Author Topic: [Inactive] Files hidden/Win32 Olmasco  (Read 3585 times)

0 Members and 1 Guest are viewing this topic.

Offline galan

  • Bronze Member
  • Posts: 24
[Inactive] Files hidden/Win32 Olmasco
« on: January 04, 2012, 11:08:29 pm »
My ESET NOD32 License expired and my system appears to have become infected with "System Check" and "Win32 Olmasco". NOD32 was unable to clean it. The infection caused the files on the desktop and under the Start menu to be hidden. So far I've run TDSSKiller, SpyBot S&D, and repeated a scan with NOD32 and it doesn't seem to be on the system anymore. The desktop files are no longer hidden but I still can't see the files under the Start menu.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:41 PM, on 1/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Vid\Vid.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Gail\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279843749500
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9805 bytes
« Last Edit: January 04, 2012, 11:41:51 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25335
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Files hidden/Win32 Olmasco
« Reply #1 on: January 04, 2012, 11:42:53 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Download the following program to your desktop:

Unhide tool

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\  as below:



Changing as the next drive is processed as below:



You will get a success alert at the end. Re-boot and see if your files are present.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

    We need to see some information about what is happening in your machine.  Please perform the following scan:
    • Download DDS by sUBs from one of the following links.  Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
    • Notepad will open with the results.
    • Please copy and paste both logs into your next response. You may need more than one response.
    • Close the program window, and delete the program from your desktop.
    Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

    Information on A/V control HERE

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #2 on: January 05, 2012, 09:35:22 am »
    Thanks for your help Hoov. All I've done initially to try to fix the problem before seeking help was what I mentioned above and it did seem to improve things. I'm not having any real problems/symptoms other than the files were being hidden and the entire desktop was a blank blue screen (this has since resolved). The system is a home PC; it's mainly used for online research.



    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.05.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gail :: GAIL-EAEF9CB10F [administrator]

    1/5/2012 9:49:48 AM
    mbam-log-2012-01-05 (09-49-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 169190
    Time elapsed: 5 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
    Run by Gail at 10:01:42 on 2012-01-05
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2524 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Vid\Vid.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\zstatus.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [cdloader] "c:\documents and settings\gail\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
    uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279843749500
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EAC74D83-2F36-4649-9F67-BE49E8D7F3F0} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{FFB34155-A195-436C-A1A5-BF4513DC42D2} : DhcpNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\gail\application data\mozilla\firefox\profiles\wp8z0511.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z003&form=ZGAADF&q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 118104]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 103112]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-27 136176]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-27 136176]
    .
    =============== Created Last 30 ================
    .
    2012-01-05 14:46:59   --------   d-----w-   c:\documents and settings\gail\application data\Malwarebytes
    2012-01-05 14:46:53   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
    2012-01-05 14:46:50   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-01-05 14:46:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2012-01-05 04:33:21   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
    2012-01-04 23:54:06   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-01-04 23:52:43   388096   ----a-r-   c:\documents and settings\gail\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-01-04 23:52:42   --------   d-----w-   c:\program files\Trend Micro
    2011-12-31 19:20:03   --------   d-----w-   C:\DiD
    2011-12-31 05:11:17   --------   d-----w-   c:\program files\DID
    2011-12-31 05:06:51   283648   ----a-w-   c:\windows\uninst.exe
    2011-12-31 05:06:38   --------   d-----w-   c:\documents and settings\gail\WINDOWS
    2011-12-31 03:06:44   --------   d-----w-   c:\program files\iPod
    2011-12-31 03:06:40   --------   d-----w-   c:\program files\iTunes
    2011-12-31 03:03:47   --------   d-----w-   c:\program files\Bonjour
    2011-12-10 20:48:27   --------   d-----w-   c:\program files\ESET
    .
    ==================== Find3M  ====================
    .
    2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
    2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
    2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
    2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22   186880   ----a-w-   c:\windows\system32\encdec.dll
    2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 10:02:06.71 ===============

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #3 on: January 05, 2012, 11:09:35 am »
    Can you please also post the other log, named attach.txt. Also after running unhide, did the hidden programs and files reappear?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #4 on: January 05, 2012, 11:23:53 am »
    Sorry, please see below. Yes the hidden files have reappeared.



    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/22/2010 7:22:54 PM
    System Uptime: 1/5/2012 10:04:31 AM (2 hours ago)
    .
    Motherboard: Dell Inc. |  | 0FM586
    Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 117 GiB total, 71.322 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 116 GiB total, 87.922 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is CDROM ()
    I: is FIXED (NTFS) - 466 GiB total, 394.749 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP512: 10/9/2011 9:29:16 AM - System Checkpoint
    RP513: 10/10/2011 5:24:58 PM - System Checkpoint
    RP514: 10/11/2011 6:05:54 PM - Software Distribution Service 3.0
    RP515: 10/12/2011 6:45:23 PM - System Checkpoint
    RP516: 10/13/2011 7:21:09 PM - System Checkpoint
    RP517: 10/14/2011 7:37:44 PM - System Checkpoint
    RP518: 10/15/2011 7:38:53 PM - System Checkpoint
    RP519: 10/16/2011 7:58:16 PM - System Checkpoint
    RP520: 10/17/2011 8:21:12 PM - System Checkpoint
    RP521: 10/18/2011 8:49:14 PM - System Checkpoint
    RP522: 10/19/2011 9:37:47 PM - System Checkpoint
    RP523: 10/20/2011 9:52:39 PM - System Checkpoint
    RP524: 10/21/2011 10:11:27 PM - System Checkpoint
    RP525: 10/22/2011 10:48:53 PM - System Checkpoint
    RP526: 10/23/2011 10:50:58 PM - System Checkpoint
    RP527: 10/25/2011 12:04:01 PM - System Checkpoint
    RP528: 10/26/2011 6:01:20 PM - System Checkpoint
    RP529: 10/27/2011 7:44:35 PM - System Checkpoint
    RP530: 10/28/2011 7:54:37 PM - System Checkpoint
    RP531: 10/30/2011 8:43:09 AM - System Checkpoint
    RP532: 10/31/2011 6:36:34 PM - System Checkpoint
    RP533: 11/1/2011 7:02:50 PM - System Checkpoint
    RP534: 11/2/2011 7:14:48 PM - System Checkpoint
    RP535: 11/3/2011 7:29:30 PM - System Checkpoint
    RP536: 11/4/2011 8:03:18 PM - System Checkpoint
    RP537: 11/5/2011 8:12:56 PM - System Checkpoint
    RP538: 11/6/2011 7:14:33 PM - System Checkpoint
    RP539: 11/7/2011 7:32:27 PM - System Checkpoint
    RP540: 11/8/2011 8:54:47 PM - System Checkpoint
    RP541: 11/9/2011 9:21:41 PM - System Checkpoint
    RP542: 11/10/2011 3:00:14 AM - Software Distribution Service 3.0
    RP543: 11/10/2011 10:26:15 PM - Software Distribution Service 3.0
    RP544: 11/11/2011 10:32:53 PM - System Checkpoint
    RP545: 11/12/2011 10:42:43 PM - System Checkpoint
    RP546: 11/14/2011 6:14:10 PM - System Checkpoint
    RP547: 11/15/2011 6:37:58 PM - System Checkpoint
    RP548: 11/16/2011 6:59:44 PM - System Checkpoint
    RP549: 11/17/2011 7:10:56 PM - System Checkpoint
    RP550: 11/18/2011 7:53:50 PM - System Checkpoint
    RP551: 11/19/2011 8:50:45 PM - System Checkpoint
    RP552: 11/20/2011 9:32:51 PM - System Checkpoint
    RP553: 11/21/2011 9:56:24 PM - System Checkpoint
    RP554: 11/24/2011 11:14:00 AM - System Checkpoint
    RP555: 11/25/2011 1:05:14 PM - System Checkpoint
    RP556: 11/26/2011 6:14:15 PM - System Checkpoint
    RP557: 11/27/2011 6:55:28 PM - System Checkpoint
    RP558: 11/28/2011 8:56:33 PM - System Checkpoint
    RP559: 11/30/2011 6:12:25 PM - System Checkpoint
    RP560: 12/1/2011 7:59:54 PM - System Checkpoint
    RP561: 12/2/2011 8:38:03 PM - System Checkpoint
    RP562: 12/5/2011 7:30:26 PM - System Checkpoint
    RP563: 12/6/2011 8:40:07 PM - System Checkpoint
    RP564: 12/7/2011 8:55:14 PM - System Checkpoint
    RP565: 12/9/2011 5:32:41 PM - System Checkpoint
    RP566: 12/10/2011 5:55:31 PM - System Checkpoint
    RP567: 12/11/2011 6:10:17 PM - System Checkpoint
    RP568: 12/12/2011 6:37:02 PM - System Checkpoint
    RP569: 12/13/2011 7:10:40 PM - System Checkpoint
    RP570: 12/13/2011 10:38:03 PM - Software Distribution Service 3.0
    RP571: 12/15/2011 8:41:19 PM - System Checkpoint
    RP572: 12/17/2011 2:29:56 PM - System Checkpoint
    RP573: 12/18/2011 2:39:07 PM - System Checkpoint
    RP574: 12/19/2011 7:24:39 PM - System Checkpoint
    RP575: 12/21/2011 10:58:07 AM - System Checkpoint
    RP576: 12/22/2011 11:20:47 AM - System Checkpoint
    RP577: 12/23/2011 11:20:51 AM - System Checkpoint
    RP578: 12/24/2011 12:20:51 PM - System Checkpoint
    RP579: 12/25/2011 1:12:19 PM - System Checkpoint
    RP580: 12/26/2011 2:44:14 PM - System Checkpoint
    RP581: 12/27/2011 3:13:23 PM - System Checkpoint
    RP582: 12/28/2011 5:37:50 PM - System Checkpoint
    RP583: 12/29/2011 6:13:23 PM - System Checkpoint
    RP584: 12/30/2011 6:56:59 PM - System Checkpoint
    RP585: 12/30/2011 10:04:47 PM - Installed iTunes
    RP586: 12/31/2011 10:37:42 PM - System Checkpoint
    RP587: 1/1/2012 3:00:14 AM - Software Distribution Service 3.0
    RP588: 1/2/2012 3:00:13 AM - Software Distribution Service 3.0
    RP589: 1/3/2012 3:40:09 AM - System Checkpoint
    RP590: 1/4/2012 7:19:31 AM - System Checkpoint
    RP591: 1/4/2012 6:52:41 PM - Installed HiJackThis
    RP592: 1/4/2012 9:22:45 PM - Removed Freeware PDF Unlocker
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Advertising Center
    AMD APP SDK Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Bonjour
    Brother MFL-Pro Suite
    Call of Duty: Black Ops
    CameraHelperMsi
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-utility
    CCC Help English
    Dell Wireless WLAN Card
    DolbyFiles
    erLT
    ESET NOD32 Antivirus
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    hp LaserJet 1000
    ImagXpress
    Imation Disk Manager V a Service
    Intel(R) PRO Network Connections 12.1.12.0
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 26
    Logitech Vid
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    magicJack
    Malwarebytes Anti-Malware version 1.60.0.1800
    Menu Templates - Starter Kit
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders  (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.18)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    OGA Notifier 2.0.0048.0
    PaperPort
    PlayItAll media player 1.0.5
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype Click to Call
    Skype™ 5.5
    SoundTrax
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VirtualCloneDrive
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.00 (32-bit)
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/4/2012 7:10:17 PM, error: Service Control Manager [7034]  - The Spybot S&D 2 Live Protection Service service terminated unexpectedly.  It has done this 1 time(s).
    1/4/2012 11:09:30 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
    1/4/2012 11:09:30 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
    1/4/2012 11:09:30 AM, error: Service Control Manager [7000]  - The ESET Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    1/4/2012 11:09:30 AM, error: Service Control Manager [7000]  - The ATI Smart service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    1/3/2012 9:09:31 AM, error: Dhcp [1002]  - The IP address lease 192.168.0.101 for the Network Card with network address 00234E7F00BC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    1/3/2012 9:09:02 AM, error: Dhcp [1002]  - The IP address lease 192.168.0.100 for the Network Card with network address 00219B1978AF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #5 on: January 05, 2012, 11:40:55 am »
    Just to make sure, everything in your startmenu is back? Also are you having network issues?

    Please perform a scan with Panda ActiveScan - ActiveScan does not remove adware/spyware but will autoclean for viruses & worms.
    http://www.pandasoftware.com/products/activescan.htm

       1. Click "Scan Your PC".
       2. A new window will open. Click "Check Now!".
       3. Fill in your registration and click "Scan Now!".
       4. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
       5. A new window will appear asking "Do you want to install this software?" Name: asinst.cab.
       6. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
       7. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow".
       8. Select a device to scan: Click on "Local Disks" [allow it to Auto Clean].
       9. When the scan completes, if anything malicious is detected, click the "See Report button", then "Save Report" to your desktop.
      10. Post back the results of your scan and any infected files that are found but not deleted.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #6 on: January 05, 2012, 06:29:59 pm »
    I'm not sure if I did it correctly, there was no "local disks" or "auto clean" option. But I did a Full System scan. The icons in the Start Menu are back but most of the sub-folders say "(Empty)". Not experiencing any network issues. 

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-01-05 19:22:25
    PROTECTIONS: 1
    MALWARE: 49
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description                                  Version                       Active    Updated
    ;===================================================================================================================================================================================
    ESET NOD32 Antivirus 5.0                     5.0                           Yes       No
    ;===================================================================================================================================================================================
    MALWARE
    Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
    ;===================================================================================================================================================================================
    00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@trafficmp[2].txt
    00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\16yh9734.txt
    00139060  Cookie/Casalemedia                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@casalemedia[1].txt
    00139060  Cookie/Casalemedia                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\otsskpqf.txt
    00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\386b710m.txt
    00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\8rs13mar.txt
    00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@doubleclick[1].txt
    00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\drfm2aoi.txt
    00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\8vulsfzg.txt
    00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@atdmt[2].txt
    00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\vdue054o.txt
    00145405  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@247realmedia[2].txt
    00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@fastclick[2].txt
    00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\6to01xcd.txt
    00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\nihzq738.txt
    00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@tribalfusion[1].txt
    00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@mediaplex[1].txt
    00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@linksynergy[2].txt
    00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@linksynergy[1].txt
    00145869  Cookie/SpyLog                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@spylog[1].txt
    00147806  Cookie/7search                     TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@7search[2].txt
    00147824  Cookie/Clickbank                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@clickbank[1].txt
    00167642  Cookie/Com.com                     TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@com[1].txt
    00167647  Cookie/Yadro                       TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@yadro[2].txt
    00167647  Cookie/Yadro                       TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\0rwbw9tj.txt
    00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@xiti[1].txt
    00167730  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@ehg.hitbox[1].txt
    00167747  Cookie/Azjmp                       TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@azjmp[1].txt
    00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@statcounter[1].txt
    00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@statcounter[1].txt
    00167760  Cookie/Hitslink                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@counter.hitslink[1].txt
    00168048  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@perf.overture[1].txt
    00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\cnn0kr0y.txt
    00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\9xefonbb.txt
    00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\xa7wfs2y.txt
    00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\dcqfjihi.txt
    00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@apmebf[2].txt
    00168076  Cookie/BurstNet                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@burstnet[2].txt
    00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@serving-sys[1].txt
    00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\k388ustx.txt
    00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@bs.serving-sys[2].txt
    00168097  Cookie/BurstBeacon                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@www.burstbeacon[1].txt
    00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@weborama[1].txt
    00168109  Cookie/Adtech                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@adtech[1].txt
    00168110  Cookie/Server.iad.Liveperson       TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\mfdf5wz4.txt
    00168110  Cookie/Server.iad.Liveperson       TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@server.iad.liveperson[1].txt
    00168114  Cookie/onestat.com                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@stat.onestat[1].txt
    00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@advertising[1].txt
    00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\35zl52je.txt
    00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\1d4oi91c.txt
    00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\o1vchiak.txt
    00170304  Cookie/WebtrendsLive               TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@statse.webtrendslive[1].txt
    00170304  Cookie/WebtrendsLive               TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@statse.webtrendslive[1].txt
    00170495  Cookie/PointRoll                   TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\kctbnjyt.txt
    00170495  Cookie/PointRoll                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@ads.pointroll[1].txt
    00170550  Cookie/Humanclick                  TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@hc2.humanclick[1].txt
    00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@overture[1].txt
    00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\9qtx5cz0.txt
    00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@overture[2].txt
    00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\s92y3gz8.txt
    00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@realmedia[1].txt
    00171982  Cookie/QuestionMarket              TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\l291skdm.txt
    00171982  Cookie/QuestionMarket              TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@questionmarket[2].txt
    00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\ewuis3d4.txt
    00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\x81el06g.txt
    00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@zedo[2].txt
    00172449  Cookie/MetriWeb                    TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@metriweb[1].txt
    00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@bluestreak[2].txt
    00182104  Cookie/Hitbox                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@phg.hitbox[1].txt
    00187950  Cookie/bravenetA                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@bravenet[1].txt
    00194327  Cookie/Go                          TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@go[2].txt
    00207338  Cookie/Target                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@target[1].txt
    00207936  Cookie/Adviva                      TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@adviva[2].txt
    00207936  Cookie/Adviva                      TrackingCookie      No        0         Yes            No           e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\jnjfad9e.txt
    00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@smartadserver[2].txt
    00286736  Cookie/Cgi-bin                     TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@www6.addfreestats[1].txt
    00293517  Cookie/AdDynamix                   TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@ads.addynamix[1].txt
    00325830  Cookie/Bridgetrack                 TrackingCookie      No        0         Yes            No           c:\documents and settings\gail\cookies\gail@citi.bridgetrack[2].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent      Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id        Severity       Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #7 on: January 05, 2012, 06:52:51 pm »
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





    • If an infected file is detected, the default action will be Cure, click on Continue.





    • If a suspicious file is detected, the default action will be Skip, click on Continue.





    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #8 on: January 05, 2012, 11:39:51 pm »
    00:34:37.0888 5212   TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    00:34:38.0388 5212   ============================================================
    00:34:38.0388 5212   Current date / time: 2012/01/06 00:34:38.0388
    00:34:38.0388 5212   SystemInfo:
    00:34:38.0388 5212   
    00:34:38.0388 5212   OS Version: 5.1.2600 ServicePack: 3.0
    00:34:38.0388 5212   Product type: Workstation
    00:34:38.0388 5212   ComputerName: GAIL-EAEF9CB10F
    00:34:38.0388 5212   UserName: Gail
    00:34:38.0388 5212   Windows directory: C:\WINDOWS
    00:34:38.0388 5212   System windows directory: C:\WINDOWS
    00:34:38.0388 5212   Processor architecture: Intel x86
    00:34:38.0388 5212   Number of processors: 4
    00:34:38.0388 5212   Page size: 0x1000
    00:34:38.0388 5212   Boot type: Normal boot
    00:34:38.0388 5212   ============================================================
    00:34:44.0592 5212   Initialize success
    00:35:30.0748 5544   ============================================================
    00:35:30.0748 5544   Scan started
    00:35:30.0748 5544   Mode: Manual;
    00:35:30.0748 5544   ============================================================
    00:35:31.0717 5544   Abiosdsk - ok
    00:35:31.0748 5544   abp480n5 - ok
    00:35:31.0795 5544   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    00:35:31.0795 5544   ACPI - ok
    00:35:31.0842 5544   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    00:35:31.0842 5544   ACPIEC - ok
    00:35:31.0967 5544   adpu160m - ok
    00:35:32.0170 5544   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    00:35:32.0170 5544   aec - ok
    00:35:32.0467 5544   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    00:35:32.0467 5544   AFD - ok
    00:35:32.0607 5544   Aha154x - ok
    00:35:32.0763 5544   aic78u2 - ok
    00:35:32.0951 5544   aic78xx - ok
    00:35:32.0982 5544   AliIde - ok
    00:35:32.0982 5544   amsint - ok
    00:35:33.0013 5544   asc - ok
    00:35:33.0029 5544   asc3350p - ok
    00:35:33.0060 5544   asc3550 - ok
    00:35:33.0107 5544   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    00:35:33.0107 5544   AsyncMac - ok
    00:35:33.0138 5544   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    00:35:33.0138 5544   atapi - ok
    00:35:33.0138 5544   Atdisk - ok
    00:35:33.0326 5544   ati2mtag        (011388ddc5b83ef4a0b2b829735c646f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    00:35:33.0357 5544   ati2mtag - ok
    00:35:33.0404 5544   AtiHdmiService  (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    00:35:33.0404 5544   AtiHdmiService - ok
    00:35:33.0451 5544   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    00:35:33.0451 5544   Atmarpc - ok
    00:35:33.0482 5544   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    00:35:33.0482 5544   audstub - ok
    00:35:33.0545 5544   BCM43XX         (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    00:35:33.0545 5544   BCM43XX - ok
    00:35:33.0592 5544   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    00:35:33.0592 5544   Beep - ok
    00:35:33.0623 5544   BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
    00:35:33.0623 5544   BrScnUsb - ok
    00:35:33.0670 5544   BrSerIf         (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
    00:35:33.0670 5544   BrSerIf - ok
    00:35:33.0717 5544   BrUsbSer        (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    00:35:33.0717 5544   BrUsbSer - ok
    00:35:33.0779 5544   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    00:35:33.0779 5544   cbidf2k - ok
    00:35:33.0826 5544   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    00:35:33.0826 5544   CCDECODE - ok
    00:35:33.0857 5544   cd20xrnt - ok
    00:35:33.0904 5544   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    00:35:33.0904 5544   Cdaudio - ok
    00:35:33.0951 5544   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    00:35:33.0967 5544   Cdfs - ok
    00:35:33.0982 5544   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    00:35:33.0982 5544   Cdrom - ok
    00:35:33.0982 5544   Changer - ok
    00:35:33.0998 5544   CmdIde - ok
    00:35:33.0998 5544   Cpqarray - ok
    00:35:34.0092 5544   cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    00:35:34.0092 5544   cpudrv - ok
    00:35:34.0123 5544   dac2w2k - ok
    00:35:34.0154 5544   dac960nt - ok
    00:35:34.0217 5544   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    00:35:34.0217 5544   Disk - ok
    00:35:34.0263 5544   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    00:35:34.0279 5544   dmboot - ok
    00:35:34.0279 5544   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    00:35:34.0279 5544   dmio - ok
    00:35:34.0295 5544   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    00:35:34.0295 5544   dmload - ok
    00:35:34.0326 5544   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    00:35:34.0326 5544   DMusic - ok
    00:35:34.0326 5544   dpti2o - ok
    00:35:34.0373 5544   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    00:35:34.0373 5544   drmkaud - ok
    00:35:34.0435 5544   e1express       (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    00:35:34.0435 5544   e1express - ok
    00:35:34.0498 5544   eamon           (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
    00:35:34.0513 5544   eamon - ok
    00:35:34.0529 5544   ehdrv           (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    00:35:34.0529 5544   ehdrv - ok
    00:35:34.0576 5544   ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    00:35:34.0576 5544   ElbyCDIO - ok
    00:35:34.0623 5544   epfwtdir        (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    00:35:34.0623 5544   epfwtdir - ok
    00:35:34.0670 5544   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    00:35:34.0670 5544   Fastfat - ok
    00:35:34.0701 5544   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    00:35:34.0701 5544   Fdc - ok
    00:35:34.0748 5544   FilterService   (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    00:35:34.0748 5544   FilterService - ok
    00:35:34.0810 5544   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    00:35:34.0810 5544   Fips - ok
    00:35:34.0826 5544   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    00:35:34.0826 5544   Flpydisk - ok
    00:35:34.0888 5544   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    00:35:34.0888 5544   FltMgr - ok
    00:35:34.0935 5544   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    00:35:34.0935 5544   Fs_Rec - ok
    00:35:34.0982 5544   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    00:35:34.0998 5544   Ftdisk - ok
    00:35:35.0045 5544   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    00:35:35.0045 5544   GEARAspiWDM - ok
    00:35:35.0092 5544   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    00:35:35.0092 5544   Gpc - ok
    00:35:35.0123 5544   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    00:35:35.0123 5544   HDAudBus - ok
    00:35:35.0138 5544   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    00:35:35.0154 5544   hidusb - ok
    00:35:35.0201 5544   hpn - ok
    00:35:35.0279 5544   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    00:35:35.0279 5544   HTTP - ok
    00:35:35.0310 5544   i2omgmt - ok
    00:35:35.0326 5544   i2omp - ok
    00:35:35.0357 5544   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    00:35:35.0357 5544   i8042prt - ok
    00:35:35.0404 5544   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    00:35:35.0404 5544   Imapi - ok
    00:35:35.0420 5544   ini910u - ok
    00:35:35.0560 5544   IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    00:35:35.0592 5544   IntcAzAudAddService - ok
    00:35:35.0623 5544   IntelIde - ok
    00:35:35.0701 5544   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    00:35:35.0701 5544   intelppm - ok
    00:35:35.0748 5544   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    00:35:35.0748 5544   Ip6Fw - ok
    00:35:35.0795 5544   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    00:35:35.0795 5544   IpFilterDriver - ok
    00:35:35.0857 5544   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    00:35:35.0857 5544   IpInIp - ok
    00:35:35.0904 5544   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    00:35:35.0904 5544   IpNat - ok
    00:35:35.0935 5544   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    00:35:35.0935 5544   IPSec - ok
    00:35:35.0967 5544   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    00:35:35.0967 5544   IRENUM - ok
    00:35:35.0998 5544   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    00:35:35.0998 5544   isapnp - ok
    00:35:36.0060 5544   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    00:35:36.0060 5544   Kbdclass - ok
    00:35:36.0107 5544   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    00:35:36.0107 5544   kbdhid - ok
    00:35:36.0138 5544   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    00:35:36.0138 5544   kmixer - ok
    00:35:36.0170 5544   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    00:35:36.0170 5544   KSecDD - ok
    00:35:36.0201 5544   lbrtfdc - ok
    00:35:36.0279 5544   LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    00:35:36.0279 5544   LVPr2Mon - ok
    00:35:36.0326 5544   LVRS            (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    00:35:36.0326 5544   LVRS - ok
    00:35:36.0513 5544   LVUVC           (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    00:35:36.0545 5544   LVUVC - ok
    00:35:36.0607 5544   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    00:35:36.0623 5544   mnmdd - ok
    00:35:36.0638 5544   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    00:35:36.0638 5544   Modem - ok
    00:35:36.0670 5544   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    00:35:36.0670 5544   Mouclass - ok
    00:35:36.0701 5544   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    00:35:36.0701 5544   mouhid - ok
    00:35:36.0717 5544   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    00:35:36.0717 5544   MountMgr - ok
    00:35:36.0732 5544   mraid35x - ok
    00:35:36.0748 5544   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    00:35:36.0748 5544   MRxDAV - ok
    00:35:36.0795 5544   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    00:35:36.0795 5544   MRxSmb - ok
    00:35:36.0842 5544   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    00:35:36.0842 5544   Msfs - ok
    00:35:36.0873 5544   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    00:35:36.0873 5544   MSKSSRV - ok
    00:35:36.0920 5544   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    00:35:36.0920 5544   MSPCLOCK - ok
    00:35:36.0951 5544   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    00:35:36.0951 5544   MSPQM - ok
    00:35:37.0013 5544   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    00:35:37.0013 5544   mssmbios - ok
    00:35:37.0060 5544   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    00:35:37.0060 5544   MSTEE - ok
    00:35:37.0107 5544   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    00:35:37.0107 5544   Mup - ok
    00:35:37.0138 5544   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    00:35:37.0138 5544   NABTSFEC - ok
    00:35:37.0170 5544   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    00:35:37.0170 5544   NDIS - ok
    00:35:37.0217 5544   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    00:35:37.0217 5544   NdisIP - ok
    00:35:37.0279 5544   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    00:35:37.0279 5544   NdisTapi - ok
    00:35:37.0342 5544   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    00:35:37.0342 5544   Ndisuio - ok
    00:35:37.0373 5544   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    00:35:37.0373 5544   NdisWan - ok
    00:35:37.0404 5544   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    00:35:37.0404 5544   NDProxy - ok
    00:35:37.0420 5544   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    00:35:37.0420 5544   NetBIOS - ok
    00:35:37.0467 5544   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    00:35:37.0467 5544   NetBT - ok
    00:35:37.0498 5544   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    00:35:37.0498 5544   Npfs - ok
    00:35:37.0529 5544   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    00:35:37.0529 5544   Ntfs - ok
    00:35:37.0560 5544   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    00:35:37.0560 5544   Null - ok
    00:35:37.0576 5544   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    00:35:37.0576 5544   NwlnkFlt - ok
    00:35:37.0607 5544   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    00:35:37.0623 5544   NwlnkFwd - ok
    00:35:37.0670 5544   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    00:35:37.0670 5544   Parport - ok
    00:35:37.0701 5544   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    00:35:37.0701 5544   PartMgr - ok
    00:35:37.0732 5544   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    00:35:37.0732 5544   ParVdm - ok
    00:35:37.0748 5544   pavboot         (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
    00:35:37.0748 5544   pavboot - ok
    00:35:37.0763 5544   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    00:35:37.0763 5544   PCI - ok
    00:35:37.0779 5544   PCIDump - ok
    00:35:37.0795 5544   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    00:35:37.0795 5544   PCIIde - ok
    00:35:37.0842 5544   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    00:35:37.0842 5544   Pcmcia - ok
    00:35:37.0873 5544   PDCOMP - ok
    00:35:37.0920 5544   PDFRAME - ok
    00:35:37.0967 5544   PDRELI - ok
    00:35:37.0982 5544   PDRFRAME - ok
    00:35:38.0029 5544   perc2 - ok
    00:35:38.0060 5544   perc2hib - ok
    00:35:38.0123 5544   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    00:35:38.0123 5544   PptpMiniport - ok
    00:35:38.0138 5544   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    00:35:38.0138 5544   PSched - ok
    00:35:38.0154 5544   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    00:35:38.0154 5544   Ptilink - ok
    00:35:38.0170 5544   ql1080 - ok
    00:35:38.0217 5544   Ql10wnt - ok
    00:35:38.0263 5544   ql12160 - ok
    00:35:38.0295 5544   ql1240 - ok
    00:35:38.0342 5544   ql1280 - ok
    00:35:38.0388 5544   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    00:35:38.0388 5544   RasAcd - ok
    00:35:38.0404 5544   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    00:35:38.0420 5544   Rasl2tp - ok
    00:35:38.0451 5544   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    00:35:38.0451 5544   RasPppoe - ok
    00:35:38.0498 5544   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    00:35:38.0498 5544   Raspti - ok
    00:35:38.0576 5544   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    00:35:38.0576 5544   Rdbss - ok
    00:35:38.0592 5544   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    00:35:38.0592 5544   RDPCDD - ok
    00:35:38.0638 5544   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    00:35:38.0638 5544   rdpdr - ok
    00:35:38.0685 5544   RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    00:35:38.0701 5544   RDPWD - ok
    00:35:38.0732 5544   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    00:35:38.0732 5544   redbook - ok
    00:35:38.0795 5544   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    00:35:38.0795 5544   Secdrv - ok
    00:35:38.0826 5544   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    00:35:38.0826 5544   Serial - ok
    00:35:38.0857 5544   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    00:35:38.0857 5544   Sfloppy - ok
    00:35:38.0873 5544   Simbad - ok
    00:35:38.0904 5544   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    00:35:38.0904 5544   SLIP - ok
    00:35:38.0920 5544   Sparrow - ok
    00:35:38.0935 5544   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    00:35:38.0935 5544   splitter - ok
    00:35:38.0951 5544   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    00:35:38.0951 5544   sr - ok
    00:35:39.0013 5544   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    00:35:39.0013 5544   Srv - ok
    00:35:39.0045 5544   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    00:35:39.0060 5544   streamip - ok
    00:35:39.0092 5544   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    00:35:39.0092 5544   swenum - ok
    00:35:39.0123 5544   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    00:35:39.0123 5544   swmidi - ok
    00:35:39.0154 5544   symc810 - ok
    00:35:39.0170 5544   symc8xx - ok
    00:35:39.0201 5544   sym_hi - ok
    00:35:39.0232 5544   sym_u3 - ok
    00:35:39.0248 5544   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    00:35:39.0248 5544   sysaudio - ok
    00:35:39.0310 5544   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    00:35:39.0310 5544   Tcpip - ok
    00:35:39.0342 5544   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    00:35:39.0357 5544   TDPIPE - ok
    00:35:39.0388 5544   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    00:35:39.0388 5544   TDTCP - ok
    00:35:39.0435 5544   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    00:35:39.0435 5544   TermDD - ok
    00:35:39.0451 5544   TosIde - ok
    00:35:39.0482 5544   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    00:35:39.0482 5544   Udfs - ok
    00:35:39.0498 5544   ultra - ok
    00:35:39.0545 5544   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    00:35:39.0545 5544   Update - ok
    00:35:39.0592 5544   USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    00:35:39.0592 5544   USBAAPL - ok
    00:35:39.0623 5544   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    00:35:39.0638 5544   usbaudio - ok
    00:35:39.0670 5544   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    00:35:39.0670 5544   usbccgp - ok
    00:35:39.0732 5544   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    00:35:39.0732 5544   usbehci - ok
    00:35:39.0779 5544   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    00:35:39.0795 5544   usbhub - ok
    00:35:39.0842 5544   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    00:35:39.0842 5544   usbprint - ok
    00:35:39.0873 5544   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    00:35:39.0873 5544   usbscan - ok
    00:35:39.0904 5544   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    00:35:39.0904 5544   USBSTOR - ok
    00:35:39.0935 5544   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    00:35:39.0935 5544   usbuhci - ok
    00:35:39.0967 5544   usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    00:35:39.0982 5544   usbvideo - ok
    00:35:40.0013 5544   VClone          (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
    00:35:40.0013 5544   VClone - ok
    00:35:40.0029 5544   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    00:35:40.0029 5544   VgaSave - ok
    00:35:40.0029 5544   ViaIde - ok
    00:35:40.0076 5544   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    00:35:40.0076 5544   VolSnap - ok
    00:35:40.0092 5544   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    00:35:40.0092 5544   Wanarp - ok
    00:35:40.0107 5544   WDICA - ok
    00:35:40.0123 5544   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    00:35:40.0123 5544   wdmaud - ok
    00:35:40.0185 5544   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    00:35:40.0185 5544   WSTCODEC - ok
    00:35:40.0248 5544   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    00:35:40.0248 5544   WudfPf - ok
    00:35:40.0295 5544   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    00:35:40.0295 5544   WudfRd - ok
    00:35:40.0310 5544   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    00:35:40.0342 5544   \Device\Harddisk0\DR0 - ok
    00:35:40.0342 5544   MBR (0x1B8)     (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
    00:35:40.0357 5544   \Device\Harddisk1\DR3 - ok
    00:35:40.0357 5544   Boot (0x1200)   (b0513166327f82d1e6a555a9ed13c05d) \Device\Harddisk0\DR0\Partition0
    00:35:40.0357 5544   \Device\Harddisk0\DR0\Partition0 - ok
    00:35:40.0373 5544   Boot (0x1200)   (2ee975d9da4bcd201477788d9fdf1ba1) \Device\Harddisk0\DR0\Partition1
    00:35:40.0373 5544   \Device\Harddisk0\DR0\Partition1 - ok
    00:35:40.0373 5544   Boot (0x1200)   (37982e79dc8ee53021886109bc6b127a) \Device\Harddisk1\DR3\Partition0
    00:35:40.0373 5544   \Device\Harddisk1\DR3\Partition0 - ok
    00:35:40.0373 5544   ============================================================
    00:35:40.0373 5544   Scan finished
    00:35:40.0373 5544   ============================================================
    00:35:40.0388 3444   Detected object count: 0
    00:35:40.0388 3444   Actual detected object count: 0
    00:36:00.0638 5348   ============================================================
    00:36:00.0638 5348   Scan started
    00:36:00.0638 5348   Mode: Manual;
    00:36:00.0638 5348   ============================================================
    00:36:01.0388 5348   Abiosdsk - ok
    00:36:01.0420 5348   abp480n5 - ok
    00:36:01.0482 5348   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    00:36:01.0482 5348   ACPI - ok
    00:36:01.0529 5348   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    00:36:01.0529 5348   ACPIEC - ok
    00:36:01.0560 5348   adpu160m - ok
    00:36:01.0576 5348   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    00:36:01.0576 5348   aec - ok
    00:36:01.0623 5348   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    00:36:01.0623 5348   AFD - ok
    00:36:01.0638 5348   Aha154x - ok
    00:36:01.0685 5348   aic78u2 - ok
    00:36:01.0717 5348   aic78xx - ok
    00:36:01.0748 5348   AliIde - ok
    00:36:01.0795 5348   amsint - ok
    00:36:01.0810 5348   asc - ok
    00:36:01.0857 5348   asc3350p - ok
    00:36:01.0904 5348   asc3550 - ok
    00:36:01.0967 5348   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    00:36:01.0967 5348   AsyncMac - ok
    00:36:01.0998 5348   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    00:36:01.0998 5348   atapi - ok
    00:36:02.0029 5348   Atdisk - ok
    00:36:02.0201 5348   ati2mtag        (011388ddc5b83ef4a0b2b829735c646f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    00:36:02.0248 5348   ati2mtag - ok
    00:36:02.0310 5348   AtiHdmiService  (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    00:36:02.0310 5348   AtiHdmiService - ok
    00:36:02.0342 5348   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    00:36:02.0342 5348   Atmarpc - ok
    00:36:02.0388 5348   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    00:36:02.0404 5348   audstub - ok
    00:36:02.0467 5348   BCM43XX         (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    00:36:02.0467 5348   BCM43XX - ok
    00:36:02.0513 5348   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    00:36:02.0513 5348   Beep - ok
    00:36:02.0560 5348   BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
    00:36:02.0560 5348   BrScnUsb - ok
    00:36:02.0576 5348   BrSerIf         (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
    00:36:02.0576 5348   BrSerIf - ok
    00:36:02.0607 5348   BrUsbSer        (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    00:36:02.0607 5348   BrUsbSer - ok
    00:36:02.0638 5348   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    00:36:02.0638 5348   cbidf2k - ok
    00:36:02.0670 5348   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    00:36:02.0670 5348   CCDECODE - ok
    00:36:02.0670 5348   cd20xrnt - ok
    00:36:02.0701 5348   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    00:36:02.0701 5348   Cdaudio - ok
    00:36:02.0748 5348   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    00:36:02.0748 5348   Cdfs - ok
    00:36:02.0779 5348   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    00:36:02.0779 5348   Cdrom - ok
    00:36:02.0795 5348   Changer - ok
    00:36:02.0826 5348   CmdIde - ok
    00:36:02.0842 5348   Cpqarray - ok
    00:36:02.0904 5348   cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    00:36:02.0904 5348   cpudrv - ok
    00:36:02.0935 5348   dac2w2k - ok
    00:36:02.0935 5348   dac960nt - ok
    00:36:02.0967 5348   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    00:36:02.0967 5348   Disk - ok
    00:36:03.0013 5348   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    00:36:03.0013 5348   dmboot - ok
    00:36:03.0154 5348   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    00:36:03.0154 5348   dmio - ok
    00:36:03.0295 5348   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    00:36:03.0295 5348   dmload - ok
    00:36:03.0529 5348   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    00:36:03.0529 5348   DMusic - ok
    00:36:03.0701 5348   dpti2o - ok
    00:36:03.0920 5348   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    00:36:03.0920 5348   drmkaud - ok
    00:36:03.0998 5348   e1express       (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    00:36:03.0998 5348   e1express - ok
    00:36:04.0045 5348   eamon           (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
    00:36:04.0045 5348   eamon - ok
    00:36:04.0107 5348   ehdrv           (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    00:36:04.0107 5348   ehdrv - ok
    00:36:04.0154 5348   ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    00:36:04.0154 5348   ElbyCDIO - ok
    00:36:04.0170 5348   epfwtdir        (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    00:36:04.0170 5348   epfwtdir - ok
    00:36:04.0217 5348   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    00:36:04.0217 5348   Fastfat - ok
    00:36:04.0248 5348   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    00:36:04.0248 5348   Fdc - ok
    00:36:04.0295 5348   FilterService   (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    00:36:04.0295 5348   FilterService - ok
    00:36:04.0342 5348   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    00:36:04.0342 5348   Fips - ok
    00:36:04.0373 5348   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    00:36:04.0373 5348   Flpydisk - ok
    00:36:04.0404 5348   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    00:36:04.0404 5348   FltMgr - ok
    00:36:04.0435 5348   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    00:36:04.0435 5348   Fs_Rec - ok
    00:36:04.0435 5348   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    00:36:04.0435 5348   Ftdisk - ok
    00:36:04.0498 5348   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    00:36:04.0498 5348   GEARAspiWDM - ok
    00:36:04.0529 5348   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    00:36:04.0529 5348   Gpc - ok
    00:36:04.0592 5348   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    00:36:04.0592 5348   HDAudBus - ok
    00:36:04.0623 5348   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    00:36:04.0623 5348   hidusb - ok
    00:36:04.0638 5348   hpn - ok
    00:36:04.0685 5348   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    00:36:04.0685 5348   HTTP - ok
    00:36:04.0685 5348   i2omgmt - ok
    00:36:04.0701 5348   i2omp - ok
    00:36:04.0748 5348   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    00:36:04.0748 5348   i8042prt - ok
    00:36:04.0779 5348   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    00:36:04.0779 5348   Imapi - ok
    00:36:04.0795 5348   ini910u - ok
    00:36:04.0920 5348   IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    00:36:04.0935 5348   IntcAzAudAddService - ok
    00:36:04.0967 5348   IntelIde - ok
    00:36:05.0013 5348   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    00:36:05.0013 5348   intelppm - ok
    00:36:05.0060 5348   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    00:36:05.0060 5348   Ip6Fw - ok
    00:36:05.0107 5348   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    00:36:05.0107 5348   IpFilterDriver - ok
    00:36:05.0154 5348   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    00:36:05.0154 5348   IpInIp - ok
    00:36:05.0217 5348   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    00:36:05.0217 5348   IpNat - ok
    00:36:05.0248 5348   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    00:36:05.0248 5348   IPSec - ok
    00:36:05.0263 5348   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    00:36:05.0263 5348   IRENUM - ok
    00:36:05.0310 5348   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    00:36:05.0310 5348   isapnp - ok
    00:36:05.0342 5348   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    00:36:05.0342 5348   Kbdclass - ok
    00:36:05.0357 5348   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    00:36:05.0357 5348   kbdhid - ok
    00:36:05.0373 5348   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    00:36:05.0373 5348   kmixer - ok
    00:36:05.0404 5348   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    00:36:05.0404 5348   KSecDD - ok
    00:36:05.0435 5348   lbrtfdc - ok
    00:36:05.0498 5348   LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    00:36:05.0498 5348   LVPr2Mon - ok
    00:36:05.0545 5348   LVRS            (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    00:36:05.0545 5348   LVRS - ok
    00:36:05.0717 5348   LVUVC           (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    00:36:05.0748 5348   LVUVC - ok
    00:36:05.0810 5348   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    00:36:05.0810 5348   mnmdd - ok
    00:36:05.0857 5348   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    00:36:05.0857 5348   Modem - ok
    00:36:05.0904 5348   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    00:36:05.0904 5348   Mouclass - ok
    00:36:05.0951 5348   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    00:36:05.0951 5348   mouhid - ok
    00:36:05.0998 5348   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    00:36:05.0998 5348   MountMgr - ok
    00:36:06.0013 5348   mraid35x - ok
    00:36:06.0076 5348   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    00:36:06.0076 5348   MRxDAV - ok
    00:36:06.0123 5348   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    00:36:06.0123 5348   MRxSmb - ok
    00:36:06.0170 5348   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    00:36:06.0170 5348   Msfs - ok
    00:36:06.0232 5348   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    00:36:06.0232 5348   MSKSSRV - ok
    00:36:06.0279 5348   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    00:36:06.0279 5348   MSPCLOCK - ok
    00:36:06.0295 5348   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    00:36:06.0295 5348   MSPQM - ok
    00:36:06.0326 5348   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    00:36:06.0326 5348   mssmbios - ok
    00:36:06.0373 5348   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    00:36:06.0373 5348   MSTEE - ok
    00:36:06.0404 5348   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    00:36:06.0404 5348   Mup - ok
    00:36:06.0420 5348   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    00:36:06.0435 5348   NABTSFEC - ok
    00:36:06.0482 5348   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    00:36:06.0482 5348   NDIS - ok
    00:36:06.0498 5348   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    00:36:06.0498 5348   NdisIP - ok
    00:36:06.0545 5348   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    00:36:06.0545 5348   NdisTapi - ok
    00:36:06.0576 5348   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    00:36:06.0576 5348   Ndisuio - ok
    00:36:06.0592 5348   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    00:36:06.0592 5348   NdisWan - ok
    00:36:06.0654 5348   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    00:36:06.0654 5348   NDProxy - ok
    00:36:06.0685 5348   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    00:36:06.0685 5348   NetBIOS - ok
    00:36:06.0717 5348   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    00:36:06.0732 5348   NetBT - ok
    00:36:06.0779 5348   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    00:36:06.0779 5348   Npfs - ok
    00:36:06.0810 5348   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    00:36:06.0810 5348   Ntfs - ok
    00:36:06.0842 5348   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    00:36:06.0842 5348   Null - ok
    00:36:06.0888 5348   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    00:36:06.0888 5348   NwlnkFlt - ok
    00:36:06.0920 5348   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    00:36:06.0920 5348   NwlnkFwd - ok
    00:36:06.0998 5348   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    00:36:06.0998 5348   Parport - ok
    00:36:07.0013 5348   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    00:36:07.0013 5348   PartMgr - ok
    00:36:07.0060 5348   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    00:36:07.0060 5348   ParVdm - ok
    00:36:07.0107 5348   pavboot         (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
    00:36:07.0107 5348   pavboot - ok
    00:36:07.0154 5348   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    00:36:07.0154 5348   PCI - ok
    00:36:07.0185 5348   PCIDump - ok
    00:36:07.0217 5348   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    00:36:07.0217 5348   PCIIde - ok
    00:36:07.0263 5348   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    00:36:07.0263 5348   Pcmcia - ok
    00:36:07.0295 5348   PDCOMP - ok
    00:36:07.0310 5348   PDFRAME - ok
    00:36:07.0310 5348   PDRELI - ok
    00:36:07.0310 5348   PDRFRAME - ok
    00:36:07.0326 5348   perc2 - ok
    00:36:07.0357 5348   perc2hib - ok
    00:36:07.0404 5348   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    00:36:07.0404 5348   PptpMiniport - ok
    00:36:07.0404 5348   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    00:36:07.0404 5348   PSched - ok
    00:36:07.0435 5348   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    00:36:07.0435 5348   Ptilink - ok
    00:36:07.0451 5348   ql1080 - ok
    00:36:07.0451 5348   Ql10wnt - ok
    00:36:07.0467 5348   ql12160 - ok
    00:36:07.0467 5348   ql1240 - ok
    00:36:07.0498 5348   ql1280 - ok
    00:36:07.0513 5348   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    00:36:07.0513 5348   RasAcd - ok
    00:36:07.0545 5348   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    00:36:07.0545 5348   Rasl2tp - ok
    00:36:07.0560 5348   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    00:36:07.0560 5348   RasPppoe - ok
    00:36:07.0576 5348   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    00:36:07.0576 5348   Raspti - ok
    00:36:07.0607 5348   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    00:36:07.0607 5348   Rdbss - ok
    00:36:07.0638 5348   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    00:36:07.0638 5348   RDPCDD - ok
    00:36:07.0654 5348   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    00:36:07.0654 5348   rdpdr - ok
    00:36:07.0717 5348   RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    00:36:07.0717 5348   RDPWD - ok
    00:36:07.0779 5348   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    00:36:07.0779 5348   redbook - ok
    00:36:07.0842 5348   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    00:36:07.0842 5348   Secdrv - ok
    00:36:07.0857 5348   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    00:36:07.0857 5348   Serial - ok
    00:36:07.0888 5348   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    00:36:07.0888 5348   Sfloppy - ok
    00:36:07.0904 5348   Simbad - ok
    00:36:07.0920 5348   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    00:36:07.0920 5348   SLIP - ok
    00:36:07.0935 5348   Sparrow - ok
    00:36:07.0982 5348   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    00:36:07.0982 5348   splitter - ok
    00:36:08.0013 5348   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    00:36:08.0013 5348   sr - ok
    00:36:08.0029 5348   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    00:36:08.0029 5348   Srv - ok
    00:36:08.0060 5348   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    00:36:08.0060 5348   streamip - ok
    00:36:08.0107 5348   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    00:36:08.0107 5348   swenum - ok
    00:36:08.0138 5348   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    00:36:08.0138 5348   swmidi - ok
    00:36:08.0170 5348   symc810 - ok
    00:36:08.0185 5348   symc8xx - ok
    00:36:08.0185 5348   sym_hi - ok
    00:36:08.0201 5348   sym_u3 - ok
    00:36:08.0263 5348   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    00:36:08.0263 5348   sysaudio - ok
    00:36:08.0326 5348   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    00:36:08.0326 5348   Tcpip - ok
    00:36:08.0357 5348   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    00:36:08.0357 5348   TDPIPE - ok
    00:36:08.0373 5348   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    00:36:08.0373 5348   TDTCP - ok
    00:36:08.0404 5348   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    00:36:08.0404 5348   TermDD - ok
    00:36:08.0420 5348   TosIde - ok
    00:36:08.0467 5348   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    00:36:08.0467 5348   Udfs - ok
    00:36:08.0482 5348   ultra - ok
    00:36:08.0529 5348   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    00:36:08.0529 5348   Update - ok
    00:36:08.0576 5348   USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    00:36:08.0576 5348   USBAAPL - ok
    00:36:08.0638 5348   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    00:36:08.0638 5348   usbaudio - ok
    00:36:08.0685 5348   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    00:36:08.0685 5348   usbccgp - ok
    00:36:08.0748 5348   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    00:36:08.0748 5348   usbehci - ok
    00:36:08.0795 5348   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    00:36:08.0795 5348   usbhub - ok
    00:36:08.0842 5348   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    00:36:08.0842 5348   usbprint - ok
    00:36:08.0888 5348   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    00:36:08.0888 5348   usbscan - ok
    00:36:08.0920 5348   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    00:36:08.0920 5348   USBSTOR - ok
    00:36:08.0951 5348   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    00:36:08.0951 5348   usbuhci - ok
    00:36:08.0998 5348   usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    00:36:08.0998 5348   usbvideo - ok
    00:36:09.0076 5348   VClone          (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
    00:36:09.0076 5348   VClone - ok
    00:36:09.0076 5348   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    00:36:09.0076 5348   VgaSave - ok
    00:36:09.0092 5348   ViaIde - ok
    00:36:09.0123 5348   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    00:36:09.0123 5348   VolSnap - ok
    00:36:09.0138 5348   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    00:36:09.0138 5348   Wanarp - ok
    00:36:09.0154 5348   WDICA - ok
    00:36:09.0201 5348   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    00:36:09.0201 5348   wdmaud - ok
    00:36:09.0279 5348   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    00:36:09.0279 5348   WSTCODEC - ok
    00:36:09.0342 5348   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    00:36:09.0342 5348   WudfPf - ok
    00:36:09.0388 5348   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    00:36:09.0388 5348   WudfRd - ok
    00:36:09.0404 5348   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    00:36:09.0435 5348   \Device\Harddisk0\DR0 - ok
    00:36:09.0435 5348   MBR (0x1B8)     (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
    00:36:09.0451 5348   \Device\Harddisk1\DR3 - ok
    00:36:09.0451 5348   Boot (0x1200)   (b0513166327f82d1e6a555a9ed13c05d) \Device\Harddisk0\DR0\Partition0
    00:36:09.0451 5348   \Device\Harddisk0\DR0\Partition0 - ok
    00:36:09.0467 5348   Boot (0x1200)   (2ee975d9da4bcd201477788d9fdf1ba1) \Device\Harddisk0\DR0\Partition1
    00:36:09.0467 5348   \Device\Harddisk0\DR0\Partition1 - ok
    00:36:09.0467 5348   Boot (0x1200)   (37982e79dc8ee53021886109bc6b127a) \Device\Harddisk1\DR3\Partition0
    00:36:09.0467 5348   \Device\Harddisk1\DR3\Partition0 - ok
    00:36:09.0467 5348   ============================================================
    00:36:09.0467 5348   Scan finished
    00:36:09.0467 5348   ============================================================
    00:36:09.0498 5488   Detected object count: 0
    00:36:09.0498 5488   Actual detected object count: 0

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #9 on: January 06, 2012, 10:19:26 am »
    * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #10 on: January 06, 2012, 11:58:32 am »
    ComboFix 12-01-06.01 - Gail 01/06/2012  12:50:11.1.4 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2428 [GMT -5:00]
    Running from: c:\documents and settings\Gail\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~OtxzMAdeY7kqEj
    c:\documents and settings\All Users\Application Data\~OtxzMAdeY7kqEjr
    c:\documents and settings\All Users\Application Data\OtxzMAdeY7kqEj
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Gail\Application Data\Mozilla\Firefox\Profiles\wp8z0511.default\searchplugins\bing-zugo.xml
    c:\documents and settings\Gail\Application Data\PriceGong
    c:\documents and settings\Gail\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Gail\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Gail\g2ax_customer_downloadhelper_win32_x86.exe
    c:\documents and settings\Gail\Local Settings\Application Data\.#
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383470.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383480.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383490.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@3834A0.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383470.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383480.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383490.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@3834A0.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383470.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383480.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383490.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@3834A0.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383470.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383480.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383490.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@3834A0.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383470.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383480.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383490.###
    c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@3834A0.###
    c:\documents and settings\Gail\My Documents\~WRL0001.tmp
    c:\documents and settings\Gail\My Documents\~WRL0002.tmp
    c:\documents and settings\Gail\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Gail\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\documents and settings\Gail\WINDOWS
    c:\windows\system32\SETB19.tmp
    c:\windows\system32\SETB1B.tmp
    c:\windows\system32\SETB1F.tmp
    c:\windows\system32\SETB20.tmp
    c:\windows\system32\SETB27.tmp
    c:\windows\system32\SETB29.tmp
    c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
    c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
    E:\install.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-12-06 to 2012-01-06  )))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 17:59 . 2009-06-30 15:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
    2012-01-05 17:59 . 2012-01-05 17:59   --------   d-----w-   c:\program files\Panda Security
    2012-01-05 17:59 . 2012-01-05 17:59   --------   d-----w-   c:\windows\LastGood
    2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\documents and settings\Gail\Application Data\Malwarebytes
    2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2012-01-05 14:46 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-01-05 04:33 . 2012-01-05 04:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
    2012-01-04 23:54 . 2012-01-05 00:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2012-01-04 23:52 . 2012-01-04 23:52   388096   ----a-r-   c:\documents and settings\Gail\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-04 23:52 . 2012-01-04 23:52   --------   d-----w-   c:\program files\Trend Micro
    2011-12-31 19:20 . 2011-12-31 19:20   --------   d-----w-   C:\DiD
    2011-12-31 05:11 . 2011-12-31 05:11   --------   d-----w-   c:\program files\DID
    2011-12-31 05:06 . 1996-01-09 10:38   283648   ----a-w-   c:\windows\uninst.exe
    2011-12-31 03:06 . 2011-12-31 03:06   --------   d-----w-   c:\program files\iPod
    2011-12-31 03:06 . 2011-12-31 03:07   --------   d-----w-   c:\program files\iTunes
    2011-12-31 03:03 . 2011-12-31 03:03   --------   d-----w-   c:\program files\Bonjour
    2011-12-10 20:48 . 2011-12-10 20:48   --------   d-----w-   c:\program files\ESET
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2004-08-04 04:17   1859584   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-04 05:56   1469440   ------w-   c:\windows\system32\inetcpl.cpl
    2011-11-04 19:20 . 2004-08-04 05:56   916992   ----a-w-   c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 05:56   43520   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-11-04 11:23 . 2004-08-04 03:59   385024   ----a-w-   c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-04 05:56   1288704   ----a-w-   c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 05:56   33280   ----a-w-   c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2004-08-04 04:18   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-04 05:56   186880   ----a-w-   c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2010-07-22 23:19   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Gail\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
    "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 98304]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
    "c:\\Documents and Settings\\Gail\\Application Data\\mjusbsp\\magicJack.exe"=
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 10:44 AM 118104]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 10:45 AM 103112]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 1:47 AM 136176]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 1:47 AM 136176]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 58607140
    *Deregistered* - 58607140
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
    .
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 06:47]
    .
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 06:47]
    .
    2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{3E045906-B672-4A9A-8B43-6F7D37DA6C2C}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Gail\Application Data\Mozilla\Firefox\Profiles\wp8z0511.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z003&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Imation Disk Manager V a Service - c:\docume~1\Gail\LOCALS~1\Temp\Imation Disk Manager V a.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-06 12:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1008)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2012-01-06  12:55:10
    ComboFix-quarantined-files.txt  2012-01-06 17:54
    .
    Pre-Run: 75,945,922,560 bytes free
    Post-Run: 76,258,045,952 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    ;
    ;Warning: Boot.ini is used on Windows XP and earlier operating systems.
    ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
    ;
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
    .
    - - End Of File - - 711185CBC02664AC6AECA26F58EE829C

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #11 on: January 06, 2012, 01:10:00 pm »
    Did the other missing items come back? How is the computer running now?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #12 on: January 06, 2012, 01:48:17 pm »
    No they are still missing. The system itself is running fine however. 

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25335
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #13 on: January 06, 2012, 03:22:24 pm »
    Please run unhide again and let me know how it goes.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline galan

    • Bronze Member
    • Posts: 24
    Re: [In Progress] Files hidden/Win32 Olmasco
    « Reply #14 on: January 06, 2012, 03:40:12 pm »
    I did and they are still hidden. Everything is working fine otherwise though. Do you think the system is still infected?