Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Google search redirecting to yellowise and other sites


  • This topic is locked This topic is locked
9 replies to this topic

#1 ericlrobinson

ericlrobinson

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 October 2011 - 10:51 AM

Greetings,

My computer had a windows restore virus. I managed to remove it, and thought that the computer was clean. Later I noticed that when I use google, I am redirected, typically to a yellowise site.

MalwareBytes, MSE, and ESET are not finding anything on full scan after I removed the virus. I am just not having any luck fixing this.

In the middle of trying to remove the redirect, I made a mistake. I used combofix. I apologize and hope that I did not make the problem more difficult to solve.

When running gmer.exe, I received the attached error. The scan said there were no system modifications found.

Please help!

Thanks,
Eric-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ahixson at 10:23:26 on 2011-10-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1394 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpunauthgreeting
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\ahixson\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\franklin covey\palm\HOTSYNC.EXE
StartupFolder: c:\documents and settings\ahixson\start menu\programs\startup\PowerReg SchedulerV2.exe
StartupFolder: c:\docume~1\ahixson\startm~1\programs\startup\weekly~1.lnk - c:\program files\franklin covey\planner\Compass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-us\local\search.html
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: eset.com\go
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {15D73F88-277E-42EC-BE97-C64E1C6A18D9} - hxxp://nsa-server/mpm02/Install/CPOPM04Client/CPOPM04Client.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} - hxxps://workflow.int.uhs.com/5250/matn5250.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.mercy.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F839F0A1-4D68-472A-BBB8-08FA530581CF} - hxxp://nsa-server/mpm02/Install/MBCINSTaller70.dll
TCP: Interfaces\{809B9DF7-3404-4422-B535-653BFEE6BBDD} : NameServer = 192.168.1.1,192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb8232b89;MpKslb8232b89;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4d37433-0eaa-4a6d-898c-19d768bfdc64}\MpKslb8232b89.sys [2011-10-28 28752]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-5-5 8960]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-9 24652]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-5 110080]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-5-5 11264]
S3 OracleORA90ClientCache;OracleORA90ClientCache;c:\oracle\bin\ONRSD.EXE [2001-8-14 425828]
.
=============== Created Last 30 ================
.
2011-10-28 14:50:06 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4d37433-0eaa-4a6d-898c-19d768bfdc64}\MpKslb8232b89.sys
2011-10-28 14:50:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4d37433-0eaa-4a6d-898c-19d768bfdc64}\offreg.dll
2011-10-28 14:38:09 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4d37433-0eaa-4a6d-898c-19d768bfdc64}\mpengine.dll
2011-10-28 14:29:00 14162080 -c--a-w- c:\documents and settings\ahixson\application data\Setup.exe
2011-10-28 13:25:46 -------- d-sha-r- C:\cmdcons
2011-10-28 13:18:07 98816 ----a-w- c:\windows\sed.exe
2011-10-28 13:18:07 518144 ----a-w- c:\windows\SWREG.exe
2011-10-28 13:18:07 256000 ----a-w- c:\windows\PEV.exe
2011-10-28 13:18:07 208896 ----a-w- c:\windows\MBR.exe
2011-10-28 13:16:42 -------- d-----w- C:\ComboFix
2011-10-27 21:17:53 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-26 18:56:17 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-26 18:54:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 18:51:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-26 18:08:47 -------- d-----w- C:\AAAA
2011-10-25 21:26:42 70656 --sha-r- c:\windows\system32\netstat7.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-20 13:48:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-20 13:47:56 -------- d-----w- c:\documents and settings\ahixson\local settings\application data\Apple
2011-10-20 13:47:43 -------- d-----w- c:\documents and settings\ahixson\local settings\application data\Apple Computer
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 10:30:26.29 ===============

Attached Files


Edited by Noviciate, 28 October 2011 - 05:02 PM.
Added DDS log.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 October 2011 - 08:41 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ericlrobinson

ericlrobinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 31 October 2011 - 08:38 AM

Here are the combofix results. The web browser is still redirecting. =(

Thanks for everything!

ComboFix 11-10-30.03 - ahixson 10/31/2011 7:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1377 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-30 14:56 . 2011-10-31 12:32 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{176A640C-60AA-49AB-BC3A-045FD0D4BE3E}\offreg.dll
2011-10-30 14:56 . 2011-10-07 01:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{176A640C-60AA-49AB-BC3A-045FD0D4BE3E}\mpengine.dll
2011-10-28 14:29 . 2003-12-09 01:23 14162080 -c--a-w- c:\documents and settings\ahixson\Application Data\Setup.exe
2011-10-27 21:17 . 2011-10-27 21:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-26 18:56 . 2011-10-07 01:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 18:54 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 18:51 . 2011-10-26 18:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-26 18:08 . 2011-10-28 15:40 -------- d-----w- C:\AAAA
2011-10-25 21:26 . 2011-10-25 21:26 70656 --sha-r- c:\windows\system32\netstat7.dll
2011-10-20 18:27 . 2011-10-20 18:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-20 13:49 . 2011-10-20 13:55 -------- d-----w- c:\documents and settings\ahixson\Application Data\Apple Computer
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-20 13:48 . 2011-10-20 13:48 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-20 13:48 . 2011-10-20 13:48 -------- d-----w- c:\program files\QuickTime
2011-10-20 13:48 . 2011-10-20 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-10-20 13:48 . 2011-10-20 13:48 -------- d-----w- c:\program files\Common Files\Apple
2011-10-20 13:47 . 2011-10-20 13:47 -------- d-----w- c:\documents and settings\ahixson\Local Settings\Application Data\Apple
2011-10-20 13:47 . 2011-10-20 13:47 -------- d-----w- c:\program files\Apple Software Update
2011-10-20 13:47 . 2011-10-20 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-20 13:47 . 2011-10-20 13:47 -------- d-----w- c:\documents and settings\ahixson\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2010-05-24 21:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-25 16:16 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_14.05.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 18:12 . 2011-10-28 14:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 18:12 . 2011-10-28 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 18:12 . 2011-10-28 14:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-18 18:12 . 2011-10-28 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-18 18:12 . 2011-10-28 14:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-18 18:12 . 2011-10-28 12:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
c:\documents and settings\ahixson\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Franklin Covey\Palm\HOTSYNC.EXE [N/A]
PowerReg SchedulerV2.exe [2004-1-14 256000]
Weekly Compass.lnk - c:\program files\Franklin Covey\Planner\Compass.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2009-6-9 581632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-1500820517-682003330-1139\Scripts\Logon\0\0]
"Script"=frontDeskLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-1500820517-682003330-1190\Scripts\Logon\0\0]
"Script"=frontDeskLogon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ahixson^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\ahixson\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-08-18 22:19 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-18 22:20 16806912 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2009-03-05 21:28 585728 ----a-w- c:\program files\TightVNC\WinVNC.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 12:51 PM 65584]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [5/5/2009 12:37 PM 8960]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 6:42 AM 172328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2009 4:04 PM 24652]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/5/2009 3:29 PM 110080]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [5/5/2009 12:37 PM 11264]
S3 OracleORA90ClientCache;OracleORA90ClientCache;c:\oracle\bin\ONRSD.EXE [8/14/2001 6:25 PM 425828]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB8232B89
*Deregistered* - MpKslb8232b89
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=acm50mtmhpunauthgreeting
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\go
TCP: Interfaces\{809B9DF7-3404-4422-B535-653BFEE6BBDD}: NameServer = 192.168.1.1,192.168.1.254
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {15D73F88-277E-42EC-BE97-C64E1C6A18D9} - hxxp://nsa-server/mpm02/Install/CPOPM04Client/CPOPM04Client.cab
DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} - hxxps://workflow.int.uhs.com/5250/matn5250.cab
DPF: {F839F0A1-4D68-472A-BBB8-08FA530581CF} - hxxp://nsa-server/mpm02/Install/MBCINSTaller70.dll
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 08:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\TeamViewer\Version5\tv.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-31 08:27:33
ComboFix-quarantined-files.txt 2011-10-31 13:27
ComboFix2.txt 2011-10-28 14:20
.
Pre-Run: 144,875,544,576 bytes free
Post-Run: 144,853,872,640 bytes free
.
- - End Of File - - F52E7B328E5D4E141E53019FDED6F075

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 31 October 2011 - 11:16 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ericlrobinson

ericlrobinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 31 October 2011 - 12:16 PM

I don't know why, but i cannot get tdsskiller to run. I have tried running it under different user accounts. I even created a new account, when I click the tdsskiller.exe, it asks if i want to run the program, i hit yes, and then nothing happens.

I just noticed that I am now being redirected to Infomash.org and get-answers-fast.com

Edited by ericlrobinson, 31 October 2011 - 04:19 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 31 October 2011 - 08:50 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ericlrobinson

ericlrobinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 01 November 2011 - 07:57 AM

It said "***Infected MBR detected" I clicked repair, and it said "Repair Succedded"

I rebooted, and ran Tdsskiller.exe

It scanned clean. It looks like that did the trick. I went to a few sites, and no redirects!

Gringo, thanks for your guidance. You rock!

07:43:04.0000 3340 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
07:43:04.0390 3340 ============================================================
07:43:04.0390 3340 Current date / time: 2011/11/01 07:43:04.0390
07:43:04.0390 3340 SystemInfo:
07:43:04.0390 3340
07:43:04.0390 3340 OS Version: 5.1.2600 ServicePack: 3.0
07:43:04.0390 3340 Product type: Workstation
07:43:04.0390 3340 ComputerName: HHS006
07:43:04.0390 3340 UserName: ahixson
07:43:04.0390 3340 Windows directory: C:\WINDOWS
07:43:04.0390 3340 System windows directory: C:\WINDOWS
07:43:04.0390 3340 Processor architecture: Intel x86
07:43:04.0390 3340 Number of processors: 2
07:43:04.0390 3340 Page size: 0x1000
07:43:04.0390 3340 Boot type: Normal boot
07:43:04.0390 3340 ============================================================
07:43:04.0671 3340 Initialize success
07:43:14.0875 3504 ============================================================
07:43:14.0875 3504 Scan started
07:43:14.0875 3504 Mode: Manual;
07:43:14.0875 3504 ============================================================
07:43:15.0593 3504 Abiosdsk - ok
07:43:15.0656 3504 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:43:15.0656 3504 abp480n5 - ok
07:43:15.0734 3504 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:43:15.0734 3504 ACPI - ok
07:43:15.0781 3504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:43:15.0781 3504 ACPIEC - ok
07:43:15.0828 3504 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:43:15.0828 3504 adpu160m - ok
07:43:15.0875 3504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:43:15.0875 3504 aec - ok
07:43:15.0921 3504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:43:15.0921 3504 AFD - ok
07:43:15.0953 3504 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:43:15.0953 3504 agp440 - ok
07:43:15.0984 3504 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:43:15.0984 3504 agpCPQ - ok
07:43:16.0000 3504 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:43:16.0000 3504 Aha154x - ok
07:43:16.0015 3504 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:43:16.0015 3504 aic78u2 - ok
07:43:16.0031 3504 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:43:16.0031 3504 aic78xx - ok
07:43:16.0078 3504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:43:16.0078 3504 AliIde - ok
07:43:16.0078 3504 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:43:16.0078 3504 alim1541 - ok
07:43:16.0093 3504 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:43:16.0093 3504 amdagp - ok
07:43:16.0125 3504 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:43:16.0125 3504 amsint - ok
07:43:16.0171 3504 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:43:16.0171 3504 asc - ok
07:43:16.0187 3504 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:43:16.0187 3504 asc3350p - ok
07:43:16.0218 3504 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:43:16.0218 3504 asc3550 - ok
07:43:16.0250 3504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:43:16.0250 3504 AsyncMac - ok
07:43:16.0281 3504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:43:16.0281 3504 atapi - ok
07:43:16.0296 3504 Atdisk - ok
07:43:16.0312 3504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:43:16.0312 3504 Atmarpc - ok
07:43:16.0343 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:43:16.0343 3504 audstub - ok
07:43:16.0359 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:43:16.0359 3504 Beep - ok
07:43:16.0515 3504 catchme - ok
07:43:16.0546 3504 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:43:16.0546 3504 cbidf - ok
07:43:16.0562 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:43:16.0562 3504 cbidf2k - ok
07:43:16.0593 3504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:43:16.0593 3504 CCDECODE - ok
07:43:16.0609 3504 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:43:16.0609 3504 cd20xrnt - ok
07:43:16.0656 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:43:16.0656 3504 Cdaudio - ok
07:43:16.0671 3504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:43:16.0671 3504 Cdfs - ok
07:43:16.0687 3504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:43:16.0687 3504 Cdrom - ok
07:43:16.0687 3504 Changer - ok
07:43:16.0750 3504 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:43:16.0750 3504 CmdIde - ok
07:43:16.0796 3504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:43:16.0796 3504 Cpqarray - ok
07:43:16.0843 3504 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
07:43:16.0843 3504 ctxusbm - ok
07:43:16.0875 3504 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:43:16.0875 3504 dac2w2k - ok
07:43:16.0921 3504 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:43:16.0921 3504 dac960nt - ok
07:43:16.0968 3504 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys
07:43:16.0968 3504 Diag69xp - ok
07:43:17.0000 3504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:43:17.0000 3504 Disk - ok
07:43:17.0031 3504 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
07:43:17.0031 3504 DLABMFSM - ok
07:43:17.0046 3504 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
07:43:17.0046 3504 DLABOIOM - ok
07:43:17.0046 3504 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
07:43:17.0046 3504 DLACDBHM - ok
07:43:17.0062 3504 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
07:43:17.0062 3504 DLADResM - ok
07:43:17.0062 3504 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
07:43:17.0062 3504 DLAIFS_M - ok
07:43:17.0078 3504 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
07:43:17.0078 3504 DLAOPIOM - ok
07:43:17.0078 3504 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
07:43:17.0078 3504 DLAPoolM - ok
07:43:17.0109 3504 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
07:43:17.0109 3504 DLARTL_M - ok
07:43:17.0140 3504 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
07:43:17.0156 3504 DLAUDFAM - ok
07:43:17.0156 3504 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
07:43:17.0156 3504 DLAUDF_M - ok
07:43:17.0218 3504 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:43:17.0218 3504 dmboot - ok
07:43:17.0234 3504 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:43:17.0234 3504 dmio - ok
07:43:17.0234 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:43:17.0234 3504 dmload - ok
07:43:17.0281 3504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:43:17.0281 3504 DMusic - ok
07:43:17.0328 3504 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:43:17.0328 3504 dpti2o - ok
07:43:17.0328 3504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:43:17.0328 3504 drmkaud - ok
07:43:17.0390 3504 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
07:43:17.0390 3504 DRVMCDB - ok
07:43:17.0406 3504 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
07:43:17.0406 3504 DRVNDDM - ok
07:43:17.0453 3504 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
07:43:17.0453 3504 dsNcAdpt - ok
07:43:17.0515 3504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:43:17.0515 3504 Fastfat - ok
07:43:17.0546 3504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:43:17.0546 3504 Fdc - ok
07:43:17.0562 3504 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:43:17.0562 3504 Fips - ok
07:43:17.0578 3504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:43:17.0578 3504 Flpydisk - ok
07:43:17.0593 3504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:43:17.0593 3504 FltMgr - ok
07:43:17.0609 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:43:17.0609 3504 Fs_Rec - ok
07:43:17.0640 3504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:43:17.0640 3504 Ftdisk - ok
07:43:17.0656 3504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:43:17.0656 3504 Gpc - ok
07:43:17.0687 3504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:43:17.0687 3504 HDAudBus - ok
07:43:17.0734 3504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:43:17.0734 3504 hidusb - ok
07:43:17.0734 3504 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:43:17.0734 3504 hpn - ok
07:43:17.0796 3504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:43:17.0796 3504 HTTP - ok
07:43:17.0859 3504 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:43:17.0859 3504 i2omgmt - ok
07:43:17.0859 3504 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:43:17.0859 3504 i2omp - ok
07:43:17.0906 3504 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:43:17.0906 3504 i8042prt - ok
07:43:18.0125 3504 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:43:18.0171 3504 ialm - ok
07:43:18.0218 3504 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys
07:43:18.0234 3504 iaStor - ok
07:43:18.0296 3504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:43:18.0296 3504 Imapi - ok
07:43:18.0359 3504 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:43:18.0359 3504 ini910u - ok
07:43:18.0531 3504 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:43:18.0562 3504 IntcAzAudAddService - ok
07:43:18.0578 3504 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
07:43:18.0578 3504 IntcHdmiAddService - ok
07:43:18.0593 3504 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:43:18.0593 3504 IntelIde - ok
07:43:18.0640 3504 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:43:18.0640 3504 intelppm - ok
07:43:18.0656 3504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:43:18.0656 3504 Ip6Fw - ok
07:43:18.0656 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:43:18.0656 3504 IpFilterDriver - ok
07:43:18.0671 3504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:43:18.0671 3504 IpInIp - ok
07:43:18.0687 3504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:43:18.0703 3504 IpNat - ok
07:43:18.0718 3504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:43:18.0718 3504 IPSec - ok
07:43:18.0718 3504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:43:18.0718 3504 IRENUM - ok
07:43:18.0781 3504 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:43:18.0781 3504 isapnp - ok
07:43:18.0828 3504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:43:18.0828 3504 Kbdclass - ok
07:43:18.0875 3504 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:43:18.0875 3504 kbdhid - ok
07:43:18.0921 3504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:43:18.0921 3504 kmixer - ok
07:43:18.0984 3504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:43:18.0984 3504 KSecDD - ok
07:43:19.0031 3504 L8042Kbd (032b0247cabf54094ca7819d14e8036d) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
07:43:19.0031 3504 L8042Kbd - ok
07:43:19.0031 3504 L8042mou (4befd29994327e606c93cc82b208f771) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
07:43:19.0031 3504 L8042mou - ok
07:43:19.0109 3504 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
07:43:19.0109 3504 LANPkt - ok
07:43:19.0109 3504 lbrtfdc - ok
07:43:19.0140 3504 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
07:43:19.0140 3504 LMouKE - ok
07:43:19.0187 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:43:19.0187 3504 mnmdd - ok
07:43:19.0234 3504 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:43:19.0234 3504 Modem - ok
07:43:19.0265 3504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:43:19.0281 3504 Mouclass - ok
07:43:19.0296 3504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:43:19.0296 3504 mouhid - ok
07:43:19.0296 3504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:43:19.0296 3504 MountMgr - ok
07:43:19.0328 3504 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:43:19.0328 3504 MpFilter - ok
07:43:19.0343 3504 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:43:19.0343 3504 mraid35x - ok
07:43:19.0359 3504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:43:19.0359 3504 MRxDAV - ok
07:43:19.0437 3504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:43:19.0437 3504 MRxSmb - ok
07:43:19.0453 3504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:43:19.0453 3504 Msfs - ok
07:43:19.0484 3504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:43:19.0484 3504 MSKSSRV - ok
07:43:19.0500 3504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:43:19.0500 3504 MSPCLOCK - ok
07:43:19.0500 3504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:43:19.0500 3504 MSPQM - ok
07:43:19.0546 3504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:43:19.0546 3504 mssmbios - ok
07:43:19.0593 3504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:43:19.0593 3504 MSTEE - ok
07:43:19.0640 3504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:43:19.0640 3504 Mup - ok
07:43:19.0671 3504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:43:19.0671 3504 NABTSFEC - ok
07:43:19.0718 3504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:43:19.0718 3504 NDIS - ok
07:43:19.0734 3504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:43:19.0734 3504 NdisIP - ok
07:43:19.0765 3504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:43:19.0765 3504 NdisTapi - ok
07:43:19.0781 3504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:43:19.0781 3504 Ndisuio - ok
07:43:19.0796 3504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:43:19.0796 3504 NdisWan - ok
07:43:19.0843 3504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:43:19.0843 3504 NDProxy - ok
07:43:19.0859 3504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:43:19.0859 3504 NetBIOS - ok
07:43:19.0890 3504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:43:19.0890 3504 NetBT - ok
07:43:19.0906 3504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:43:19.0906 3504 Npfs - ok
07:43:19.0968 3504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:43:19.0968 3504 Ntfs - ok
07:43:20.0015 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:43:20.0015 3504 Null - ok
07:43:20.0031 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:43:20.0031 3504 NwlnkFlt - ok
07:43:20.0046 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:43:20.0046 3504 NwlnkFwd - ok
07:43:20.0078 3504 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:43:20.0078 3504 Parport - ok
07:43:20.0093 3504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:43:20.0093 3504 PartMgr - ok
07:43:20.0109 3504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:43:20.0109 3504 ParVdm - ok
07:43:20.0156 3504 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:43:20.0156 3504 PCI - ok
07:43:20.0156 3504 PCIDump - ok
07:43:20.0187 3504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:43:20.0187 3504 PCIIde - ok
07:43:20.0218 3504 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:43:20.0218 3504 Pcmcia - ok
07:43:20.0234 3504 PDCOMP - ok
07:43:20.0265 3504 PDFRAME - ok
07:43:20.0281 3504 PDRELI - ok
07:43:20.0296 3504 PDRFRAME - ok
07:43:20.0343 3504 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:43:20.0343 3504 perc2 - ok
07:43:20.0375 3504 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:43:20.0375 3504 perc2hib - ok
07:43:20.0437 3504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:43:20.0437 3504 PptpMiniport - ok
07:43:20.0453 3504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:43:20.0453 3504 PSched - ok
07:43:20.0453 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:43:20.0453 3504 Ptilink - ok
07:43:20.0500 3504 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:43:20.0500 3504 PxHelp20 - ok
07:43:20.0515 3504 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:43:20.0515 3504 ql1080 - ok
07:43:20.0546 3504 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:43:20.0546 3504 Ql10wnt - ok
07:43:20.0562 3504 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:43:20.0562 3504 ql12160 - ok
07:43:20.0578 3504 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:43:20.0578 3504 ql1240 - ok
07:43:20.0578 3504 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:43:20.0578 3504 ql1280 - ok
07:43:20.0609 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:43:20.0609 3504 RasAcd - ok
07:43:20.0625 3504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:43:20.0625 3504 Rasl2tp - ok
07:43:20.0640 3504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:43:20.0640 3504 RasPppoe - ok
07:43:20.0656 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:43:20.0656 3504 Raspti - ok
07:43:20.0687 3504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:43:20.0687 3504 Rdbss - ok
07:43:20.0703 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:43:20.0703 3504 RDPCDD - ok
07:43:20.0750 3504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:43:20.0750 3504 rdpdr - ok
07:43:20.0812 3504 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:43:20.0812 3504 RDPWD - ok
07:43:20.0875 3504 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:43:20.0875 3504 redbook - ok
07:43:20.0937 3504 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
07:43:20.0937 3504 RTLE8023xp - ok
07:43:20.0953 3504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:43:20.0953 3504 Secdrv - ok
07:43:20.0968 3504 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:43:20.0968 3504 Serenum - ok
07:43:20.0984 3504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:43:20.0984 3504 Serial - ok
07:43:21.0015 3504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:43:21.0015 3504 Sfloppy - ok
07:43:21.0015 3504 Simbad - ok
07:43:21.0031 3504 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:43:21.0031 3504 sisagp - ok
07:43:21.0078 3504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:43:21.0078 3504 SLIP - ok
07:43:21.0109 3504 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:43:21.0109 3504 Sparrow - ok
07:43:21.0156 3504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:43:21.0156 3504 splitter - ok
07:43:21.0203 3504 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:43:21.0203 3504 sr - ok
07:43:21.0296 3504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:43:21.0296 3504 Srv - ok
07:43:21.0343 3504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:43:21.0359 3504 streamip - ok
07:43:21.0406 3504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:43:21.0406 3504 swenum - ok
07:43:21.0468 3504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:43:21.0468 3504 swmidi - ok
07:43:21.0515 3504 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:43:21.0515 3504 symc810 - ok
07:43:21.0515 3504 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:43:21.0515 3504 symc8xx - ok
07:43:21.0546 3504 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:43:21.0546 3504 sym_hi - ok
07:43:21.0562 3504 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:43:21.0562 3504 sym_u3 - ok
07:43:21.0578 3504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:43:21.0578 3504 sysaudio - ok
07:43:21.0640 3504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:43:21.0640 3504 Tcpip - ok
07:43:21.0687 3504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:43:21.0687 3504 TDPIPE - ok
07:43:21.0703 3504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:43:21.0703 3504 TDTCP - ok
07:43:21.0765 3504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:43:21.0765 3504 TermDD - ok
07:43:21.0781 3504 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:43:21.0781 3504 TosIde - ok
07:43:21.0812 3504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:43:21.0812 3504 Udfs - ok
07:43:21.0859 3504 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:43:21.0859 3504 ultra - ok
07:43:21.0890 3504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:43:21.0890 3504 Update - ok
07:43:21.0937 3504 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:43:21.0953 3504 usbaudio - ok
07:43:21.0953 3504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:43:21.0953 3504 usbccgp - ok
07:43:21.0984 3504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:43:21.0984 3504 usbehci - ok
07:43:22.0031 3504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:43:22.0031 3504 usbhub - ok
07:43:22.0078 3504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:43:22.0078 3504 USBSTOR - ok
07:43:22.0078 3504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:43:22.0093 3504 usbuhci - ok
07:43:22.0140 3504 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
07:43:22.0140 3504 usbvideo - ok
07:43:22.0187 3504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:43:22.0187 3504 VgaSave - ok
07:43:22.0234 3504 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:43:22.0234 3504 viaagp - ok
07:43:22.0250 3504 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:43:22.0250 3504 ViaIde - ok
07:43:22.0265 3504 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:43:22.0265 3504 VolSnap - ok
07:43:22.0296 3504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:22.0296 3504 Wanarp - ok
07:43:22.0296 3504 WDICA - ok
07:43:22.0375 3504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:43:22.0375 3504 wdmaud - ok
07:43:22.0453 3504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:43:22.0453 3504 WSTCODEC - ok
07:43:22.0484 3504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:43:22.0484 3504 WudfPf - ok
07:43:22.0515 3504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:43:22.0515 3504 WudfRd - ok
07:43:22.0562 3504 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:43:22.0578 3504 \Device\Harddisk0\DR0 - ok
07:43:22.0578 3504 Boot (0x1200) (301d76d713cac0585573c1634613a2b2) \Device\Harddisk0\DR0\Partition0
07:43:22.0578 3504 \Device\Harddisk0\DR0\Partition0 - ok
07:43:22.0578 3504 ============================================================
07:43:22.0578 3504 Scan finished
07:43:22.0578 3504 ============================================================
07:43:22.0578 3296 Detected object count: 0
07:43:22.0578 3296 Actual detected object count: 0
07:43:55.0250 2568 ============================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 01 November 2011 - 02:24 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\netstat7.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 04 November 2011 - 05:21 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 07 November 2011 - 01:53 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users