[Inactve] Computers Infected,takes over Anti-Virus/Spyware/Malware programs

Hi yall, my PC and laptops have caught something pretty sneaky. I haven't actually ever gotten a positive confirmation but that's because the malware hijacks the programs before they can even be installed. The result is that Malwarebytes runs through a Full Scan and says nothing is wrong, TrendMicro Titanium either freezes up or gives the all-clear, Norton AV the same along with half a dozen "brand-name" anti-malware programs. I was running iObit360 and Microsoft Security Essentials prior to noticing things go haywire. They obviously both say the system is fine.

Fine...is the 180 degree antonym of my systems' status. The malware exploits what I believe are massive flaws in Windows "permissions" (I'm running Win7 Ultimate), and it basically runs amok propogating at will, (assumedly) logging everything I do or type and corrupting anything that might threaten it.

After my hard drive was rendered obsolete when MS BitLocker and my Dell TPM knocked their idiot heads together, I did a clean reinstall from Win7 Ultimate disc on a brand new Dell-supplied HDD. That new drive is now infected 2 days later, unbelievably - I'm assuming via the home wireless connection? Not sure how as I didn't set up HomeGroup or a Network...

 

Sorry I'm pretty confused

In your link it says:

How am I not up to Step 3?

I'm pretty tired and it's possible I'm being retarded, but am I just imagining it or is TITANUIMRES a banned keyword on this forum?

 

Hi broni, thanks for your help - I really appreciate it!

cheers Admin, I took your post to mean ignore Step 3 rather than ignore the Trend Micro 'false'(?) warning about Step 3 link and am just posting the logs. I hope that's correct - I'm so exhausted, the obvious seems...less so ;(

-----

Prologue to assembling WindowsBBS logs: Whilst trying to take back control of an AV .exe from the virus (which had assumed Permissions with a User SID of S-1-5-21-xxxxxxxxxxxxxxx ) - the malware fought back and dumped my Administrator account into the Temp User folder (which I discovered upon a restart, when greeted by an empty desktop).

I had thought I'd got the sucker when I saw hundreds or thousands of jp2iexp.dll references in the Registry. Quick search confirmed that's Javascript code exploited by hackers to run riot, and I followed the instructions on some forum to run a Hijack This scan and kill the running process. I then ran some scans with iolo System Mechanic and that deleted the thousands of S-1-5-21-xxxx registry entries.

Certain in 'victory', I set about compiling the WindowsBBS logs, following the instructions very carefully. Unfortunately, Trend Micro Titanium was still running as it's only mentioned to disable in the instructions after Malwarebytes. The result was Malwarebytes was about do something to the Wow6432Node registry tree which had included the thousands of S-1-5-21 Javascript registry entries (or perhaps the other way around) - I don't know what because Trend Micro Titanium killed the action with a flash note.

Furious, I uninstalled TM Titanium assuming a fresh repeat of Step 4 would allow Malwarebytes to do it's thing. But alas, a clean scan instead...

------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5736

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/02/2011 10:58:20 AM
mbam-log-2011-02-11 (10-58-20).txt

Scan type: Quick scan
Objects scanned: 153699
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-11 11:08:47
Windows 6.1.7600
Running: ghsbq0fs.exe


---- Services - GMER 1.0.15 ----

Service C:\Windows\servicing\TrustedInstaller.exe (*** hidden *** ) [AUTO] TrustedInstaller <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


---------------------------------------------------------


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E6500
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 193):
0x02A4A000 \SystemRoot\system32\ntoskrnl.exe
0x02A01000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00C4F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C93000 \SystemRoot\system32\PSHED.dll
0x00CA7000 \SystemRoot\system32\CLFS.SYS
0x00D05000 \SystemRoot\system32\CI.dll
0x00E12000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F1C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F25000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F62000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F84000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F8D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F99000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0109C000 \SystemRoot\System32\drivers\volmgrx.sys
0x010F8000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x01131000 \SystemRoot\System32\drivers\mountmgr.sys
0x012B5000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013D3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01200000 \SystemRoot\system32\drivers\fltmgr.sys
0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01427000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0114B000 \SystemRoot\System32\Drivers\msrpc.sys
0x015CA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015E4000 \SystemRoot\System32\drivers\pcw.sys
0x015F5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01260000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x011A9000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00FAE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x00DC5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02C13000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02C3D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02C6E000 \SystemRoot\System32\Drivers\Null.SYS
0x02C77000 \SystemRoot\System32\Drivers\Beep.SYS
0x02C7E000 \SystemRoot\System32\drivers\vga.sys
0x02C8C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02CB1000 \SystemRoot\System32\drivers\watchdog.sys
0x02CC1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02CCA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02CD3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01073000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03AA6000 \SystemRoot\system32\drivers\afd.sys
0x03B30000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B75000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B7E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BCE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A68000 \??\C:\Windows\system32\drivers\ElRawDsk.sys
0x03A72000 \SystemRoot\System32\drivers\discache.sys
0x03CBE000 \SystemRoot\system32\drivers\csc.sys
0x03D41000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D5F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D70000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04864000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0535C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03EEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E46000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
0x03E8F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0535E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E9C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03EAD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0409B000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x04000000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0403E000 \SystemRoot\system32\drivers\sdbus.sys
0x0405E000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x04071000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03ED1000 \SystemRoot\system32\drivers\tpm.sys
0x045F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0408F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03FE0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x053B4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053C4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x053DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03EE0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03D96000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0484A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03DB7000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x03DC4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04098000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x03C43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03C55000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03DCF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x090FF000 \SystemRoot\system32\drivers\HdAudio.sys
0x0915B000 \SystemRoot\system32\drivers\portcls.sys
0x09198000 \SystemRoot\system32\drivers\drmk.sys
0x091BA000 \SystemRoot\system32\drivers\ksthunk.sys
0x09000000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x0927F000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x09417000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x094E2000 \SystemRoot\system32\drivers\modem.sys
0x094F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02CDC000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x094FF000 \SystemRoot\System32\drivers\Dxapi.sys
0x0950B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0951E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0953B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0957F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x095AD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x095BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x095D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x095DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x095EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x0953D000 \SystemRoot\system32\drivers\luafv.sys
0x09200000 \SystemRoot\system32\drivers\WudfPf.sys
0x09560000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x09221000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09571000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x09400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09052000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x09252000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x09265000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x034D1000 \SystemRoot\system32\drivers\HTTP.sys
0x03599000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03400000 \SystemRoot\system32\drivers\peauth.sys
0x034A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x035B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x035DE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x038F1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03958000 \SystemRoot\System32\DRIVERS\srv.sys
0x039EE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x03886000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x03891000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77C90000 \Windows\System32\ntdll.dll
0x47D90000 \Windows\System32\smss.exe
0xFFFB0000 \Windows\System32\apisetschema.dll
0xFFB80000 \Windows\System32\autochk.exe
0xFFF20000 \Windows\System32\shlwapi.dll
0x77E60000 \Windows\System32\normaliz.dll
0xFFE10000 \Windows\System32\msctf.dll
0xFFBB0000 \Windows\System32\iertutil.dll
0x77B90000 \Windows\System32\user32.dll
0x77A70000 \Windows\System32\kernel32.dll
0xFFAD0000 \Windows\System32\advapi32.dll
0xFFAC0000 \Windows\System32\lpk.dll
0xFFAA0000 \Windows\System32\sechost.dll
0xFFA00000 \Windows\System32\clbcatq.dll
0xFF990000 \Windows\System32\gdi32.dll
0xFF940000 \Windows\System32\ws2_32.dll
0xFF920000 \Windows\System32\imagehlp.dll
0xFF910000 \Windows\System32\nsi.dll
0xFF7E0000 \Windows\System32\wininet.dll
0xFF7B0000 \Windows\System32\imm32.dll
0xFEA20000 \Windows\System32\shell32.dll
0xFE8F0000 \Windows\System32\rpcrt4.dll
0xFE850000 \Windows\System32\msvcrt.dll
0xFE780000 \Windows\System32\usp10.dll
0xFE700000 \Windows\System32\difxapi.dll
0xFE520000 \Windows\System32\setupapi.dll
0xFE480000 \Windows\System32\comdlg32.dll
0xFE300000 \Windows\System32\urlmon.dll
0x77E50000 \Windows\System32\psapi.dll
0xFE220000 \Windows\System32\oleaut32.dll
0xFE1D0000 \Windows\System32\Wldap32.dll
0xFDFC0000 \Windows\System32\ole32.dll
0xFDF20000 \Windows\System32\comctl32.dll
0xFDEB0000 \Windows\System32\KernelBase.dll
0xFDE90000 \Windows\System32\devobj.dll
0xFDE50000 \Windows\System32\cfgmgr32.dll
0xFDE10000 \Windows\System32\wintrust.dll
0xFDCA0000 \Windows\System32\crypt32.dll
0xFDC90000 \Windows\System32\msasn1.dll
0x77E40000 \Windows\SysWOW64\normaliz.dll

Processes (total 71):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
396 csrss.exe
448 C:\Windows\System32\wininit.exe
464 csrss.exe
496 C:\Windows\System32\services.exe
512 C:\Windows\System32\lsass.exe
520 C:\Windows\System32\lsm.exe
604 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
1140 WUDFHost.exe
1192 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\spoolsv.exe
1380 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\svchost.exe
1528 C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
1656 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2148 C:\Windows\System32\taskhost.exe
2216 C:\Windows\System32\dwm.exe
2244 C:\Windows\explorer.exe
2264 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\rundll32.exe
2940 C:\Windows\System32\SearchIndexer.exe
2596 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
308 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1040 C:\Windows\System32\audiodg.exe
3656 C:\Program Files\Microsoft Security Client\msseces.exe
3312 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2204 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3368 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3344 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3868 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1108 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3792 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
4068 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3752 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2680 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2800 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2272 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3100 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1404 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3592 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1988 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2456 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2572 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1224 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3668 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2112 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
4012 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1076 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2664 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1584 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2532 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
2452 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1824 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3588 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
3484 C:\Users\JONNY\AppData\Local\Google\Chrome\Application\chrome.exe
1696 taskhost.exe
3984 C:\Windows\System32\SearchProtocolHost.exe
4008 C:\Windows\System32\SearchFilterHost.exe
3400 C:\Users\JONNY\Desktop\MBRCheck.exe
1616 C:\Windows\System32\conhost.exe
3548 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1656GSYF, Rev: LJ011D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


----------------------------------------------------------------




DDS (Ver_10-12-12.01) - NTFS_AMD64
Run by JONNY at 11:15:09.90 on Fri 11/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.4084.3015 [GMT 7:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JONNY\Desktop\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe "
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\JONNY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2011-2-11 23464]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-2-11 724664]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-2-11 724664]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-6-13 287960]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-02-11 04:09:50 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{80F87493-D043-4C4C-94E6-411415859BD8}\mpengine.dll
2011-02-11 03:56:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 03:56:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-11 03:44:53 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-02-11 03:44:53 232272 ----a-w- C:\Windows\TmNSCIns.dll
2011-02-11 03:27:57 -------- d-----w- C:\Windows\System32\appmgmt
2011-02-11 02:47:53 -------- d-----w- C:\Users\JONNY\AppData\Roaming\Malwarebytes
2011-02-11 01:40:34 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2011-02-11 01:40:06 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-02-11 01:40:04 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll
2011-02-11 01:39:50 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2011-02-11 01:39:50 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2011-02-11 01:39:45 -------- d-----w- C:\Program Files (x86)\iolo
2011-02-11 01:38:03 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2011-02-11 01:38:00 -------- d-----w- C:\Users\JONNY\AppData\Roaming\iolo
2011-02-11 01:38:00 -------- d-----w- C:\PROGRA~3\iolo
2011-02-10 19:31:49 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-10 19:31:47 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-10 13:45:15 119808 ----a-r- C:\Users\JONNY\AppData\Roaming\Microsoft\Installer\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}\icons.exe
2011-02-10 12:41:18 -------- d-----w- C:\Users\JONNY\AppData\Local\Trend Micro
2011-02-09 23:17:25 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-02-09 23:17:24 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2011-02-09 23:17:03 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-09 23:17:02 -------- d-----w- C:\Windows\System32\Wat
2011-02-09 22:35:05 388096 ----a-r- C:\Users\JONNY\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 22:35:04 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-09 22:20:00 -------- d-----w- C:\Users\JONNY\AppData\Local\CPN
2011-02-09 22:18:16 -------- d-----w- C:\Users\JONNY\AppData\Local\Cake Poker
2011-02-09 22:17:37 -------- d---a-w- C:\Program Files (x86)\Cake Poker
2011-02-09 14:54:01 -------- d-----w- C:\Windows\Panther
2011-02-09 12:31:08 -------- d-----w- C:\Users\JONNY\AppData\Local\Adobe
2011-02-09 10:43:18 -------- d-----w- C:\PROGRA~3\Trend Micro
2011-02-09 06:13:16 -------- d---a-w- C:\Program Files (x86)\RedBackPoker
2011-02-09 05:20:02 -------- d-----w- C:\Program Files\Process Explorer
2011-02-09 04:46:39 -------- d-----w- C:\Casino
2011-02-09 04:43:41 -------- d-----w- C:\Program Files (x86)\OpenVPN
2011-02-09 04:42:32 -------- d-----w- C:\Program Files (x86)\MyVideoDownloaderHD
2011-02-09 04:40:05 -------- d-----w- C:\Users\JONNY\.ProvideSupportConsole
2011-02-09 04:40:02 -------- d-----w- C:\Program Files (x86)\Provide Support
2011-02-09 03:46:46 -------- d-----w- C:\Poker
2011-02-09 03:46:42 -------- d-----w- C:\Users\JONNY\AppData\Local\HuluDesktop
2011-02-09 03:33:06 -------- d-----w- C:\Users\JONNY\AppData\Local\cache
2011-02-09 03:32:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-09 03:32:43 -------- d-----w- C:\Users\JONNY\AppData\Local\FullTiltPoker
2011-02-09 03:32:10 -------- d-----w- C:\Program Files (x86)\Full Tilt Poker
2011-02-09 03:16:18 -------- d-----w- C:\Users\JONNY\AppData\Roaming\Absolute Poker
2011-02-09 03:16:13 -------- d-----w- C:\Poker Application
2011-02-09 03:01:01 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-09 02:56:28 -------- d-----w- C:\Users\JONNY\AppData\Roaming\Trillian
2011-02-09 02:21:58 -------- d-----w- C:\Users\JONNY\AppData\Local\{935825D3-4521-460D-B19E-1A327C91605B}
2011-02-09 02:21:45 -------- d-----w- C:\Users\JONNY\Tracing
2011-02-09 02:20:25 -------- d-----w- C:\Windows\en
2011-02-09 02:19:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-09 02:18:00 -------- d-----w- C:\Windows\PCHEALTH
2011-02-09 02:17:16 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-02-09 02:17:16 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-02-09 02:17:15 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-02-09 02:17:15 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-02-09 02:16:49 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-02-09 02:16:49 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-02-09 02:15:38 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-02-09 02:15:38 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-02-09 02:15:38 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-02-09 02:15:37 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-02-09 02:14:54 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\218c14ad1cbc7ff07\MeshBetaRemover.exe
2011-02-09 02:14:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e4e90c81cbc7ff06\DSETUP.dll
2011-02-09 02:14:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e4e90c81cbc7ff06\DXSETUP.exe
2011-02-09 02:14:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e4e90c81cbc7ff06\dsetup32.dll
2011-02-09 02:14:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1abf42301cbc7ff05\DXSETUP.exe
2011-02-09 02:14:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1abf42301cbc7ff05\dsetup32.dll
2011-02-09 02:14:39 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1abf42301cbc7ff05\DSETUP.dll
2011-02-09 02:14:34 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16fcadd81cbc7ff04\Silverlight.4.0.exe
2011-02-09 02:13:50 -------- d-----w- C:\Users\JONNY\AppData\Local\Windows Live
2011-02-09 02:13:48 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-02-09 01:46:23 -------- d-----w- C:\Users\JONNY\AppData\Local\Google
2011-02-09 01:46:06 -------- d-----w- C:\Users\JONNY\AppData\Local\Deployment
2011-02-09 01:46:06 -------- d-----w- C:\Users\JONNY\AppData\Local\Apps
2011-02-09 01:19:27 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-02-09 01:19:27 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-02-09 01:12:49 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-09 01:12:49 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-09 01:12:49 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-09 01:12:49 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-09 01:12:49 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-09 01:12:49 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-09 01:12:49 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-09 01:12:49 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-09 01:12:49 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-09 01:12:49 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-09 01:04:57 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-02-09 01:01:43 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-09 01:01:42 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-09 01:01:42 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-09 01:01:42 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-09 01:01:42 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-09 00:59:57 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-09 00:49:46 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 00:49:21 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{78E14009-1F2C-4A03-A1E5-1386BBEA0A7B}\gapaengine.dll
2011-02-09 00:45:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-02-09 00:45:09 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-02-09 00:45:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-02-09 00:25:52 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1B2DD82B-4847-4B52-91A9-99E423664388}\mpengine.dll
2011-02-09 00:25:52 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-09 00:03:54 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-09 00:03:54 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-09 00:03:54 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-02-09 00:03:54 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 11:15:26.95 ===============



--------------------------------------------------------------------




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/02/2011 7:02:28 AM
System Uptime: 11/02/2011 10:48:59 AM (1 hours ago)

Motherboard: Dell Inc. | | 0F327M
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 117.204 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Broadcom USH w/swipe sensor
Device ID: USB\VID_0A5C&PID_5801&MI_00\6&1EB0F4E8&0&0000
Manufacturer:
Name: Broadcom USH w/swipe sensor
PNP Device ID: USB\VID_0A5C&PID_5801&MI_00\6&1EB0F4E8&0&0000
Service:

==== System Restore Points ===================

RP25: 11/02/2011 9:36:26 AM - Removed MSVCRT
RP26: 11/02/2011 9:50:01 AM - Windows Modules Installer
RP27: 11/02/2011 10:07:00 AM - Windows Update
RP28: 11/02/2011 10:11:37 AM - Windows Update
RP29: 11/02/2011 10:13:53 AM - Windows Update
RP30: 11/02/2011 10:26:56 AM - Removed Windows Live Mesh ActiveX Control for Remote Connections

==== Installed Programs ======================

Absolute Poker
Adobe Flash Player 10 ActiveX
Cake Poker
Circus Casino
D3DX10
Full Tilt Poker
Google Chrome
HiJackThis
Hulu Desktop
iolo technologies' System Mechanic
Java Auto Updater
Java(TM) 6 Update 23
Live Support Chat for Web Site 5.4.4
Malwarebytes' Anti-Malware
Mesh Runtime
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
My Video Downloader v3.0.1.8
OpenVPN 2.1.4
RedBack Poker
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Toolbars
Skypeâ„¢ 5.1
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 15.0

==== Event Viewer Messages From Past Week ========

9/02/2011 8:41:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/02/2011 8:40:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/02/2011 8:30:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/02/2011 9:12:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/02/2011 3:05:53 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/02/2011 3:05:37 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/02/2011 3:05:09 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/02/2011 10:37:06 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

==== End Of File ===========================

 

Hi broni, thanks again - my systems crash pretty rapidly after they're hijacked, and I've done 9 or so complete clean reformat / reinstalls since my last post. All in vain. The consensus advice I've gotten from tech support at Trend Micro and whatnot is that it's a hacker who has my IP and he just waltz'es his way back in with a yawn after I reinstall Windows.

I wonder if I might run the contributing variables by you to quadruple check? Of course, I'm happy to follow any instructions, but I seriously doubt there's a point as I'll be blue-screening and system freezing before we're through 1/4 of the process - and it'll be a process that will render my system "clean" even if I did make it through (I think). The malware (or hacker) takes control of Permissions before I can even execute the application. Once he has the Audit / Special Permissions, even as Owner I can't get control of the file back I don't think. In any case, scripts are then run to block my Administrator commands to the Services being used...

...shortly after that, my system is crashing and it's format / install OS time. And shortly after that, the sinking realisation that, seemingly no matter what I do, the malware or hacker is back doing his thing. It's been a painful week of redundancy ;(

---------------------

2011/02/15 07:28:01.0642 3692 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 07:28:02.0572 3692 ================================================================================
2011/02/15 07:28:02.0572 3692 SystemInfo:
2011/02/15 07:28:02.0572 3692
2011/02/15 07:28:02.0572 3692 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/15 07:28:02.0572 3692 Product type: Workstation
2011/02/15 07:28:02.0573 3692 ComputerName: JV-LAPTOP
2011/02/15 07:28:02.0573 3692 UserName: jv
2011/02/15 07:28:02.0573 3692 Windows directory: C:\Windows
2011/02/15 07:28:02.0573 3692 System windows directory: C:\Windows
2011/02/15 07:28:02.0573 3692 Running under WOW64
2011/02/15 07:28:02.0573 3692 Processor architecture: Intel x64
2011/02/15 07:28:02.0573 3692 Number of processors: 2
2011/02/15 07:28:02.0573 3692 Page size: 0x1000
2011/02/15 07:28:02.0573 3692 Boot type: Normal boot
2011/02/15 07:28:02.0573 3692 ================================================================================
2011/02/15 07:28:02.0885 3692 Initialize success
2011/02/15 07:28:09.0489 0232 ================================================================================
2011/02/15 07:28:09.0489 0232 Scan started
2011/02/15 07:28:09.0489 0232 Mode: Manual;
2011/02/15 07:28:09.0489 0232 ================================================================================
2011/02/15 07:28:10.0850 0232 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/15 07:28:11.0136 0232 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/15 07:28:11.0330 0232 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/15 07:28:11.0500 0232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/15 07:28:11.0773 0232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/15 07:28:12.0051 0232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/15 07:28:12.0353 0232 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/15 07:28:12.0642 0232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/15 07:28:12.0917 0232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/15 07:28:13.0191 0232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/15 07:28:13.0479 0232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/15 07:28:14.0005 0232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/15 07:28:14.0292 0232 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/15 07:28:14.0565 0232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/15 07:28:14.0839 0232 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/15 07:28:15.0140 0232 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/15 07:28:15.0470 0232 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/15 07:28:15.0790 0232 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/15 07:28:16.0060 0232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/15 07:28:16.0320 0232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/15 07:28:16.0660 0232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/15 07:28:16.0936 0232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/15 07:28:17.0234 0232 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/15 07:28:17.0552 0232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/15 07:28:17.0837 0232 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/15 07:28:18.0103 0232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/15 07:28:18.0136 0232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/15 07:28:18.0408 0232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/15 07:28:18.0681 0232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/15 07:28:18.0981 0232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/15 07:28:19.0265 0232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/15 07:28:19.0560 0232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/15 07:28:19.0842 0232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/15 07:28:20.0154 0232 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/15 07:28:20.0438 0232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/15 07:28:20.0643 0232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/15 07:28:20.0794 0232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/15 07:28:20.0990 0232 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/15 07:28:21.0136 0232 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/15 07:28:21.0432 0232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/15 07:28:21.0700 0232 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/15 07:28:21.0744 0232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/15 07:28:22.0013 0232 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/15 07:28:22.0330 0232 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/15 07:28:22.0606 0232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/15 07:28:22.0883 0232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/15 07:28:23.0166 0232 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/15 07:28:23.0550 0232 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/15 07:28:23.0857 0232 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
2011/02/15 07:28:24.0504 0232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/15 07:28:24.0879 0232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/15 07:28:25.0206 0232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/15 07:28:25.0529 0232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/15 07:28:25.0818 0232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/15 07:28:26.0133 0232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/15 07:28:26.0469 0232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/15 07:28:26.0674 0232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/15 07:28:26.0770 0232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/15 07:28:27.0005 0232 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/15 07:28:27.0089 0232 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/15 07:28:27.0296 0232 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/15 07:28:27.0427 0232 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/15 07:28:27.0708 0232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/15 07:28:27.0848 0232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/15 07:28:28.0039 0232 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/15 07:28:28.0310 0232 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/15 07:28:28.0341 0232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/15 07:28:28.0370 0232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/15 07:28:28.0633 0232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/15 07:28:28.0960 0232 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/15 07:28:29.0221 0232 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/15 07:28:29.0581 0232 hrfsmrx (ffebc24be0f651d180bc27f74eaa215a) C:\Windows\System32\Drivers\hrfsmrx.sys
2011/02/15 07:28:29.0867 0232 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/15 07:28:30.0205 0232 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/15 07:28:30.0492 0232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/15 07:28:30.0536 0232 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/15 07:28:30.0806 0232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/15 07:28:30.0866 0232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/15 07:28:31.0131 0232 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/15 07:28:31.0192 0232 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/15 07:28:31.0475 0232 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/15 07:28:31.0744 0232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/15 07:28:32.0004 0232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/15 07:28:32.0034 0232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/15 07:28:32.0062 0232 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/15 07:28:32.0323 0232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/15 07:28:32.0599 0232 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/15 07:28:32.0850 0232 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/15 07:28:32.0894 0232 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/15 07:28:33.0153 0232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/15 07:28:33.0463 0232 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/15 07:28:33.0759 0232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/15 07:28:34.0028 0232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/15 07:28:34.0304 0232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/15 07:28:34.0574 0232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/15 07:28:34.0609 0232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/15 07:28:34.0638 0232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/15 07:28:34.0670 0232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/15 07:28:34.0936 0232 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/15 07:28:35.0220 0232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/15 07:28:35.0472 0232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/15 07:28:35.0747 0232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/15 07:28:36.0017 0232 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/15 07:28:36.0155 0232 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/15 07:28:36.0198 0232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/15 07:28:36.0345 0232 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/15 07:28:36.0510 0232 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/15 07:28:36.0664 0232 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/15 07:28:36.0901 0232 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/15 07:28:36.0984 0232 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/15 07:28:37.0185 0232 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/15 07:28:37.0234 0232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/15 07:28:37.0254 0232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/15 07:28:37.0274 0232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/15 07:28:37.0370 0232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/15 07:28:37.0637 0232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/15 07:28:37.0896 0232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/15 07:28:37.0932 0232 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/15 07:28:38.0198 0232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/15 07:28:38.0466 0232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/15 07:28:38.0498 0232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/15 07:28:38.0522 0232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/15 07:28:38.0799 0232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/15 07:28:39.0128 0232 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/15 07:28:39.0434 0232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/15 07:28:39.0709 0232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/15 07:28:39.0985 0232 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/15 07:28:40.0018 0232 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/15 07:28:40.0050 0232 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/15 07:28:40.0301 0232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/15 07:28:40.0342 0232 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/15 07:28:40.0750 0232 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/02/15 07:28:41.0061 0232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/15 07:28:41.0345 0232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/15 07:28:41.0387 0232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/15 07:28:41.0445 0232 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/15 07:28:41.0714 0232 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/15 07:28:42.0286 0232 nvlddmkm (1ddbd3ea0967f135086aad9e4aed9af1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/15 07:28:42.0827 0232 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/15 07:28:43.0092 0232 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/15 07:28:43.0386 0232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/15 07:28:43.0441 0232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/15 07:28:43.0731 0232 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/15 07:28:43.0999 0232 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/15 07:28:44.0119 0232 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/15 07:28:44.0159 0232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/15 07:28:44.0195 0232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/15 07:28:44.0354 0232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/15 07:28:44.0406 0232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/15 07:28:44.0726 0232 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/15 07:28:44.0998 0232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/15 07:28:45.0279 0232 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/15 07:28:45.0671 0232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/15 07:28:45.0966 0232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/15 07:28:46.0232 0232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/15 07:28:46.0325 0232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/15 07:28:46.0536 0232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/15 07:28:46.0637 0232 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/15 07:28:46.0831 0232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/15 07:28:46.0943 0232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/15 07:28:46.0986 0232 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/15 07:28:47.0165 0232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/15 07:28:47.0304 0232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/15 07:28:47.0510 0232 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/15 07:28:47.0779 0232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/15 07:28:47.0835 0232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/15 07:28:48.0074 0232 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/15 07:28:48.0133 0232 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/15 07:28:48.0416 0232 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/02/15 07:28:48.0713 0232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/15 07:28:48.0763 0232 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/15 07:28:49.0017 0232 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/15 07:28:49.0039 0232 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/15 07:28:49.0320 0232 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
2011/02/15 07:28:49.0636 0232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/15 07:28:49.0931 0232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/15 07:28:50.0210 0232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/15 07:28:50.0477 0232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/15 07:28:50.0555 0232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/02/15 07:28:50.0805 0232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/15 07:28:51.0108 0232 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/15 07:28:51.0370 0232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/15 07:28:51.0663 0232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/15 07:28:51.0690 0232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/15 07:28:51.0960 0232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/15 07:28:52.0268 0232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/15 07:28:52.0512 0232 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/15 07:28:52.0620 0232 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/15 07:28:52.0914 0232 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/02/15 07:28:53.0233 0232 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/02/15 07:28:53.0529 0232 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/02/15 07:28:53.0835 0232 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/15 07:28:54.0118 0232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/15 07:28:54.0188 0232 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/15 07:28:54.0452 0232 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/15 07:28:54.0764 0232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/15 07:28:55.0052 0232 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
2011/02/15 07:28:55.0157 0232 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/15 07:28:55.0482 0232 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/15 07:28:55.0748 0232 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/15 07:28:56.0007 0232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/15 07:28:56.0117 0232 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/15 07:28:56.0169 0232 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/15 07:28:56.0353 0232 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/15 07:28:56.0653 0232 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/02/15 07:28:56.0924 0232 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/02/15 07:28:57.0209 0232 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/02/15 07:28:57.0485 0232 tmlwf (5922b1f5741bbdbaf7f7b4cbd2b7c4a5) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/02/15 07:28:57.0748 0232 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/02/15 07:28:57.0813 0232 tmwfp (0a2e3899cc72ad4cc85ea3d50a5331cc) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/02/15 07:28:58.0084 0232 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/02/15 07:28:58.0346 0232 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/15 07:28:58.0625 0232 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/15 07:28:58.0661 0232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/15 07:28:58.0693 0232 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/15 07:28:58.0931 0232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/15 07:28:58.0989 0232 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/15 07:28:59.0279 0232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/15 07:28:59.0437 0232 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/15 07:28:59.0486 0232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/15 07:28:59.0605 0232 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/15 07:28:59.0681 0232 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/15 07:28:59.0938 0232 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/15 07:29:00.0206 0232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/15 07:29:00.0492 0232 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/15 07:29:00.0731 0232 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/15 07:29:01.0030 0232 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/15 07:29:01.0364 0232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/15 07:29:01.0637 0232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/15 07:29:01.0654 0232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/15 07:29:01.0677 0232 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/15 07:29:01.0701 0232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/15 07:29:01.0955 0232 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/15 07:29:02.0001 0232 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/15 07:29:02.0249 0232 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/15 07:29:02.0294 0232 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/15 07:29:02.0576 0232 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/15 07:29:02.0855 0232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/15 07:29:02.0990 0232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/15 07:29:03.0189 0232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/15 07:29:03.0476 0232 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/15 07:29:03.0505 0232 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/15 07:29:03.0810 0232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/15 07:29:03.0950 0232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/15 07:29:04.0148 0232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/15 07:29:04.0295 0232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/15 07:29:04.0538 0232 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/02/15 07:29:04.0845 0232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/15 07:29:05.0138 0232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/15 07:29:05.0271 0232 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/15 07:29:05.0301 0232 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/15 07:29:05.0383 0232 ================================================================================
2011/02/15 07:29:05.0383 0232 Scan finished
2011/02/15 07:29:05.0383 0232 ================================================================================

 

Or like...log into any forum, or account, Facebook, Google, any extension or really just...anything, I guess. WindowsBBS forum as well, unless your ACP shows very different data than every other forum on the planet. I think it's close to impossible to retain IP anonymity in 2011 unless you're surfing from Tor proxies and setting up dupe accounts all over the place no? Which precludes use of much of the better services the Internet has to offer.

In any case, if it's true that someone who knows my IP can hack my systems, I'm pretty much going to be *******.

My IPs were Static. This is the first Dynamic IP I've ever had I think, and I can't seem to trigger it's Dynamic nature all that easily.

--------

I pretty much have the problem narrowed down now and you won't believe it so I'll leave the updates of the format / clean reinstalls I've done (15 maybe, I've lost count) until after the log results. Which took a couple hours but it's all good - I'm not achieving a great deal with Microsoft Tech CS or other real-time experts aside from a whole stack of format/reinstall OS procedures, that's for sure.

Combofix in Normal mode, pretty much instant blue screen:

<< 007.jpg >>

It booted up into Safe Mode without Networking automatically, so I tried Combofix again, and I thought it worked as it took 20 minutes or so before it restarted my PC into Normal and opened the blue screen dialog box which told me to be patient for another 20 minutes or so. It had reached the "almost done, Combofix log will be in C:" stage when I was blue-screened again and it booted up into Safe Mode again.

The Combofix log was there but it was empty so I treated that as a fail and restarted to get back to Normal where I tried AKill which executed, and returned this log file:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16/02/2011 at 13:04:02.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWow64\rundll32.exe
C:\Windows\SysWOW64\runonce.exe


Rkill completed on 16/02/2011 at 13:04:13.

----------

I then quickly ran goscuter1.exe (Combofix) and it looked to be racing along quite well, a message flashed about it deleting some stuff and requiring a restart, it restarted back into Normal Mode where it seemed to be frozen for 5 min or so before I was blue-screened again.

Loaded into Safe Mode but the log file was empty again so I treated that as another fail. I rebooted into Safe Mode with Networking to follow the instruction dot points, and download goscuter1.exe (Combofix) again and downloaded RKill again and ran it successfully for the following log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16/02/2011 at 13:12:16.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWow64\rundll32.exe
C:\Windows\SysWow64\rundll32.exe


Rkill completed on 16/02/2011 at 13:12:17.

---------

Still in Safe Mode with Networking, I quickly ran goscuter1.exe (Combofix) and it executed and restarted my PC, loading back into Normal where the blue screen dialog box blinked for quite some time before a log file flashed very briefly for a second and then I was blue-screened yet again.

I loaded back up into Normal, and was surprised to see the Combofix log appeared to have been saved successfully:

ComboFix 11-02-15.02 - abcde12345)(&^ 16/02/2011 13:13:56.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.10231.9059 [GMT 7:00]
Running from: c:\users\abcde12345)(&^\Desktop\jonny.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 12:40 . 2011-02-15 21:55 -------- d-----w- c:\windows\Panther
2011-02-16 06:15 . 2011-02-16 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 05:45 . 2011-01-12 19:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B491BA0-FCAE-428B-A908-124AF56EA228}\mpengine.dll
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\programdata\Hewlett-Packard
2011-02-16 04:48 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-16 03:11 . 2011-02-16 03:11 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-02-16 03:06 . 2011-02-16 03:06 -------- d-----w- c:\windows\SysWow64\Wat
2011-02-16 03:06 . 2011-02-16 03:06 -------- d-----w- c:\windows\system32\Wat
2011-02-16 02:58 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-02-16 00:31 . 2011-02-16 00:31 -------- d-----w- c:\windows\SysWow64\Macromed
2011-02-16 00:04 . 2011-02-16 00:04 -------- d-----w- C:\4a80477cffa0c43b16276d
2011-02-15 23:06 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-15 23:06 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-02-15 23:05 . 2011-02-15 23:05 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-15 23:01 . 2009-11-25 05:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-15 23:01 . 2009-11-25 05:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-02-15 23:01 . 2009-11-25 05:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-02-15 23:01 . 2009-11-25 05:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-02-15 23:01 . 2009-11-25 05:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-15 23:01 . 2009-11-25 05:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-15 23:01 . 2009-11-25 05:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-15 23:01 . 2009-11-25 05:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-15 23:01 . 2009-11-25 05:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-02-15 23:01 . 2009-11-25 05:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-15 22:55 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-02-15 22:54 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-15 22:49 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 22:49 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-15 22:49 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-15 22:49 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-02-15 22:49 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-15 22:40 . 2011-02-15 22:40 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-15 22:12 . 2011-01-12 19:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-15 22:11 . 2011-02-15 22:11 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A33763CD-BC02-4D1E-B7BF-C803C932D1C7}\gapaengine.dll
2011-02-15 22:09 . 2011-02-02 10:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A5574B8-2F7B-4458-9B85-DFF634574FEB}\mpengine.dll
2011-02-15 22:09 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-15 22:09 . 2011-02-15 22:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-02-15 22:09 . 2011-02-16 03:25 -------- d-sh--w- c:\windows\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_04.34.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 01:11 . 2011-02-16 06:18 10642 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-16 06:18 25670 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2011-02-16 04:41 71216 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-02-16 05:38 . 2011-02-16 05:38 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b56a80a51f412ce3832eddecb9bf1580\UIAutomationProvider.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\52895ca79afea8292b54f053322cff36\System.AddIn.Contract.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\8974f2d78277786a0b4e84f1127a75c0\Microsoft.VisualC.ni.dll
+ 2011-02-16 05:37 . 2011-02-16 05:37 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\46c8b155e6fcd5696ffa15a67824ebab\Accessibility.ni.dll
+ 2011-02-15 22:43 . 2011-02-16 06:18 3006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2303928777-217884247-2440800441-1000_UserData.bin
- 2011-02-16 04:34 . 2011-02-16 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-16 06:16 . 2011-02-16 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-16 04:34 . 2011-02-16 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-16 06:16 . 2011-02-16 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-16 05:37 . 2011-02-16 05:37 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\332105a018674f583e57c47e643a742d\dfsvc.ni.exe
- 2009-07-14 02:36 . 2011-02-16 04:08 630124 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-16 06:11 630124 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-16 04:08 111208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-16 06:11 111208 c:\windows\system32\perfc009.dat
+ 2011-02-16 05:38 . 2011-02-16 05:38 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\bbd68c1c06eb762bedb74bc73dc9a414\UIAutomationTypes.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0a5fb7acbda333f46ef269b56b063562\System.Xml.Linq.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\3a3e9feefb5fb9724cd7867a35d69cdf\System.Windows.Input.Manipulations.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\894d864ff8eeb97fad09797d33a06d83\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.Wrapper.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\4d3fc0529d8089c7c0d611f5dd452bba\System.Data.DataSetExtensions.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\95d48fd5985ea45686feb0bf3dd48965\System.Configuration.Install.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d09724ed63bd50523934132c98f15fef\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d8081c7946511948a128a77803f0985f\System.AddIn.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\04bf5714cef2ce3fc97d55c9843b36f0\System.Activities.DurableInstancing.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\49e65c90ae6199360d5ec36ff8ed04d5\SMSvcHost.ni.exe
+ 2011-02-16 05:38 . 2011-02-16 05:38 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\02fefaca15882a01c7a9c46e1009913f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\6a557c74c85034c1dd514949e7d2e159\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\da19e7188e9253fd383e8149b960e102\CustomMarshalers.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\40125e5383c4af4d0b7a23e2d52b5112\System.Printing.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9cf61683cbb57e80828013b2c9024a7e\System.DirectoryServices.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0778748cd9700240f093adfc5dfc5750\System.Deployment.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\1f1416d0bd44f4f4b7b447dd46100cb2\System.Activities.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\9a80ca1aff58bb8bd4ba68aedbb0b21d\System.Activities.Presentation.ni.dll
+ 2011-02-16 05:39 . 2011-02-16 05:39 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\c58f64b1cb8226be2d8d65c852dfe2e3\System.Activities.Core.Presentation.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ea622ab70f67eef23533a326f29c5ed2\ReachFramework.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\29a210cb0025eec8da18645b52d2e559\PresentationUI.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1134080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\fc453dc65663953ef9a84d54db7c5f44\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f4e162e7a860c3577fbb3455fc1349a5\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a571b1efa54d6a35b336fa5b5e624854\Microsoft.VisualBasic.ni.dll
+ 2011-02-16 05:38 . 2011-02-16 05:38 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1dc732b2fb25d70b83fa2cab112525f9\Microsoft.Transactions.Bridge.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 203776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-26 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-26 287232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Logitech Download Assistant "= "c:\windows\system32\rundll32.exe" [2009-07-14 45568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-16 13:38:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 06:38
ComboFix2.txt 2011-02-16 04:45

Pre-Run: 464,962,252,800 bytes free
Post-Run: 465,266,196,480 bytes free

- - End Of File - - FD235CBF152197384A3DB39F3E2FCE50

------------------------------------

As the last action of my PC was a blue-screen crash memory dump, I'm not really sure where things stand. Probably not great, because...

That rootkit which Gmer showed up, transforms into a program called TrustedInstaller (amongst a number of other things, including my User login and I *think* Administrator for my PC as well - which would explain why I can't reclaim ownership of files/folders as Original Creator or Administrator - which Microsoft would claim isn't possible, but they don't seem to be very aware of their own products. Maybe AI has arrived

Because...my Genuine Advantageâ„¢Windows © 7 Ultimate CD is either:
a) corrupted; or,
b) incapable of formatting a drive which has been corrupted.

I think it's a). But it's the same thing I guess.

I disabled my wireless router in my laptop, completely disconnected from any form of network, then inserted the above CD formatted and deleted and refreshed and wiped the drive completely 'clean' before installing Windows 7 Ultimate 64-bit. The wireless router was never enabled, the laptop is a hunk of disconnected whirring, alone with the installation CD.

<< 005.jpg >>

<< 006.jpg >>

Those time stamps are correct. That occurred after I clicked on "New" to create a partition.

Instantly after it loaded up my new desktop, I went to Event logs and sure enough:

[FONT=georgia,serif] ".NET Runtime Optimation Service (2.0.50727.4927) - Installed from repository: AuditPolicyGPManagedStubs.Interop "

I just Googled this and surprise, surprise...others have the exact same 'phenomenon' that nobody can fix for them aside from recommending "buying new hardware" or "format/reinstall ", and which results in malware called "TrustedInstaller" amongst other aliases, and before the fresh install ever gets the chance to go online and get updates or MS Security Essentials, it's already taken over every Permission and Audit control there is. Which results in a very predictable scenario, every single time. Complete system failure.

<< 008.jpg >>

It completely laughs at any anti-virus/spyware/malware 'solution'. It makes short work of Windows Defender with Registry changes like the one below, which are rewritten I believe (I'm certain the 0 and 1 values here changed before my eyes):

[/FONT][FONT=georgia,serif] "Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value:HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReporting = 0 New Value:HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReporting = 1 "

[/FONT][FONT=georgia,serif]It makes a mockery out of MS Security Essentials & Malwarebytes, forcing both joke programs (and many more ridiculously expensive non-'solutions') to run through complete scans saying everything is fine.

It achieves this by completely owning the entire Windows OS before the OS even has a chance to download anti-virus software or Windows Updates. When I attempt to do either, it executes Command Prompts for MS Security Essentials which download an old Microsoft Hotfix for driver issues that appear to be a solution to an issue suffered by Remote Desktop Protocol logins - so that's great, obviously.

<< Errors Windows 6.jpg >>

[/FONT]

[FONT=georgia,serif]

I have dozens of other screenshots of it's shenanigans with overclocking and whatnot, but I imagine one gets the idea... I hope so, because I have no idea...and Microsoft has even less of one.
[/FONT]

 

Um, what? No one's public IP is their Belkin router address! Everyone has a public IP which anyone can run in seconds to get their ISP details:

nb. all the details above are visible for any connection, unless specific steps have been taken to be anonymous (although they'd show different information - this is showing the hacker's OS details instead of my Ultimate etc)

Yup cool.

[/QUOTE]

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

That's for explorer.exe - I'm logged in as Administrator. I can access and I think uninstall some drivers only, that's about all the permissions I have left in my Control Panel I think.

The malware takes control of my Registry before the new installation OS even gets online! As per the submitted photos of my screen...

Is it possible for him to have hacked my BIOS? That's more likely than hacking a Genuine Advantage Microsoft CD surely? Although I guess he has to trick the installation CD into giving the all-clear on the format, so not sure which one is more likely...but it's one of the two, as per the submitted photos.

Genuine Advantage Windows installation disc says the HDD is formatted 100% when it's not. It installs WINDOWS NT instead of Ultimate. Shouldn't we be focusing on that rather than trying to clean the mirrored server?

----------

ps. I submitted these images and a great deal more to Microsoft days ago. Uploaded them to Microsoft's secure server, which said "Success" after each image upload. The secure page still shows their successful upload, but Microsoft Technical support, once they realised what was going on, told me to call the local police and that they can't help - I have all this on Chat of course, they told me to get "Cybercops" as they couldn't help.

I could not make this up.

http://awesomescreenshot.com/04b7roi22

 

I should probably add that I obviously have no problem with installing again if it's important to check that trustedinstaller.exe file - it's just that I'm 99% certain I won't be able to access it. The malware writes registry settings which negate my Administrator permissions for core services the hacker requires, or it's possible I guess that I simply don't have the Administrator permissions for his server - which is where my Windows gets installed?

 

Interesting. I'm assuming there must be some anonymizing procedures that have to be completed? Because I have a couple small forums, and no one has ever logged in with an undetectable IP that I can remember - some proxies and VPN IPs sure, but how would websites handle your accessing from non-identifiable IPs?

This is very important learning for me - I hope you don't mind me 'arguing' with you, that's just how I learn ;(

I hired a local systems security expert who came highly recommended and we performed a 'clean' reinstall using one of his system recovery boot discs, then he secured my (embarrassingly non-existent) router security with a hardware firewall and other things. Everything was looking good, until I noticed some ESET firewall rules were changed from our presets this morning - stuff to allow RPC activation and that sort of thing.

I don't think the hacker is back in, because things seem really stable. But I can't change any of the settings, so I'm not sure what to think. I can't turn off ESET now either, there's an application called ekrn.eke which started a service called ESET Service which I cannot Disable or Stop (and I'm running with full Administrator rights). It's also got a Logon as: Local System account with the "Allow service to interact with desktop" box ticked - I can't turn it off, it just says "Access is denied" or "The Service is not accepting controls at this time. "

I submitted it to VirusTotal and:

As I see NOD32 in the AV Detection list, I think it's safe to say it's not an ESET file? And that Date first seen is frightfully recent.

I also submitted trustedinstaller.exe even though the computer 'feels' clean (aside from the fact that it's obviously not), for this result:

---------------------------

This VirusTotal concept seems pretty awesome. But I don't know what the results are saying?

fwiw, I think I've worked out how the rootkit was installed. Manually, by the DELL Service technician who replaced my Bitlocker-destroyed HDD - I didn't even click to the fact he had my computer and the install discs for hours. And - somewhat 'coincidentally' - the DELL guy installed all the wrong DELL TPM / SecurityPoint / AccessControl drivers. Not sure why he thought 2009 versions were better, except I'm pretty sure I do...

 

Motherf**.adsflaj..

I thought I'd upload some files from the Genuine Advantage discs, the first file I picked randomly was autorun.inf and McAfee says it's Generic!atr :

This is on the Genuine Advantage Windows Ultimate discs. F Microsoft tells me to call the cybercops and that I'm imagining it all.

 

No sorry, he worked all through the afternoon yesterday. I'm leaving a lot of messages for his answering machine. Probably going to turn off my systems now though...

DELL and Microsoft, take a bow.