Windows Update Error Code 80072EFE

Question

Whenever I update my laptop, it says there's an error, which is 80072EFE. I tried using Problem Reports and Solutions and it says:

---------------------------------------------------------------------------------------------------------------------

Download updates for Windows

There was a problem with Windows that caused it to stop working correctly.

Your computer might be missing updates that can help improve its stability and security.

Go online to check for and install Important and Recommended updates.

----------------------------------------------------------------------------------------------------------------------

And the Windows Defender update doesn't work too.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:43:17 PM, on 4/27/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

D:\SonyEricsson\QTTask.exe

C:\Windows\System32\atwtusb.exe

D:\AutoCAD-tools\DAEMON Tools\daemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\WTMKM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Users\FUJITSU\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Users\FUJITSU\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\rundll32.exe

C:\Users\FUJITSU\AppData\Local\Google\Chrome\Application\chrome.exe

D:\Google Chrome Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=bf

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54667

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\SonyEricsson\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\AutoCAD-tools\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [NBAgent] "D:\NeroV10.5\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [1My] C:\Users\FUJITSU\AppData\Local\Temp\Kernel32.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Users\FUJITSU\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [Update Srv] C:\Windows\winservxv\svchost.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TCService - Unknown owner - D:\New Folder\TuneConvert\TCService.exe (file missing)

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 9532 bytes

kevin27_b3d29f · Answer

Hi VonTrick98,

Welcome to Dell Community Malware Removal Forums,

Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Then Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

I then need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Please copy/paste back the MBAM log and BOTH DDS logs for review.

Thanks.

user11111 · Answer

Oh, nevermind, I saw it.

user11111 · Answer

K27, Can you please give me a download link for CCleaner cause I really don't know where to download it. Thanks!

user11111 · Answer

K27,

I followed your instructions

And here are the logs as you requested:

MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6461

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

4/28/2011 1:19:42 PM

mbam-log-2011-04-28 (13-19-42).txt

Scan type: Quick scan

Objects scanned: 145519

Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Update Srv (Trojan.Agent) -> Value: Update Srv -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1My (Password.Stealer) -> Value: 1My -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\FUJITSU\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\FUJITSU\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

DDS Log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by FUJITSU at 13:29:37.28 on Thu 04/28/2011

Internet Explorer: 9.0.8112.16421

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1636 [GMT 8:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\msiexec.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

D:\SonyEricsson\QTTask.exe

C:\Windows\System32\atwtusb.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

D:\AutoCAD-tools\DAEMON Tools\daemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\WTMKM.exe

C:\Program Files\Launch Manager\WisLMSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Users\FUJITSU\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\mspaint.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\FUJITSU\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

D:\Google Chrome Downloads\dds.com

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://start.facemoods.com/?a=bf

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:54667

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4

uURLSearchHooks: H - No File

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

mURLSearchHooks: H - No File

mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\users\fujitsu\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [ ]

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ares] "d:\ares\Ares.exe" -h

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Skytel] Skytel.exe

mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [QuickTime Task] "d:\sonyericsson\QTTask.exe" -atboottime

mRun: [atwtusb] atwtusb.exe

mRun: [DAEMON Tools] "d:\autocad-tools\daemon tools\daemon.exe" -lang 1033

mRun: [NPSStartup]

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NBAgent] "d:\nerov10.5\nero backitup\NBAgent.exe" /WinStart

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\fujitsu\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\fujitsu\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Save YouTube Video as MP3

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Handler: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - c:\program files\common files\stibo\RS_ProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\fujitsu\appdata\roaming\mozilla\firefox\profiles\f9ltn1ny.default\

FF - prefs.js: browser.search.defaulturl - hxxp://ph.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-18 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-18 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-18 61960]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-12-9 21504]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-13 233472]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-11-4 90112]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-15 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-17 20480]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-13 36608]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-12 84240]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-4 27632]

R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2009-12-12 23096]

R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-12-12 118784]

S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2009-12-11 240128]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]

S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-11-4 90280]

S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-11-4 15016]

S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-11-4 122280]

S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-11-4 115880]

S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-11-4 26024]

S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-11-4 111912]

S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-11-4 116904]

S3 TCService;TCService;"d:\new folder\tuneconvert\tcservice.exe" --> d:\new folder\tuneconvert\TCService.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-14 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.txt=

.

=============== Created Last 30 ================

.

2011-04-28 05:11:10 -------- d-----w- c:\users\fujitsu\appdata\roaming\Malwarebytes

2011-04-28 05:11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-28 05:11:00 -------- d-----w- c:\progra~2\Malwarebytes

2011-04-28 05:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-28 05:10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-28 04:52:49 -------- d-----w- c:\program files\CCleaner

2011-04-22 21:51:16 -------- d-----w- c:\users\fujitsu\appdata\local\Deployment

2011-04-22 21:51:16 -------- d-----w- c:\users\fujitsu\appdata\local\Apps

2011-04-18 12:37:25 -------- d-----w- c:\users\fujitsu\appdata\roaming\Avira

2011-04-18 12:23:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-18 12:23:28 -------- d-----w- c:\progra~2\Avira

2011-04-18 10:35:25 59206 ----a-w- c:\users\fujitsu\appdata\roaming\SQLite3.dll

2011-04-18 07:47:33 -------- d-----w- c:\users\fujitsu\appdata\local\Ares

2011-04-15 07:30:15 98816 ----a-w- c:\windows\system32\mfps.dll

2011-04-15 07:28:44 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-04-15 07:28:44 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-04-15 07:28:44 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-04-15 07:28:44 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-04-15 07:28:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-04-15 07:28:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-04-15 07:28:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-04-14 05:39:02 -------- d-----w- c:\users\fujitsu\appdata\roaming\HdO Adventure

2011-04-07 13:15:28 -------- d-----w- c:\users\fujitsu\appdata\roaming\PhotoScape

2011-04-02 09:26:35 -------- d-sh--w- c:\windows\system32\%APPDATA%

.

==================== Find3M ====================

.

2011-04-15 07:30:15 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-03-18 08:32:29 24 ----a-w- c:\progra~2\~f926.tmp

2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32\tmpB8BCD.FOT

2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32\tmp7A9CD.FOT

2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32\tmp50ACD.FOT

2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32\tmp0BACD.FOT

2011-02-20 12:40:03 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-02-20 12:40:02 82432 ----a-w- c:\windows\system32\axaltocm.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40C -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86BFF439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86c057b8]; MOV EAX, [0x86c05834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x82294912] -> \Device\Harddisk0\DR0[0x85FAFAC8]

3 CLASSPNP[0x8ABA88B3] -> ntkrnlpa!IofCallDriver[0x82294912] -> [0x86DAD488]

\Driver\atapi[0x86A5A188] -> IRP_MJ_CREATE -> 0x86BFF439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40C#5&1a84c4fe&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi -> 0x84f361d8

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 13:30:53.51 ===============

Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 12/11/2009 10:33:10 AM

System Uptime: 4/28/2011 1:22:17 PM (0 hours ago)

.

Motherboard: FUJITSU SIEMENS | | D46

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 150 GiB total, 106.895 GiB free.

D: is FIXED (NTFS) - 146 GiB total, 57.949 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP311: 2/23/2011 5:44:53 PM - Removed Nero Toolbar.

RP312: 2/23/2011 8:32:25 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.0.1

Apple Application Support

Apple Software Update

ASHRAE Handbook CD

Atheros Client Installation Program

Autodesk DWF Viewer

Avira AntiVir Personal - Free Antivirus

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Club Penguin Money Maker

CyberLink YouCam

DirectX for Managed Code Update (Summer 2004)

EA Download Manager

ffdshow [rev 1972] [2008-05-24]

Foxit PDF Creator

Foxit PDF Editor

Free Audio CD Burner version 1.4.7

Free Notes & Office Ink

GOM Player

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel(R) Graphics Media Accelerator Driver

JMicron JMB38X Flash Media Controller

K-Lite Codec Pack 3.4.5 Full

Launch Manager V1.4.9

Learning Essentials for Microsoft Office

Malwarebytes' Anti-Malware

Media Go

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Math

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio Professional 2003

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Student 2007 for Learning Essentials

Microsoft Student with Encarta Premium 2009

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft WSE 3.0 Runtime

Mozilla Firefox (2.0.0.11)

MSVC80_x86_v2

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 ClipartPack

Nero 10 Menu TemplatePack 1

Nero 10 Menu TemplatePack 2

Nero 10 Menu TemplatePack 3

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack 1

Nero 10 Movie ThemePack 2

Nero 10 Movie ThemePack 3

Nero 10 Movie ThemePack 4

Nero 10 Movie ThemePack Basic

Nero 10 PiP EffectPack 1

Nero 10 Sample ImagePack

Nero 10 Sample Videos

Nero 10 Video TransitionPack 1

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10 Platinum HD

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

Nokia PC Suite

ObjectDock

Ovi Desktop Sync Engine

OviMPlatform

Oxford Talking Dictionary

PC Connectivity Solution

Pen Pad Driver with Macro Key Manager

Picasa 3

PlayFLV

PlayStation(R)Network Downloader

PlayStation(R)Store

Power Presenter RE II

QuickTime

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype 2.5

Sony Ericsson PC Companion 1.60.13

Sony Ericsson PC Suite 6.007.00

SystemDiagnostics

The Sims™ 3

The Sims™ Life Stories

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2492475)

VirtualDJ

VLC media player 1.0.1

WD SmartWare

Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)

Windows Driver Package - Nokia Modem (10/07/2010 4.6)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

winpcap-nmap 4.02

WinRAR archiver

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

Your 3D Home Designer 2 - Deluxe Edition 1.1.0.4

.

==== Event Viewer Messages From Past Week ========

.

4/28/2011 1:24:19 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/26/2011 1:55:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}

4/24/2011 3:25:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

4/22/2011 7:10:01 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/22/2011 6:40:57 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

4/21/2011 2:01:23 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/21/2011 1:06:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb Hotkey spldr ssmdrv Wanarpv6

4/21/2011 1:06:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/21/2011 1:06:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/21/2011 1:05:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/21/2011 1:05:48 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

4/21/2011 1:05:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/21/2011 1:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/21/2011 1:05:18 PM, Error: EventLog [6008] - The previous system shutdown at 1:03:25 PM on 4/21/2011 was unexpected.

.

==== End Of File ===========================

kevin27_b3d29f · Answer

Hi,   Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below) Anti Virus Anti Spyware Firewall       Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.   If an infected file is detected, the default action will be Cure, click on Continue.     If a suspicious file is detected, the default action will be Skip, click on Continue.     It may ask you to reboot the computer to complete the process. Click on Reboot Now.     If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of 'TDSSKiller.[Version]_[Date]_[Time]_log.txt'. Please copy and paste the contents of that file here.   Please post back the TDSSKiller log and a fresh set of DDS logs.   Thanks.

user11111 · Answer

K27, Your link for TDSS Killer doesn't work..

kevin27_b3d29f · Answer

Sorry about that, please try THIS link..

user11111 · Answer

Here are the logs: TDSSKiller Log:   2011/04/30 12:23:42.0315 6076 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/30 12:23:43.0936 6076 ================================================================================ 2011/04/30 12:23:43.0936 6076 SystemInfo: 2011/04/30 12:23:43.0936 6076 2011/04/30 12:23:43.0936 6076 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/30 12:23:43.0936 6076 Product type: Workstation 2011/04/30 12:23:43.0936 6076 ComputerName: FUJITSU-PC 2011/04/30 12:23:43.0936 6076 UserName: FUJITSU 2011/04/30 12:23:43.0936 6076 Windows directory: C:\Windows 2011/04/30 12:23:43.0936 6076 System windows directory: C:\Windows 2011/04/30 12:23:43.0936 6076 Processor architecture: Intel x86 2011/04/30 12:23:43.0936 6076 Number of processors: 2 2011/04/30 12:23:43.0936 6076 Page size: 0x1000 2011/04/30 12:23:43.0936 6076 Boot type: Normal boot 2011/04/30 12:23:43.0936 6076 ================================================================================ 2011/04/30 12:23:52.0530 6076 Initialize success 2011/04/30 12:23:58.0801 5464 ================================================================================ 2011/04/30 12:23:58.0801 5464 Scan started 2011/04/30 12:23:58.0801 5464 Mode: Manual;  2011/04/30 12:23:58.0801 5464 ================================================================================ 2011/04/30 12:23:59.0441 5464 ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/30 12:23:59.0534 5464 adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/30 12:23:59.0675 5464 adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/30 12:23:59.0799 5464 adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/30 12:23:59.0846 5464 adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/30 12:24:00.0018 5464 AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/30 12:24:00.0096 5464 agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/30 12:24:00.0205 5464 aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/30 12:24:00.0252 5464 aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/30 12:24:00.0283 5464 amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/30 12:24:00.0408 5464 amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/30 12:24:00.0470 5464 AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/30 12:24:00.0501 5464 AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/30 12:24:00.0689 5464 arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/30 12:24:00.0735 5464 arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/30 12:24:00.0891 5464 AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/30 12:24:00.0938 5464 atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/30 12:24:01.0094 5464 athr            (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys 2011/04/30 12:24:01.0281 5464 avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/30 12:24:01.0328 5464 avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/30 12:24:01.0469 5464 Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/30 12:24:01.0547 5464 bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/30 12:24:01.0687 5464 BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/30 12:24:01.0718 5464 BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/30 12:24:01.0781 5464 Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/30 12:24:01.0890 5464 BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/30 12:24:01.0937 5464 BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/30 12:24:01.0952 5464 BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/30 12:24:01.0999 5464 BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/30 12:24:02.0124 5464 BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/30 12:24:02.0171 5464 BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/30 12:24:02.0233 5464 BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/04/30 12:24:02.0342 5464 BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/30 12:24:02.0405 5464 cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/30 12:24:02.0545 5464 cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/30 12:24:02.0592 5464 circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/30 12:24:02.0654 5464 CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/30 12:24:02.0810 5464 CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/30 12:24:02.0857 5464 cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/30 12:24:03.0013 5464 Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/30 12:24:03.0138 5464 crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/30 12:24:03.0153 5464 Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/30 12:24:03.0231 5464 DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/30 12:24:03.0387 5464 disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/30 12:24:03.0465 5464 drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/30 12:24:03.0512 5464 DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/30 12:24:03.0684 5464 E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/30 12:24:03.0746 5464 Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/30 12:24:03.0902 5464 elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/30 12:24:03.0996 5464 exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/30 12:24:04.0121 5464 fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/30 12:24:04.0199 5464 fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/30 12:24:04.0339 5464 FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/30 12:24:04.0386 5464 Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/30 12:24:04.0433 5464 flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/30 12:24:04.0573 5464 FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/30 12:24:04.0729 5464 FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2011/04/30 12:24:04.0838 5464 Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/30 12:24:04.0963 5464 gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/30 12:24:05.0135 5464 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/30 12:24:05.0213 5464 HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/30 12:24:05.0306 5464 HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/30 12:24:05.0384 5464 HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/30 12:24:05.0478 5464 HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/30 12:24:05.0603 5464 Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 2011/04/30 12:24:05.0712 5464 HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/30 12:24:05.0805 5464 HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys 2011/04/30 12:24:05.0899 5464 i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/30 12:24:06.0008 5464 i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/30 12:24:06.0133 5464 iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/30 12:24:06.0445 5464 igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/30 12:24:06.0773 5464 iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/30 12:24:06.0960 5464 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/30 12:24:07.0100 5464 intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/04/30 12:24:07.0147 5464 intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/30 12:24:07.0303 5464 IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/30 12:24:07.0381 5464 IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/30 12:24:07.0506 5464 IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/30 12:24:07.0553 5464 IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/30 12:24:07.0599 5464 isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/30 12:24:07.0724 5464 iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/30 12:24:07.0787 5464 iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/30 12:24:07.0927 5464 iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/30 12:24:07.0989 5464 JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys 2011/04/30 12:24:08.0052 5464 kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/30 12:24:08.0177 5464 kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/04/30 12:24:08.0223 5464 KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/30 12:24:08.0379 5464 lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/30 12:24:08.0426 5464 LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/30 12:24:08.0473 5464 LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/30 12:24:08.0582 5464 LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/30 12:24:08.0629 5464 luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/30 12:24:08.0691 5464 megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/30 12:24:08.0832 5464 Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/30 12:24:08.0910 5464 monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/30 12:24:08.0941 5464 mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/30 12:24:09.0035 5464 mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/30 12:24:09.0097 5464 MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/30 12:24:09.0175 5464 mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/30 12:24:09.0393 5464 mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/30 12:24:09.0596 5464 Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/30 12:24:09.0705 5464 MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/30 12:24:09.0830 5464 mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/30 12:24:09.0924 5464 mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/30 12:24:09.0955 5464 mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/30 12:24:10.0033 5464 msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/04/30 12:24:10.0111 5464 msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/30 12:24:10.0220 5464 Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/30 12:24:10.0314 5464 msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/30 12:24:10.0407 5464 MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/30 12:24:10.0485 5464 MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/30 12:24:10.0532 5464 MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/30 12:24:10.0626 5464 MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/30 12:24:10.0704 5464 mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/30 12:24:10.0782 5464 MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/30 12:24:10.0891 5464 Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/30 12:24:11.0000 5464 NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS
wifi.sys 2011/04/30 12:24:11.0109 5464 NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers
dis.sys 2011/04/30 12:24:11.0203 5464 NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS
distapi.sys 2011/04/30 12:24:11.0281 5464 Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS
disuio.sys 2011/04/30 12:24:11.0343 5464 NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS
diswan.sys 2011/04/30 12:24:11.0421 5464 NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/30 12:24:11.0515 5464 NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS
etbios.sys 2011/04/30 12:24:11.0609 5464 netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS
etbt.sys 2011/04/30 12:24:11.0718 5464 nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers
frd960.sys 2011/04/30 12:24:11.0858 5464 nmwcd           (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys 2011/04/30 12:24:11.0999 5464 nmwcdc          (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys 2011/04/30 12:24:12.0108 5464 npf             (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers
pf.sys 2011/04/30 12:24:12.0217 5464 Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/30 12:24:12.0389 5464 nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers
siproxy.sys 2011/04/30 12:24:12.0654 5464 Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/30 12:24:12.0794 5464 ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers
trigdigi.sys 2011/04/30 12:24:12.0888 5464 Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/30 12:24:12.0997 5464 nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers
vraid.sys 2011/04/30 12:24:13.0044 5464 nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers
vstor.sys 2011/04/30 12:24:13.0091 5464 nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers
v_agp.sys 2011/04/30 12:24:13.0184 5464 OemBiosDevice   (cd85dd531c2fc085108aebc047072476) C:\Windows\system32\driversoyal.sys 2011/04/30 12:24:13.0309 5464 ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/30 12:24:13.0403 5464 Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/30 12:24:13.0512 5464 partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/30 12:24:13.0559 5464 Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/30 12:24:13.0715 5464 pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2011/04/30 12:24:13.0761 5464 pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/30 12:24:13.0808 5464 pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/30 12:24:13.0964 5464 pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/30 12:24:14.0042 5464 PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/30 12:24:14.0214 5464 PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERSaspptp.sys 2011/04/30 12:24:14.0261 5464 Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/30 12:24:14.0323 5464 PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/30 12:24:14.0432 5464 PxHelp20        (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/30 12:24:14.0510 5464 ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/30 12:24:14.0651 5464 ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/30 12:24:14.0682 5464 QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/30 12:24:14.0713 5464 RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERSasacd.sys 2011/04/30 12:24:14.0775 5464 Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERSasl2tp.sys 2011/04/30 12:24:14.0885 5464 RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERSaspppoe.sys 2011/04/30 12:24:14.0931 5464 RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERSassstp.sys 2011/04/30 12:24:14.0978 5464 rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERSdbss.sys 2011/04/30 12:24:15.0103 5464 RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/30 12:24:15.0150 5464 rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\driversdpdr.sys 2011/04/30 12:24:15.0165 5464 RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\driversdpencdd.sys 2011/04/30 12:24:15.0243 5464 RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/30 12:24:15.0368 5464 RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERSfcomm.sys 2011/04/30 12:24:15.0415 5464 rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERSspndr.sys 2011/04/30 12:24:15.0462 5464 RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/30 12:24:15.0602 5464 s1029bus        (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys 2011/04/30 12:24:15.0649 5464 s1029mdfl       (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys 2011/04/30 12:24:15.0774 5464 s1029mdm        (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys 2011/04/30 12:24:15.0821 5464 s1029mgmt       (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys 2011/04/30 12:24:15.0961 5464 s1029nd5        (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys 2011/04/30 12:24:16.0039 5464 s1029obex       (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys 2011/04/30 12:24:16.0133 5464 s1029unic       (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys 2011/04/30 12:24:16.0211 5464 sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/30 12:24:16.0273 5464 sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/30 12:24:16.0351 5464 secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/30 12:24:16.0460 5464 seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2011/04/30 12:24:16.0569 5464 Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/30 12:24:16.0601 5464 Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/30 12:24:16.0663 5464 sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/30 12:24:16.0803 5464 sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/04/30 12:24:16.0866 5464 sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/30 12:24:16.0881 5464 sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/30 12:24:17.0006 5464 sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/30 12:24:17.0084 5464 sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/30 12:24:17.0115 5464 SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/30 12:24:17.0225 5464 SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/30 12:24:17.0318 5464 Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/30 12:24:17.0427 5464 smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys 2011/04/30 12:24:17.0583 5464 spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/30 12:24:17.0661 5464 sptd            (090adc3d9b5730ac3b20bdd5a54e2d28) C:\Windows\system32\Drivers\sptd.sys 2011/04/30 12:24:17.0661 5464 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28 2011/04/30 12:24:17.0693 5464 sptd - detected Locked file (1) 2011/04/30 12:24:17.0802 5464 srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/04/30 12:24:17.0833 5464 srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/30 12:24:17.0895 5464 srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/30 12:24:18.0036 5464 sscdbus         (92b69020fc480219683d429dca068d71) C:\Windows\system32\DRIVERS\sscdbus.sys 2011/04/30 12:24:18.0114 5464 sscdmdfl        (77a2869d40cc84af711c321f9b0c7a78) C:\Windows\system32\DRIVERS\sscdmdfl.sys 2011/04/30 12:24:18.0176 5464 sscdmdm         (b4255635195a8413fcde7af5b7c4e382) C:\Windows\system32\DRIVERS\sscdmdm.sys 2011/04/30 12:24:18.0285 5464 ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/30 12:24:18.0348 5464 swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/30 12:24:18.0410 5464 Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/30 12:24:18.0504 5464 Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/30 12:24:18.0582 5464 Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/30 12:24:18.0675 5464 Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers	cpip.sys 2011/04/30 12:24:18.0831 5464 Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS	cpip.sys 2011/04/30 12:24:18.0941 5464 tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers	cpipreg.sys 2011/04/30 12:24:19.0065 5464 TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers	dpipe.sys 2011/04/30 12:24:19.0175 5464 TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers	dtcp.sys 2011/04/30 12:24:19.0237 5464 tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS	dx.sys 2011/04/30 12:24:19.0284 5464 TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS	ermdd.sys 2011/04/30 12:24:19.0455 5464 tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS	ssecsrv.sys 2011/04/30 12:24:19.0518 5464 TuneConvertAudio (48afde8e262b4738cd3a25f932bd50d8) C:\Windows\system32\drivers\TuneConvertAudio.sys 2011/04/30 12:24:19.0643 5464 tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS	unmp.sys 2011/04/30 12:24:19.0705 5464 tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS	unnel.sys 2011/04/30 12:24:19.0752 5464 uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/30 12:24:19.0877 5464 udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/30 12:24:19.0955 5464 uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/30 12:24:19.0986 5464 uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/30 12:24:20.0111 5464 UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/30 12:24:20.0142 5464 ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/30 12:24:20.0189 5464 umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/30 12:24:20.0329 5464 upperdev        (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2011/04/30 12:24:20.0391 5464 usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/30 12:24:20.0438 5464 usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/30 12:24:20.0563 5464 usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/30 12:24:20.0594 5464 usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/30 12:24:20.0641 5464 usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/30 12:24:20.0750 5464 usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2011/04/30 12:24:20.0797 5464 usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys 2011/04/30 12:24:20.0859 5464 UsbserFilt      (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/30 12:24:20.0984 5464 USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/30 12:24:21.0031 5464 usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/30 12:24:21.0093 5464 usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/30 12:24:21.0218 5464 vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/30 12:24:21.0249 5464 VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/30 12:24:21.0296 5464 viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/30 12:24:21.0327 5464 ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/30 12:24:21.0452 5464 viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/30 12:24:21.0468 5464 volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/30 12:24:21.0530 5464 volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/30 12:24:21.0639 5464 volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/30 12:24:21.0702 5464 vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/30 12:24:21.0764 5464 WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/30 12:24:21.0873 5464 Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 12:24:21.0905 5464 Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 12:24:21.0967 5464 Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/30 12:24:22.0123 5464 WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys 2011/04/30 12:24:22.0217 5464 Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/30 12:24:22.0404 5464 WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/30 12:24:22.0513 5464 WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/30 12:24:22.0622 5464 ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/30 12:24:22.0716 5464 WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/30 12:24:22.0747 5464 WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/30 12:24:23.0043 5464 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/04/30 12:24:23.0043 5464 ================================================================================ 2011/04/30 12:24:23.0043 5464 Scan finished 2011/04/30 12:24:23.0043 5464 ================================================================================ 2011/04/30 12:24:23.0059 4092 Detected object count: 2 2011/04/30 12:25:34.0902 4092 Locked file(sptd) - User select action: Skip  2011/04/30 12:25:35.0011 4092 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/04/30 12:25:35.0011 4092 \HardDisk0 - ok 2011/04/30 12:25:35.0011 4092 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure  2011/04/30 12:26:57.0694 3584 Deinitialize success DDS Log: . DDS (Ver_11-03-05.01) - NTFSx86   Run by FUJITSU at 13:06:22.90 on Sat 04/30/2011 Internet Explorer: 9.0.8112.16421 Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3032.1887 [GMT 8:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Windows\system32	askeng.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32	askeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\FsUsbExService.Exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Nero\Update\NASvc.exe D:\SonyEricsson\QTTask.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Windows\System32\atwtusb.exe D:\AutoCAD-tools\DAEMON Tools\daemon.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Windows\System32\WTMKM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Users\FUJITSU\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wuauclt.exe C:\Users\FUJITSU\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\FUJITSU\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe D:\Google Chrome Downloads\dds.com C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://start.facemoods.com/?a=bf uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:54667 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 uURLSearchHooks: H - No File uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll mURLSearchHooks: H - No File mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [Skype] 'c:\program files\skype\phone\Skype.exe' /nosplash /minimized uRun: [Google Update] 'c:\users\fujitsu\appdata\local\google\update\GoogleUpdate.exe' /c uRun: [Messenger (Yahoo!)] 'c:\progra~1\yahoo!\messen~1\YahooMessenger.exe' -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [ ]  uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ares] 'd:\ares\Ares.exe' -h uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [UCam_Menu] 'c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe' 'c:\program files\cyberlink\youcam' update 'software\cyberlink\youcam\1.0' mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Skytel] Skytel.exe mRun: [HotkeyApp] 'c:\program files\launch manager\HotkeyApp.exe' mRun: [Adobe Reader Speed Launcher] 'c:\program files\adobeeader 9.0eader\Reader_sl.exe' mRun: [YSearchProtection] 'c:\program files\yahoo!\search protection\SearchProtection.exe' mRun: [QuickTime Task] 'd:\sonyericsson\QTTask.exe' -atboottime mRun: [atwtusb] atwtusb.exe mRun: [DAEMON Tools] 'd:\autocad-tools\daemon tools\daemon.exe' -lang 1033 mRun: [NPSStartup]  mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NokiaMServer] c:\program files\common files
okia\mplatform\NokiaMServer /watchfiles startup mRun: [NBAgent] 'd:
erov10.5
ero backitup\NBAgent.exe' /WinStart mRun: [avgnt] 'c:\program files\avira\antivir desktop\avgnt.exe' /min StartupFolder: c:\users\fujitsu\appdataoaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\fujitsu\appdataoaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Save YouTube Video as MP3 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL Handler: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - c:\program files\common files\stibo\RS_ProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\fujitsu\appdataoaming\mozilla\firefox\profiles\f9ltn1ny.default\ FF - prefs.js: browser.search.defaulturl - hxxp://ph.search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\mozilla firefox\extensions	alkback@mozilla.org\components\qfaservices.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-18 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-18 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-18 61960] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-12-9 21504] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-13 233472] R2 NAUpdate;Nero Update;c:\program files
ero\update\NASvc.exe [2010-5-4 503080] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
pf.sys [2008-6-1 34064] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-11-4 90112] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-15 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-17 20480] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-13 36608] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-12 84240] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-4 27632] R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2009-12-12 23096] R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-12-12 118784] S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\driversoyal.sys [2009-12-11 240128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664] S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-11-4 90280] S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-11-4 15016] S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-11-4 122280] S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-11-4 115880] S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-11-4 26024] S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-11-4 111912] S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-11-4 116904] S3 TCService;TCService;'d:
ew folder	uneconvert	cservice.exe' --> d:
ew folder	uneconvert\TCService.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-14 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile .txt= . =============== Created Last 30 ================ . 2011-04-28 05:11:10 -------- d-----w- c:\users\fujitsu\appdataoaming\Malwarebytes 2011-04-28 05:11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-28 05:11:00 -------- d-----w- c:\progra~2\Malwarebytes 2011-04-28 05:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-28 05:10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-28 04:52:49 -------- d-----w- c:\program files\CCleaner 2011-04-22 21:51:16 -------- d-----w- c:\users\fujitsu\appdata\local\Deployment 2011-04-22 21:51:16 -------- d-----w- c:\users\fujitsu\appdata\local\Apps 2011-04-18 12:37:25 -------- d-----w- c:\users\fujitsu\appdataoaming\Avira 2011-04-18 12:23:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-18 12:23:28 -------- d-----w- c:\progra~2\Avira 2011-04-18 10:35:25 59206 ----a-w- c:\users\fujitsu\appdataoaming\SQLite3.dll 2011-04-18 07:47:33 -------- d-----w- c:\users\fujitsu\appdata\local\Ares 2011-04-15 07:30:15 98816 ----a-w- c:\windows\system32\mfps.dll 2011-04-15 07:28:44 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-04-15 07:28:44 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-04-15 07:28:44 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-04-15 07:28:44 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-04-15 07:28:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-04-15 07:28:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-04-15 07:28:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-04-14 05:39:02 -------- d-----w- c:\users\fujitsu\appdataoaming\HdO Adventure 2011-04-07 13:15:28 -------- d-----w- c:\users\fujitsu\appdataoaming\PhotoScape 2011-04-02 09:26:35 -------- d-sh--w- c:\windows\system32\%APPDATA% . ==================== Find3M  ==================== . 2011-04-15 07:30:15 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-03-18 08:32:29 24 ----a-w- c:\progra~2\~f926.tmp 2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32	mpB8BCD.FOT 2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32	mp7A9CD.FOT 2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32	mp50ACD.FOT 2011-02-23 12:03:38 1409 ----a-w- c:\windows\system32	mp0BACD.FOT 2011-02-20 12:40:03 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-02-20 12:40:02 82432 ----a-w- c:\windows\system32\axaltocm.dll . ============= FINISH: 13:06:52.81 ===============

kevin27_b3d29f · Answer

Hi,     Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below) Anti Virus Anti Spyware Firewall     Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish Click the 'Show Results' button Then click the 'Export to Text File' button and save the log to the desktop Copy and paste that log as a reply to this topic and also let me know how things are now.   Please post the ESET report back for review and a status report on how the system is running.   Thanks.

user11111 · Answer

K27,

After the scan of ESET Online Scanner, it doesn't have a button of "Show Results". It only has "List of found threats". And when I clicked it, it shows a virus that was found, but there was a button "Export to text file" below. After I clicked it, I saved it in my Desktop and this is the result:

D:\AutoCAD-Mech'l\acm2010_x64.iso a variant of Win32/Keygen.BL application

kevin27_b3d29f · Answer

Hi,

You can delete D:\AutoCAD-Mech'l\acm2010_x64.iso, just right click the file and click delete.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

Click the "Scan" button to start scan.
Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Thanks.

user11111 · Answer

I mean the error code was 66A not 669.

user11111 · Answer

K27,

When I attached the file, It says that I should attach a valid file because they don't accept files like zip.

Windows Update is working now. But there's a new error code (669). The update name is Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

Here is the log for aswMBR:

Run date: 2011-05-02 12:11:34

-----------------------------

12:11:34.084 OS Version: Windows 6.0.6002 Service Pack 2

12:11:34.084 Number of processors: 2 586 0x170A

12:11:34.086 ComputerName: FUJITSU-PC UserName: FUJITSU

12:11:45.808 Initialize success

12:12:12.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:12:12.732 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3

12:12:14.754 Disk 0 MBR read successfully

12:12:14.758 Disk 0 MBR scan

12:12:14.762 Disk 0 unknown MBR code

12:12:16.767 Disk 0 scanning sectors +625139712

12:12:16.913 Disk 0 scanning C:\Windows\system32\drivers

12:12:54.800 Service scanning

12:13:01.003 Disk 0 trace - called modules:

12:13:01.029 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84f351d8]<<

12:13:01.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f99578]

12:13:01.030 3 CLASSPNP.SYS[8aba08b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d29b98]

12:13:01.030 \Driver\atapi[0x85d0e968] -> IRP_MJ_CREATE -> 0x84f351d8

12:13:01.030 Scan finished successfully

12:14:14.369 Disk 0 MBR has been saved successfully to "C:\Users\FUJITSU\Desktop\MBR.dat"

12:14:14.377 The log file has been saved successfully to "C:\Users\FUJITSU\Desktop\aswMBR.txt"

kevin27_b3d29f · Answer

Hi, Is the Net.Framework 4 update the only one you are having an issue with. Apart from that, how is the system running. Thanks.

user11111 · Answer

Yes, only the Net.Framework 4 update is not working. Well like what I've said, I have a problem with some updates. The system is working correctly. There's no errors reported.

Virus & Spyware

Windows Update Error Code 80072EFE

Download updates for Windows

Was this post helpful?