2011/09/14 18:19:22.0983 2904 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/14 18:19:23.0084 2904 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/09/14 18:19:23.0191 2904 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/14 18:19:23.0295 2904 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/09/14 18:19:23.0416 2904 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/09/14 18:19:23.0499 2904 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/14 18:19:23.0691 2904 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/14 18:19:23.0771 2904 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/09/14 18:19:23.0801 2904 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/09/14 18:19:23.0974 2904 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/09/14 18:19:24.0039 2904 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/14 18:19:24.0153 2904 USA19H (7b26eaec7d6ac6302ba62ca5fc25077d) C:\Windows\system32\DRIVERS\USA19H2k.sys
    2011/09/14 18:19:24.0264 2904 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/14 18:19:24.0320 2904 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/09/14 18:19:24.0375 2904 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/14 18:19:24.0412 2904 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/14 18:19:24.0624 2904 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/09/14 18:19:24.0735 2904 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/14 18:19:24.0833 2904 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/14 18:19:24.0877 2904 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/14 18:19:24.0994 2904 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/14 18:19:25.0150 2904 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/14 18:19:25.0243 2904 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/09/14 18:19:25.0339 2904 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/09/14 18:19:25.0380 2904 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/09/14 18:19:25.0453 2904 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/09/14 18:19:25.0556 2904 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/09/14 18:19:25.0633 2904 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/14 18:19:25.0734 2904 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/09/14 18:19:25.0822 2904 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/14 18:19:25.0918 2904 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/09/14 18:19:26.0106 2904 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/14 18:19:26.0123 2904 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/14 18:19:26.0239 2904 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/09/14 18:19:26.0304 2904 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/14 18:19:26.0562 2904 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/14 18:19:26.0700 2904 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/09/14 18:19:26.0768 2904 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/14 18:19:26.0844 2904 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/14 18:19:26.0904 2904 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    2011/09/14 18:19:26.0925 2904 Boot (0x1200) (610feed17e3d9a74c9a6e9260429bce5) \Device\Harddisk0\DR0\Partition0
    2011/09/14 18:19:26.0938 2904 ================================================================================
    2011/09/14 18:19:26.0938 2904 Scan finished
    2011/09/14 18:19:26.0938 2904 ================================================================================
    2011/09/14 18:19:26.0954 4008 Detected object count: 1
    2011/09/14 18:19:26.0954 4008 Actual detected object count: 1
    2011/09/14 18:19:49.0353 4008 ForgedFile.Multi.Generic(MpKslec3be58a) - User select action: Skip


    Thanks Again!!!:

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Looks like the main infection has been dealt with.

    2011/09/14 18:19:49.0353 4008 ForgedFile.Multi.Generic(MpKslec3be58a) - User select action: Skip
    Please run TdssKiller again and select Quarantine or delete or fix. Which ever option it gives you.Let's run a couple other scanners to make sure nothing is left over.

    1.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 1 (SCAN) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    2.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.


    Things to include in your next reply::
    RogueKiller log
    Eset log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Sep 2011
    Posts
    7
    Points
    0

    Default Scans

    I ran the two scans as requested and listed them below:


    RogueKiller V5.3.4 [08/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/34)

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: singlel [Admin rights]
    Mode: Scan -- Date : 09/14/2011 21:56:14

    Bad processes: 0

    Registry Entries: 5
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    Particular Files / Folders:

    HOSTS File:
    127.0.0.1 localhost
    127.0.0.1 007guard.com - 007guard and Free Antivirus
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 008k.com
    127.0.0.1 00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 Free Spyware | Scan | Bitdefender | Malware | Avast | Avg | Virus | Adware | Trojan at 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com - Sex links Resources and Information. This website is for sale!
    [...]


    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    ESET SCAN

    C:\Qoobox\Quarantine\C\Program Files\Best Spyware Scanner\BestSpywareScanner.exe.vir a variant of Win32/Adware.SpywareCease application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Best Spyware Scanner\RkHitApi.dll.vir a variant of Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\singlel\AppData\Local\{D52EC308-9EE6-41D9-BB3B-49D0E4831147}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined
    C:\Users\singlel\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110624103425319.rsc a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
    C:\Users\singlel\Downloads\BestSpywareScanner_Setup.exe multiple threats deleted - quarantined
    C:\Users\singlel\Downloads\RegistryOptimizerFreeSetup.exe a variant of Win32/Adware.RealRegistryCleaner application deleted - quarantined

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    1.
    Lets run RogueKiller again this time do the following:
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 2 (REMOVE) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.
    Lets run RogueKiller again this time do the following:
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 3 (HOSTSFIX) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    Things to include in your next reply::
    Both RogueKiller logs
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Sep 2011
    Posts
    7
    Points
    0

    Default Roguekiller scans

    RogueKiller V5.3.4 [08/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/34)

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: singlel [Admin rights]
    Mode: Remove -- Date : 09/17/2011 21:36:02

    Bad processes: 0

    Registry Entries: 5
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

    Particular Files / Folders:

    HOSTS File:
    127.0.0.1 localhost
    127.0.0.1 007guard.com - 007guard and Free Antivirus
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 008k.com
    127.0.0.1 00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 Free Spyware | Scan | Bitdefender | Malware | Avast | Avg | Virus | Adware | Trojan at 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com - Sex links Resources and Information. This website is for sale!
    [...]


    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    RogueKiller V5.3.4 [08/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/34)

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: singlel [Admin rights]
    Mode: HOSTSFix -- Date : 09/17/2011 21:38:35

    Bad processes: 0

    HOSTS File:
    127.0.0.1 localhost
    127.0.0.1 007guard.com - 007guard and Free Antivirus
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 008k.com
    127.0.0.1 00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 Free Spyware | Scan | Bitdefender | Malware | Avast | Avg | Virus | Adware | Trojan at 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com - Sex links Resources and Information. This website is for sale!
    [..

    Let me know what to do next. My machine still seems pretty
    sluggish. This site has been a life saver, you guys have helped me
    tremendously, thank you. Awaiting further instruction............

Page 1 of 2 12 LastLast