Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
23 replies to this topic

#1 pctech66

pctech66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 November 2011 - 01:56 PM

Can't search at all on internet. All browsers are hijacked. Ran Spybot, Malware Antibytes, Microsoft Security Essentials, still no available way to open a browser and search anything.. takes you to a rouge site and never what you tried to get to.

Please help!
Annette

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:24 PM, on 11/10/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tuftco Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files (x86)\Microsoft Office Communicator\Communicator.exe" /silentRetrials
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: UltraMon.lnk = ?
O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tuftco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D061F716-1793-4061-BD92-98F2C62C87B4}: NameServer = 192.168.0.25,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tuftco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tuftco.com
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\Windows\SysWOW64\DWRCS.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate-Replica-Service - Unknown owner - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Service.exe (file missing)
O23 - Service: Seagate-Replica-SysMon - Unknown owner - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-SysMon.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14088 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 13 November 2011 - 05:06 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 14 November 2011 - 08:37 AM

Thank you. As directed, log files are attached however the RKunhooker will not run. This is 64bit Windows 7. Here is the error it gives.

Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05/07/10 1:11:39 PM
System Uptime: 11/11/11 2:51:59 PM (66 hours ago)
.
Motherboard: Dell Inc. | | 0F428D
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | CPU | 2992/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 119.842 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 288.648 GiB free.
E: is CDROM ()
J: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
K: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
L: is NetworkDisk (NTFS) - 169 GiB total, 96.089 GiB free.
M: is NetworkDisk (NTFS) - 248 GiB total, 165.319 GiB free.
N: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
O: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
P: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
Q: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
T: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
U: is NetworkDisk (NTFS) - 248 GiB total, 165.319 GiB free.
Y: is NetworkDisk (NTFS) - 667 GiB total, 92.321 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP788: 11/10/11 12:22:12 PM - Installed Safari
RP789: 11/11/11 9:33:29 AM - Windows Update
RP790: 11/11/11 12:00:11 PM - Windows Update
RP791: 11/12/11 3:09:34 PM - Windows Update
RP792: 11/13/11 2:10:59 AM - Windows Update
RP793: 11/13/11 3:09:31 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2008 Lacerte Tax
2009 Lacerte Tax
2009 SFS W2/1099 Printer
2010 Lacerte Tax
Adobe Acrobat 9 Pro - English, Franšais, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Uploader
Adobe Premiere Elements 8.0
Advertising Center
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ASUS Ai Charger
Audacity 1.3.12 (Unicode)
AviSynth 2.5
BNA Fixed Assets DesktopPro
Business Contact Manager for Outlook 2007
calibre
CCH Small Firm Services (xulRunner)
CCH Small Firm Services 2009 (Remove Only)
CCH Small Firm Services 2010 (Remove Only)
CopyTrans Suite Remove Only
Coupon Printer for Windows
CR_11_5_RDC_sp5
dBpoweramp m4a Codec
dBpoweramp Music Converter
Dell ControlPoint Security Manager
Dell Security Device Driver Pack
DHTML Editing Component
DivX Setup
Document eSort Components
DolbyFiles
DVD Shrink 3.2
EMBASSY Security Center Lite
EMBASSY Security Setup
EPSON Scan
eReg
ESC Home Page Plugin
F9 4.2 for Macola Progression 7.x (MS SQL)
FastImageResizer (remove only)
Feedback Tool
FFmpeg for Audacity on Windows
FortÚ Agent
Fujitsu COBOL Free Run-time
GDR 4060 for SQL Server Database Services 2005 ENU (KB2494113)
GDR 4060 for SQL Server Tools and Workstation Components 2005 ENU (KB2494113)
Google Chrome
GoToMeeting 4.5.0.457
HiJackThis
iBoardHelper
ImagXpress
Intel® Graphics Media Accelerator Driver
Intuit Runtime Components 6.0.16
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Lacerte Runtime Components
LAME v3.98.2 for Audacity
Licensing Service Install
Malwarebytes' Anti-Malware version 1.51.2.1300
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2005
Microsoft ReportViewer 2010 Redistributable
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Books Online (English) (September 2007)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft_VC90_CRT_x86
Movie Templates - Starter Kit
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Octoshape add-in for Adobe Flash Player
PenSoft Payroll 2009 V3.09.5.14
PenSoft Payroll 2010 V3.10.5.07
PenSoft Payroll 2011 V3.11.4.00
PowerDVD DX
ProLine Tax Import
QuickPar 0.9
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
ScatterTunes Store iBoard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart Attorney 8.0
Smart Label Printer 6.9.2
SmartSound Quicktracks for Premiere Elements 8.0
Software Update Wizard (Redistributable) 4.5
SoundTrax
SplashID Safe 6.0.1
Spybot - Search & Destroy
surveyor 2.5.32
TeamViewer 5
TeamViewer 6
TurboTax 2010
TurboTax 2010 waliper
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 woriper
TurboTax 2010 wrapper
TurboTax 2010 wtniper
TValue 5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)
Update for Outlook 2007 Junk Email Filter (KB2596560)
V-Album iBoard
VBA (2627.01)
VC80CRTRedist - 8.0.50727.4053
Videora iPad Converter 6
Videora iPod Converter 5.04
VLC media player 1.1.7
Vuze
Wave Support Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.1.1
WM Recorder 14
Xobni
Xobni Core
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader App 2.03
.
==== Event Viewer Messages From Past Week ========
.
11/13/11 4:40:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/11/11 3:24:54 PM, Error: Virtual Disk Service [1] - Unexpected failure. Error code: 45D@02000018
11/11/11 3:24:54 PM, Error: Virtual Disk Service [1] - Unexpected failure. Error code: 1@02000018
11/11/11 3:03:57 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/11/11 2:52:44 PM, Error: Service Control Manager [7000] - The Seagate-Replica-SysMon service failed to start due to the following error: The system cannot find the file specified.
11/11/11 2:52:44 PM, Error: Service Control Manager [7000] - The Seagate-Replica-Service service failed to start due to the following error: The system cannot find the file specified.
11/11/11 2:52:23 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
11/11/11 2:48:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/11/11 2:48:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/11/11 2:44:37 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
11/11/11 2:43:41 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/11/11 12:42:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/11/11 12:42:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/11/11 12:42:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/11 12:42:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/11/11 12:42:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/11/11 12:42:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
11/11/11 12:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
11/11/11 12:31:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by mminter at 8:14:08 on 2011-11-14
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8028.4861 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Tuftco Corporation
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [COMMUNICATOR] "C:\Program Files (x86)\Microsoft Office Communicator\Communicator.exe" /silentRetrials
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [<NO NAME>]
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D061F716-1793-4061-BD92-98F2C62C87B4} : NameServer = 192.168.0.25,192.168.0.1
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [(Default)]
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mminter.TUFTCO\AppData\Roaming\Mozilla\Firefox\Profiles\r8zaci9j.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.chattanoogan.com/home.asp|http://sceniccity.proboards.com/index.cgi?
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\mminter.TUFTCO\AppData\Roaming\Mozilla\Firefox\Profiles\r8zaci9j.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\mminter.TUFTCO\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\system32\DRIVERS\dwvkbd64.sys --> C:\Windows\system32\DRIVERS\dwvkbd64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-4-29 2066968]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2010-11-22 62184]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Seagate-Replica-Service;Seagate-Replica-Service;C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule --> C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Service.exe [?]
S2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-SysMon.exe --> C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-SysMon.exe [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-13 20:09:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CA12ADB-1303-4DD0-BDA3-07111A034217}\offreg.dll
2011-11-13 20:09:42 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CA12ADB-1303-4DD0-BDA3-07111A034217}\mpengine.dll
2011-11-10 21:14:06 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-11-10 21:13:47 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-10 17:24:18 -------- d-s---w- C:\ComboFix
2011-11-10 15:48:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-10 15:48:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-09 18:17:26 388096 ----a-r- C:\Users\mminter.TUFTCO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-09 18:17:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-09 17:21:38 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 17:21:37 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 17:21:37 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 17:21:35 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-21 12:16:45 -------- d-----w- C:\Users\mminter.TUFTCO\AppData\Roaming\AccurateRip
2011-10-21 12:16:44 850152 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-10-21 12:16:39 -------- d-----w- C:\Program Files (x86)\Illustrate
2011-10-19 16:10:27 -------- d-sh--w- C:\Windows\ftpcache
2011-10-19 16:10:15 127800 ----a-w- C:\Windows\System32\HPSIsvc.exe
2011-10-19 16:10:10 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2011-10-19 16:09:34 290816 ----a-w- C:\Windows\System32\HP1100LM.DLL
2011-10-19 16:09:34 1695232 ----a-w- C:\Windows\System32\HP1100SM.EXE
2011-10-19 16:09:00 350720 ----a-w- C:\Windows\System32\mvhlewsi.dll
2011-10-19 16:08:58 20480 ----a-w- C:\Windows\System32\drivers\mvusbews.sys
2011-10-19 16:08:58 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-10-19 16:08:58 -------- d-----w- C:\Program Files\HP
2011-10-19 16:08:56 82432 ----a-w- C:\Windows\System32\mvusbews.dll
2011-10-19 16:08:52 49664 ----a-w- C:\Windows\System32\HP1100SMs.dll
.
==================== Find3M ====================
.
2011-11-11 21:24:10 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-10-12 12:13:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-22 15:56:44 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 8:22:23.63 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 14 November 2011 - 01:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 14 November 2011 - 02:45 PM

Browser is still hijacked. All search engines. All browsers.

Secondary drive (D:) disappears after reboot. Will randomly show back up after awhile.

Ran ComboFix and here is the log.

Thanks,
Annette


ComboFix 11-11-14.02 - mminter 11/14/11 13:25:29.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8028.5436 [GMT -5:00]
Running from: c:\users\mminter.TUFTCO\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SplashID.ico
C:\test.txt
c:\users\mminter.TUFTCO\g2mdlhlpx.exe
c:\users\mminter.TUFTCO\GoToAssistDownloadHelper.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 19:04 . 2011-11-14 19:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F98A8C1-2E5B-47A6-8A85-724C6E6C4A92}\offreg.dll
2011-11-14 19:01 . 2011-11-14 19:01 -------- d-----w- c:\users\mminter\AppData\Local\temp
2011-11-14 19:01 . 2011-11-14 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 19:01 . 2011-11-14 19:01 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-14 13:55 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F98A8C1-2E5B-47A6-8A85-724C6E6C4A92}\mpengine.dll
2011-11-14 13:38 . 2011-11-14 13:51 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-11-14 13:26 . 2011-11-14 13:49 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-10 21:14 . 2011-11-10 21:14 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-10 21:13 . 2011-11-10 21:13 -------- d-----w- c:\programdata\Hitman Pro
2011-11-10 17:22 . 2011-11-10 17:22 -------- d-----w- c:\program files (x86)\Safari
2011-11-10 15:48 . 2011-11-10 17:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-10 15:48 . 2011-11-10 15:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-09 18:17 . 2011-11-09 18:17 388096 ----a-r- c:\users\mminter.TUFTCO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-09 18:17 . 2011-11-09 18:17 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-09 17:21 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 17:21 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 17:21 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:21 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-21 12:16 . 2011-10-21 12:16 -------- d-----w- c:\users\mminter.TUFTCO\AppData\Roaming\AccurateRip
2011-10-21 12:16 . 2011-10-21 12:16 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-10-21 12:16 . 2011-11-09 15:36 -------- d-----w- c:\program files (x86)\Illustrate
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-sh--w- c:\windows\ftpcache
2011-10-19 16:10 . 2010-11-24 09:03 127800 ----a-w- c:\windows\system32\HPSIsvc.exe
2011-10-19 16:10 . 2010-10-14 14:05 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HP1100PP.dll
2011-10-19 16:09 . 2010-10-14 14:05 1695232 ----a-w- c:\windows\system32\HP1100SM.EXE
2011-10-19 16:09 . 2010-10-14 14:05 290816 ----a-w- c:\windows\system32\HP1100LM.DLL
2011-10-19 16:09 . 2010-10-14 02:12 350720 ----a-w- c:\windows\system32\mvhlewsi.dll
2011-10-19 16:08 . 2011-11-09 15:41 -------- d-----w- c:\program files\HP
2011-10-19 16:08 . 2010-10-14 01:55 20480 ----a-w- c:\windows\system32\drivers\mvusbews.sys
2011-10-19 16:08 . 2010-07-22 02:37 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-10-19 16:08 . 2010-10-14 01:55 82432 ----a-w- c:\windows\system32\mvusbews.dll
2011-10-19 16:08 . 2010-10-14 02:06 49664 ----a-w- c:\windows\system32\HP1100SMs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 13:52 . 2010-05-07 18:51 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-12 12:13 . 2011-05-31 17:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 13:36 . 2011-10-11 13:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84B93552-8DCC-465B-99F4-F188756CF152}\gapaengine.dll
2011-10-07 04:16 . 2011-08-10 16:39 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-22 15:56 . 2010-05-11 16:21 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2011-09-01 05:24 . 2011-10-12 16:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 16:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 16:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 16:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 16:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 16:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-27 05:40 . 2011-10-12 08:02 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-12 08:02 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-12 08:02 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 08:02 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-17 05:32 . 2011-10-12 08:02 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-12 08:02 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-12 08:02 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-12 08:02 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 05:27 . 2011-10-12 08:02 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 04:26 . 2011-10-12 08:02 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-12 08:02 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-12 08:02 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-17 04:22 . 2011-10-12 08:02 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-12 08:02 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMMUNICATOR"="c:\program files (x86)\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-8-10 29310]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1221262895-1468065103-243041730-1150\Scripts\Logon\0\0]
"Script"=\\tuftco.com\SysVol\tuftco.com\scripts\IT Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1221262895-1468065103-243041730-1150\Scripts\Logon\1\0]
"Script"=\\tuftco.com\SysVol\tuftco.com\scripts\IT Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1221262895-1468065103-243041730-500\Scripts\Logon\0\0]
"Script"=\\tuftco.com\SysVol\tuftco.com\scripts\IT Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1221262895-1468065103-243041730-500\Scripts\Logon\1\0]
"Script"=\\tuftco.com\SysVol\tuftco.com\scripts\IT Logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Service.exe [x]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-SysMon.exe [x]
R3 BlackBox;BlackBox SR2; [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-10-15 2066968]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2010-11-22 62184]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221262895-1468065103-243041730-1150Core.job
- c:\users\mminter.TUFTCO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 19:26]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1221262895-1468065103-243041730-1150UA.job
- c:\users\mminter.TUFTCO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 19:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 21:02 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 21:02 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" [2010-03-18 755200]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF32529.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{D061F716-1793-4061-BD92-98F2C62C87B4}: NameServer = 192.168.0.25,192.168.0.1
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\mminter.TUFTCO\AppData\Roaming\Mozilla\Firefox\Profiles\r8zaci9j.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.chattanoogan.com/home.asp|http://sceniccity.proboards.com/index.cgi?
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Seagate-Replica-Service]
"ImagePath"="c:\program files (x86)\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1221262895-1468065103-243041730-1150)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1221262895-1468065103-243041730-1150)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1221262895-1468065103-243041730-1150)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1221262895-1468065103-243041730-1150)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1221262895-1468065103-243041730-1150)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1221262895-1468065103-243041730-1150\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-14 14:27:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 19:26
.
Pre-Run: 129,040,293,888 bytes free
Post-Run: 128,870,612,992 bytes free
.
- - End Of File - - 7CD0BE20249179950AC44C5D51D5BEC6

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 14 November 2011 - 04:37 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 15 November 2011 - 12:48 PM

Here is the log.

Thanks,
Annette

12:21:01.0731 2312 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
12:21:02.0077 2312 ============================================================
12:21:02.0077 2312 Current date / time: 2011/11/15 12:21:02.0077
12:21:02.0077 2312 SystemInfo:
12:21:02.0077 2312
12:21:02.0077 2312 OS Version: 6.1.7600 ServicePack: 0.0
12:21:02.0077 2312 Product type: Workstation
12:21:02.0077 2312 ComputerName: T1MMINTER
12:21:02.0077 2312 UserName: mminter
12:21:02.0077 2312 Windows directory: C:\Windows
12:21:02.0077 2312 System windows directory: C:\Windows
12:21:02.0077 2312 Running under WOW64
12:21:02.0077 2312 Processor architecture: Intel x64
12:21:02.0077 2312 Number of processors: 2
12:21:02.0077 2312 Page size: 0x1000
12:21:02.0077 2312 Boot type: Normal boot
12:21:02.0077 2312 ============================================================
12:21:02.0367 2312 Initialize success
12:21:04.0127 3860 ============================================================
12:21:04.0127 3860 Scan started
12:21:04.0127 3860 Mode: Manual;
12:21:04.0127 3860 ============================================================
12:21:05.0817 3860 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:21:05.0817 3860 1394ohci - ok
12:21:05.0927 3860 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:21:05.0927 3860 ACPI - ok
12:21:06.0027 3860 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:21:06.0027 3860 AcpiPmi - ok
12:21:06.0147 3860 ADIHdAudAddService (52ae4ebd1056d598b9a51990b6d829f0) C:\Windows\system32\drivers\ADIHdAud.sys
12:21:06.0147 3860 ADIHdAudAddService - ok
12:21:06.0277 3860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:21:06.0277 3860 adp94xx - ok
12:21:06.0377 3860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:21:06.0387 3860 adpahci - ok
12:21:06.0487 3860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:21:06.0487 3860 adpu320 - ok
12:21:06.0607 3860 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:21:06.0607 3860 AFD - ok
12:21:06.0707 3860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:21:06.0707 3860 agp440 - ok
12:21:06.0817 3860 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys
12:21:06.0817 3860 AiCharger - ok
12:21:06.0927 3860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:21:06.0927 3860 aliide - ok
12:21:07.0027 3860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:21:07.0027 3860 amdide - ok
12:21:07.0137 3860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:21:07.0137 3860 AmdK8 - ok
12:21:07.0217 3860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:21:07.0217 3860 AmdPPM - ok
12:21:07.0327 3860 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:21:07.0327 3860 amdsata - ok
12:21:07.0437 3860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:21:07.0437 3860 amdsbs - ok
12:21:07.0537 3860 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:21:07.0537 3860 amdxata - ok
12:21:07.0637 3860 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:21:07.0637 3860 AppID - ok
12:21:07.0747 3860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:21:07.0747 3860 arc - ok
12:21:07.0857 3860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:21:07.0857 3860 arcsas - ok
12:21:07.0957 3860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:21:07.0957 3860 AsyncMac - ok
12:21:08.0067 3860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:21:08.0067 3860 atapi - ok
12:21:08.0177 3860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:21:08.0177 3860 b06bdrv - ok
12:21:08.0287 3860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:21:08.0287 3860 b57nd60a - ok
12:21:08.0407 3860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:21:08.0407 3860 Beep - ok
12:21:08.0527 3860 BlackBox - ok
12:21:08.0637 3860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:21:08.0637 3860 blbdrive - ok
12:21:08.0767 3860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:21:08.0767 3860 bowser - ok
12:21:08.0867 3860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:21:08.0867 3860 BrFiltLo - ok
12:21:08.0957 3860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:21:08.0957 3860 BrFiltUp - ok
12:21:09.0047 3860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:21:09.0047 3860 Brserid - ok
12:21:09.0137 3860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:21:09.0137 3860 BrSerWdm - ok
12:21:09.0237 3860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:21:09.0237 3860 BrUsbMdm - ok
12:21:09.0327 3860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:21:09.0327 3860 BrUsbSer - ok
12:21:09.0437 3860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:21:09.0437 3860 BTHMODEM - ok
12:21:09.0597 3860 catchme - ok
12:21:09.0687 3860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:21:09.0697 3860 cdfs - ok
12:21:09.0797 3860 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:21:09.0797 3860 cdrom - ok
12:21:09.0907 3860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:21:09.0907 3860 circlass - ok
12:21:09.0987 3860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:21:09.0997 3860 CLFS - ok
12:21:10.0117 3860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:21:10.0117 3860 CmBatt - ok
12:21:10.0197 3860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:21:10.0197 3860 cmdide - ok
12:21:10.0287 3860 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:21:10.0297 3860 CNG - ok
12:21:10.0397 3860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:21:10.0397 3860 Compbatt - ok
12:21:10.0497 3860 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:21:10.0497 3860 CompositeBus - ok
12:21:10.0597 3860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:21:10.0597 3860 crcdisk - ok
12:21:10.0707 3860 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:21:10.0707 3860 CSC - ok
12:21:10.0827 3860 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:21:10.0827 3860 dc3d - ok
12:21:10.0927 3860 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:21:10.0927 3860 DfsC - ok
12:21:10.0957 3860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:21:10.0957 3860 discache - ok
12:21:11.0087 3860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:21:11.0087 3860 Disk - ok
12:21:11.0187 3860 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:21:11.0187 3860 Dot4 - ok
12:21:11.0287 3860 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:21:11.0287 3860 Dot4Print - ok
12:21:11.0387 3860 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:21:11.0387 3860 dot4usb - ok
12:21:11.0487 3860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:21:11.0487 3860 drmkaud - ok
12:21:11.0597 3860 dwvkbd (faae299fbf42029e55657f61f55533d3) C:\Windows\system32\DRIVERS\dwvkbd64.sys
12:21:11.0597 3860 dwvkbd - ok
12:21:11.0697 3860 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:21:11.0707 3860 DXGKrnl - ok
12:21:11.0807 3860 e1kexpress (711405da1fbc40b820db5a2b4dd939f0) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:21:11.0807 3860 e1kexpress - ok
12:21:11.0937 3860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:21:11.0997 3860 ebdrv - ok
12:21:12.0107 3860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:21:12.0117 3860 elxstor - ok
12:21:12.0127 3860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:21:12.0127 3860 ErrDev - ok
12:21:12.0187 3860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:21:12.0187 3860 exfat - ok
12:21:12.0207 3860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:21:12.0207 3860 fastfat - ok
12:21:12.0247 3860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:21:12.0247 3860 fdc - ok
12:21:12.0287 3860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:21:12.0287 3860 FileInfo - ok
12:21:12.0297 3860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:21:12.0297 3860 Filetrace - ok
12:21:12.0337 3860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:21:12.0337 3860 flpydisk - ok
12:21:12.0447 3860 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:21:12.0447 3860 FltMgr - ok
12:21:12.0537 3860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:21:12.0537 3860 FsDepends - ok
12:21:12.0617 3860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:21:12.0617 3860 Fs_Rec - ok
12:21:12.0707 3860 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:21:12.0707 3860 fvevol - ok
12:21:12.0807 3860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:21:12.0807 3860 gagp30kx - ok
12:21:12.0917 3860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:21:12.0917 3860 GEARAspiWDM - ok
12:21:13.0017 3860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:21:13.0027 3860 hcw85cir - ok
12:21:13.0117 3860 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:21:13.0117 3860 HDAudBus - ok
12:21:13.0207 3860 HECIx64 (e91aff2610114ccaebb90d4d991bb6b2) C:\Windows\system32\DRIVERS\HECIx64.sys
12:21:13.0207 3860 HECIx64 - ok
12:21:13.0297 3860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:21:13.0297 3860 HidBatt - ok
12:21:13.0387 3860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:21:13.0387 3860 HidBth - ok
12:21:13.0477 3860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:21:13.0477 3860 HidIr - ok
12:21:13.0597 3860 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:21:13.0597 3860 HidUsb - ok
12:21:13.0717 3860 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:21:13.0717 3860 HpSAMD - ok
12:21:13.0837 3860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:21:13.0857 3860 HTTP - ok
12:21:13.0947 3860 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:21:13.0947 3860 hwpolicy - ok
12:21:14.0057 3860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:21:14.0057 3860 i8042prt - ok
12:21:14.0167 3860 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
12:21:14.0167 3860 iaStor - ok
12:21:15.0387 3860 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:21:15.0397 3860 iaStorV - ok
12:21:15.0617 3860 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:21:15.0767 3860 igfx - ok
12:21:15.0807 3860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:21:15.0807 3860 iirsp - ok
12:21:15.0837 3860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:21:15.0837 3860 intelide - ok
12:21:15.0867 3860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:21:15.0867 3860 intelppm - ok
12:21:15.0927 3860 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:21:15.0927 3860 IpFilterDriver - ok
12:21:15.0947 3860 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:21:15.0947 3860 IPMIDRV - ok
12:21:15.0957 3860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:21:15.0957 3860 IPNAT - ok
12:21:16.0007 3860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:21:16.0007 3860 IRENUM - ok
12:21:16.0027 3860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:21:16.0027 3860 isapnp - ok
12:21:16.0047 3860 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:21:16.0047 3860 iScsiPrt - ok
12:21:16.0097 3860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:21:16.0097 3860 kbdclass - ok
12:21:16.0137 3860 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:21:16.0137 3860 kbdhid - ok
12:21:16.0147 3860 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:21:16.0147 3860 KSecDD - ok
12:21:16.0177 3860 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:21:16.0177 3860 KSecPkg - ok
12:21:16.0187 3860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:21:16.0187 3860 ksthunk - ok
12:21:16.0247 3860 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:21:16.0247 3860 LHidFilt - ok
12:21:16.0287 3860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:21:16.0287 3860 lltdio - ok
12:21:16.0297 3860 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:21:16.0307 3860 LMouFilt - ok
12:21:16.0347 3860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:21:16.0347 3860 LSI_FC - ok
12:21:16.0357 3860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:21:16.0367 3860 LSI_SAS - ok
12:21:16.0377 3860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:21:16.0377 3860 LSI_SAS2 - ok
12:21:16.0397 3860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:21:16.0397 3860 LSI_SCSI - ok
12:21:16.0427 3860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:21:16.0427 3860 luafv - ok
12:21:16.0447 3860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:21:16.0447 3860 megasas - ok
12:21:16.0467 3860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:21:16.0467 3860 MegaSR - ok
12:21:16.0487 3860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:21:16.0487 3860 Modem - ok
12:21:16.0507 3860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:21:16.0507 3860 monitor - ok
12:21:16.0527 3860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:21:16.0527 3860 mouclass - ok
12:21:16.0567 3860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:21:16.0567 3860 mouhid - ok
12:21:16.0577 3860 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:21:16.0577 3860 mountmgr - ok
12:21:16.0617 3860 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
12:21:16.0617 3860 MpFilter - ok
12:21:16.0637 3860 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:21:16.0637 3860 mpio - ok
12:21:16.0647 3860 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:21:16.0647 3860 MpNWMon - ok
12:21:16.0667 3860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:21:16.0667 3860 mpsdrv - ok
12:21:16.0677 3860 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:21:16.0677 3860 MRxDAV - ok
12:21:16.0707 3860 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:21:16.0717 3860 mrxsmb - ok
12:21:16.0747 3860 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:21:16.0747 3860 mrxsmb10 - ok
12:21:16.0757 3860 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:21:16.0757 3860 mrxsmb20 - ok
12:21:16.0797 3860 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
12:21:16.0797 3860 msahci - ok
12:21:16.0817 3860 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:21:16.0817 3860 msdsm - ok
12:21:16.0857 3860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:21:16.0857 3860 Msfs - ok
12:21:16.0877 3860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:21:16.0877 3860 mshidkmdf - ok
12:21:16.0887 3860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:21:16.0887 3860 msisadrv - ok
12:21:16.0937 3860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:21:16.0937 3860 MSKSSRV - ok
12:21:16.0947 3860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:21:16.0947 3860 MSPCLOCK - ok
12:21:16.0957 3860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:21:16.0957 3860 MSPQM - ok
12:21:16.0987 3860 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:21:16.0987 3860 MsRPC - ok
12:21:16.0997 3860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:21:16.0997 3860 mssmbios - ok
12:21:17.0027 3860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:21:17.0027 3860 MSTEE - ok
12:21:17.0047 3860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:21:17.0047 3860 MTConfig - ok
12:21:17.0077 3860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:21:17.0077 3860 Mup - ok
12:21:17.0107 3860 mvusbews (86292363b050c1b55fe77d75af3efb71) C:\Windows\system32\Drivers\mvusbews.sys
12:21:17.0107 3860 mvusbews - ok
12:21:17.0157 3860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:21:17.0167 3860 NativeWifiP - ok
12:21:17.0217 3860 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:21:17.0227 3860 NDIS - ok
12:21:17.0267 3860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:21:17.0267 3860 NdisCap - ok
12:21:17.0307 3860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:21:17.0307 3860 NdisTapi - ok
12:21:17.0347 3860 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:21:17.0347 3860 Ndisuio - ok
12:21:17.0367 3860 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:21:17.0367 3860 NdisWan - ok
12:21:17.0377 3860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:21:17.0377 3860 NDProxy - ok
12:21:17.0437 3860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:21:17.0437 3860 NetBIOS - ok
12:21:17.0457 3860 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:21:17.0457 3860 NetBT - ok
12:21:17.0527 3860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:21:17.0527 3860 nfrd960 - ok
12:21:17.0557 3860 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:21:17.0557 3860 NisDrv - ok
12:21:17.0597 3860 Normandy - ok
12:21:17.0667 3860 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
12:21:17.0667 3860 NPF - ok
12:21:17.0687 3860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:21:17.0687 3860 Npfs - ok
12:21:17.0697 3860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:21:17.0697 3860 nsiproxy - ok
12:21:17.0747 3860 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:21:17.0757 3860 Ntfs - ok
12:21:17.0767 3860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:21:17.0767 3860 Null - ok
12:21:17.0807 3860 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:21:17.0809 3860 nvraid - ok
12:21:17.0839 3860 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:21:17.0839 3860 nvstor - ok
12:21:17.0859 3860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:21:17.0859 3860 nv_agp - ok
12:21:17.0899 3860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:21:17.0899 3860 ohci1394 - ok
12:21:17.0949 3860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:21:17.0949 3860 Parport - ok
12:21:17.0959 3860 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:21:17.0959 3860 partmgr - ok
12:21:17.0989 3860 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
12:21:17.0999 3860 PBADRV - ok
12:21:18.0019 3860 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:21:18.0019 3860 pci - ok
12:21:18.0049 3860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:21:18.0049 3860 pciide - ok
12:21:18.0069 3860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:21:18.0069 3860 pcmcia - ok
12:21:18.0089 3860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:21:18.0089 3860 pcw - ok
12:21:18.0119 3860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:21:18.0129 3860 PEAUTH - ok
12:21:18.0211 3860 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
12:21:18.0211 3860 Point64 - ok
12:21:18.0241 3860 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:21:18.0241 3860 PptpMiniport - ok
12:21:18.0261 3860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:21:18.0261 3860 Processor - ok
12:21:18.0321 3860 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:21:18.0321 3860 Psched - ok
12:21:18.0371 3860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:21:18.0371 3860 PxHlpa64 - ok
12:21:18.0411 3860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:21:18.0431 3860 ql2300 - ok
12:21:18.0461 3860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:21:18.0461 3860 ql40xx - ok
12:21:18.0491 3860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:21:18.0491 3860 QWAVEdrv - ok
12:21:18.0511 3860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:21:18.0511 3860 RasAcd - ok
12:21:18.0553 3860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:21:18.0554 3860 RasAgileVpn - ok
12:21:18.0598 3860 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:21:18.0600 3860 Rasl2tp - ok
12:21:18.0628 3860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:21:18.0630 3860 RasPppoe - ok
12:21:18.0643 3860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:21:18.0644 3860 RasSstp - ok
12:21:18.0675 3860 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:21:18.0678 3860 rdbss - ok
12:21:18.0705 3860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:21:18.0706 3860 rdpbus - ok
12:21:18.0730 3860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:21:18.0731 3860 RDPCDD - ok
12:21:18.0791 3860 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:21:18.0793 3860 RDPDR - ok
12:21:18.0821 3860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:21:18.0822 3860 RDPENCDD - ok
12:21:18.0860 3860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:21:18.0860 3860 RDPREFMP - ok
12:21:18.0889 3860 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:21:18.0891 3860 RDPWD - ok
12:21:18.0943 3860 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:21:18.0944 3860 rdyboost - ok
12:21:19.0018 3860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:21:19.0019 3860 rspndr - ok
12:21:19.0060 3860 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:21:19.0060 3860 s3cap - ok
12:21:19.0108 3860 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:21:19.0109 3860 sbp2port - ok
12:21:19.0175 3860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:21:19.0176 3860 scfilter - ok
12:21:19.0272 3860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:21:19.0273 3860 secdrv - ok
12:21:19.0320 3860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:21:19.0321 3860 Serenum - ok
12:21:19.0367 3860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:21:19.0368 3860 Serial - ok
12:21:19.0381 3860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:21:19.0381 3860 sermouse - ok
12:21:19.0419 3860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:21:19.0421 3860 sffdisk - ok
12:21:19.0454 3860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:21:19.0455 3860 sffp_mmc - ok
12:21:19.0484 3860 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:21:19.0485 3860 sffp_sd - ok
12:21:19.0511 3860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:21:19.0512 3860 sfloppy - ok
12:21:19.0548 3860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:21:19.0548 3860 SiSRaid2 - ok
12:21:19.0565 3860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:21:19.0567 3860 SiSRaid4 - ok
12:21:19.0580 3860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:21:19.0583 3860 Smb - ok
12:21:19.0608 3860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:21:19.0608 3860 spldr - ok
12:21:19.0690 3860 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:21:19.0695 3860 srv - ok
12:21:19.0730 3860 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:21:19.0734 3860 srv2 - ok
12:21:19.0770 3860 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:21:19.0770 3860 srvnet - ok
12:21:19.0805 3860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:21:19.0807 3860 stexstor - ok
12:21:19.0852 3860 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:21:19.0852 3860 storflt - ok
12:21:19.0885 3860 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:21:19.0885 3860 storvsc - ok
12:21:19.0905 3860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:21:19.0905 3860 swenum - ok
12:21:19.0970 3860 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:21:19.0981 3860 Tcpip - ok
12:21:20.0054 3860 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:21:20.0062 3860 TCPIP6 - ok
12:21:20.0077 3860 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:21:20.0078 3860 tcpipreg - ok
12:21:20.0102 3860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:21:20.0103 3860 TDPIPE - ok
12:21:20.0124 3860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:21:20.0125 3860 TDTCP - ok
12:21:20.0159 3860 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:21:20.0161 3860 tdx - ok
12:21:20.0268 3860 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:21:20.0268 3860 TermDD - ok
12:21:20.0294 3860 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:21:20.0295 3860 tssecsrv - ok
12:21:20.0329 3860 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:21:20.0330 3860 tunnel - ok
12:21:20.0347 3860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:21:20.0348 3860 uagp35 - ok
12:21:20.0391 3860 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
12:21:20.0394 3860 udfs - ok
12:21:20.0415 3860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:21:20.0415 3860 uliagpkx - ok
12:21:20.0510 3860 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
12:21:20.0510 3860 UltraMonUtility - ok
12:21:20.0525 3860 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:21:20.0525 3860 umbus - ok
12:21:20.0550 3860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:21:20.0550 3860 UmPass - ok
12:21:20.0610 3860 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:21:20.0613 3860 USBAAPL64 - ok
12:21:20.0628 3860 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:21:20.0630 3860 usbccgp - ok
12:21:20.0665 3860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:21:20.0666 3860 usbcir - ok
12:21:20.0685 3860 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
12:21:20.0686 3860 usbehci - ok
12:21:20.0725 3860 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
12:21:20.0727 3860 usbhub - ok
12:21:20.0754 3860 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:21:20.0756 3860 usbohci - ok
12:21:20.0777 3860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:21:20.0777 3860 usbprint - ok
12:21:20.0810 3860 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:21:20.0811 3860 usbscan - ok
12:21:20.0843 3860 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:21:20.0843 3860 USBSTOR - ok
12:21:20.0854 3860 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:21:20.0854 3860 usbuhci - ok
12:21:20.0874 3860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:21:20.0874 3860 vdrvroot - ok
12:21:20.0916 3860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:21:20.0916 3860 vga - ok
12:21:20.0933 3860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:21:20.0933 3860 VgaSave - ok
12:21:20.0957 3860 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:21:20.0960 3860 vhdmp - ok
12:21:20.0980 3860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:21:20.0980 3860 viaide - ok
12:21:21.0015 3860 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:21:21.0018 3860 vmbus - ok
12:21:21.0043 3860 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:21:21.0043 3860 VMBusHID - ok
12:21:21.0063 3860 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:21:21.0063 3860 volmgr - ok
12:21:21.0083 3860 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:21:21.0085 3860 volmgrx - ok
12:21:21.0115 3860 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:21:21.0118 3860 volsnap - ok
12:21:21.0165 3860 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
12:21:21.0168 3860 vpcbus - ok
12:21:21.0208 3860 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:21:21.0208 3860 vpcnfltr - ok
12:21:21.0225 3860 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
12:21:21.0225 3860 vpcusb - ok
12:21:21.0267 3860 vpcuxd (14578ff302b4c985c9740a0f327ae3c0) C:\Windows\system32\DRIVERS\vpcuxd.sys
12:21:21.0268 3860 vpcuxd - ok
12:21:21.0300 3860 vpcvmm (510d250a08c09850f5c78ca2011b3b62) C:\Windows\system32\drivers\vpcvmm.sys
12:21:21.0302 3860 vpcvmm - ok
12:21:21.0333 3860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:21:21.0335 3860 vsmraid - ok
12:21:21.0354 3860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:21:21.0355 3860 vwifibus - ok
12:21:21.0375 3860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:21:21.0375 3860 WacomPen - ok
12:21:21.0412 3860 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:21:21.0415 3860 WANARP - ok
12:21:21.0417 3860 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:21:21.0417 3860 Wanarpv6 - ok
12:21:21.0442 3860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:21:21.0442 3860 Wd - ok
12:21:21.0473 3860 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
12:21:21.0475 3860 WDC_SAM - ok
12:21:21.0526 3860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:21:21.0539 3860 Wdf01000 - ok
12:21:21.0647 3860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:21:21.0647 3860 WfpLwf - ok
12:21:21.0675 3860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:21:21.0677 3860 WIMMount - ok
12:21:21.0760 3860 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
12:21:21.0760 3860 WinUsb - ok
12:21:21.0777 3860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:21:21.0777 3860 WmiAcpi - ok
12:21:21.0853 3860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:21:21.0853 3860 ws2ifsl - ok
12:21:21.0907 3860 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
12:21:21.0908 3860 WudfPf - ok
12:21:21.0943 3860 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:21:21.0945 3860 WUDFRd - ok
12:21:22.0061 3860 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:21:22.0069 3860 \Device\Harddisk0\DR0 - ok
12:21:22.0076 3860 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk1\DR1
12:21:22.0762 3860 \Device\Harddisk1\DR1 - ok
12:21:22.0765 3860 Boot (0x1200) (d21d64f2da208554e554b372edaf9cde) \Device\Harddisk0\DR0\Partition0
12:21:22.0766 3860 \Device\Harddisk0\DR0\Partition0 - ok
12:21:22.0775 3860 Boot (0x1200) (0961cdc102214c6b1f31f3aa40ad624e) \Device\Harddisk0\DR0\Partition1
12:21:22.0775 3860 \Device\Harddisk0\DR0\Partition1 - ok
12:21:22.0778 3860 Boot (0x1200) (a6c166e1ca155bab40d382cb6d9ae4d6) \Device\Harddisk1\DR1\Partition0
12:21:22.0778 3860 \Device\Harddisk1\DR1\Partition0 - ok
12:21:22.0790 3860 Boot (0x1200) (1f211d83257b86c3a3633a88b9289966) \Device\Harddisk1\DR1\Partition1
12:21:22.0790 3860 \Device\Harddisk1\DR1\Partition1 - ok
12:21:22.0791 3860 ============================================================
12:21:22.0791 3860 Scan finished
12:21:22.0791 3860 ============================================================
12:21:22.0800 4704 Detected object count: 0
12:21:22.0800 4704 Actual detected object count: 0
12:21:35.0919 2904 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 16 November 2011 - 05:34 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 November 2011 - 09:54 AM

Log below. Did you want me to click fix mbr? I didn't.


Thanks,
Annette


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 08:54:01
-----------------------------
08:54:01.634 OS Version: Windows x64 6.1.7600
08:54:01.634 Number of processors: 2 586 0x170A
08:54:01.642 ComputerName: T1MMINTER UserName: mminter
08:54:03.553 Initialize success
08:54:38.056 AVAST engine defs: 11111600
08:54:48.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:54:48.492 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
08:54:48.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:54:48.502 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:54:48.522 Disk 0 MBR read successfully
08:54:48.522 Disk 0 MBR scan
08:54:48.522 Disk 0 Windows VISTA default MBR code
08:54:48.522 Service scanning
08:54:48.882 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:54:49.472 Modules scanning
08:54:49.472 Disk 0 trace - called modules:
08:54:49.472 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
08:54:49.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
08:54:49.802 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
08:54:49.802 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
08:54:50.942 AVAST engine scan C:\Windows
08:54:52.752 AVAST engine scan C:\Windows\system32
08:56:04.844 AVAST engine scan C:\Windows\system32\drivers
08:56:13.190 AVAST engine scan C:\Users\mminter.TUFTCO
09:12:03.941 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:12:03.947 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 09:13:03
-----------------------------
09:13:03.790 OS Version: Windows x64 6.1.7600
09:13:03.790 Number of processors: 2 586 0x170A
09:13:03.791 ComputerName: T1MMINTER UserName: mminter
09:13:05.953 Initialize success
09:13:09.323 AVAST engine defs: 11111600
09:13:19.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:19.893 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
09:13:19.897 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:13:19.899 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:13:19.981 Disk 0 MBR read successfully
09:13:19.984 Disk 0 MBR scan
09:13:19.988 Disk 0 Windows VISTA default MBR code
09:13:19.996 Service scanning
09:13:20.385 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:13:21.009 Modules scanning
09:13:21.009 Disk 0 trace - called modules:
09:13:21.009 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
09:13:21.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
09:13:21.139 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
09:13:21.139 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
09:13:21.149 Scan finished successfully
09:13:42.996 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:13:43.001 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 16 November 2011 - 10:28 AM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 19 November 2011 - 12:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 21 November 2011 - 08:35 AM

Still same problems. Secondary drive keeps disappearing and browsers still hi-jacked.

Log file follows after running Fix MBR.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 08:54:01
-----------------------------
08:54:01.634 OS Version: Windows x64 6.1.7600
08:54:01.634 Number of processors: 2 586 0x170A
08:54:01.642 ComputerName: T1MMINTER UserName: mminter
08:54:03.553 Initialize success
08:54:38.056 AVAST engine defs: 11111600
08:54:48.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:54:48.492 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
08:54:48.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:54:48.502 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:54:48.522 Disk 0 MBR read successfully
08:54:48.522 Disk 0 MBR scan
08:54:48.522 Disk 0 Windows VISTA default MBR code
08:54:48.522 Service scanning
08:54:48.882 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:54:49.472 Modules scanning
08:54:49.472 Disk 0 trace - called modules:
08:54:49.472 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
08:54:49.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
08:54:49.802 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
08:54:49.802 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
08:54:50.942 AVAST engine scan C:\Windows
08:54:52.752 AVAST engine scan C:\Windows\system32
08:56:04.844 AVAST engine scan C:\Windows\system32\drivers
08:56:13.190 AVAST engine scan C:\Users\mminter.TUFTCO
09:12:03.941 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:12:03.947 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 09:13:03
-----------------------------
09:13:03.790 OS Version: Windows x64 6.1.7600
09:13:03.790 Number of processors: 2 586 0x170A
09:13:03.791 ComputerName: T1MMINTER UserName: mminter
09:13:05.953 Initialize success
09:13:09.323 AVAST engine defs: 11111600
09:13:19.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:19.893 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
09:13:19.897 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:13:19.899 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:13:19.981 Disk 0 MBR read successfully
09:13:19.984 Disk 0 MBR scan
09:13:19.988 Disk 0 Windows VISTA default MBR code
09:13:19.996 Service scanning
09:13:20.385 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:13:21.009 Modules scanning
09:13:21.009 Disk 0 trace - called modules:
09:13:21.009 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
09:13:21.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
09:13:21.139 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
09:13:21.139 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
09:13:21.149 Scan finished successfully
09:13:42.996 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:13:43.001 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 21 November 2011 - 08:44 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pctech66

pctech66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 21 November 2011 - 09:28 AM

It stated infected. Successfully removed after repair.

My secondary drive is back and my browser seems to be un-hijacked!

Thank you so much for your help. Could you tell me what the virus/malware was?

Annette

Log file follows.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 08:54:01
-----------------------------
08:54:01.634 OS Version: Windows x64 6.1.7600
08:54:01.634 Number of processors: 2 586 0x170A
08:54:01.642 ComputerName: T1MMINTER UserName: mminter
08:54:03.553 Initialize success
08:54:38.056 AVAST engine defs: 11111600
08:54:48.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:54:48.492 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
08:54:48.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:54:48.502 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:54:48.522 Disk 0 MBR read successfully
08:54:48.522 Disk 0 MBR scan
08:54:48.522 Disk 0 Windows VISTA default MBR code
08:54:48.522 Service scanning
08:54:48.882 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:54:49.472 Modules scanning
08:54:49.472 Disk 0 trace - called modules:
08:54:49.472 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
08:54:49.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
08:54:49.802 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
08:54:49.802 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
08:54:50.942 AVAST engine scan C:\Windows
08:54:52.752 AVAST engine scan C:\Windows\system32
08:56:04.844 AVAST engine scan C:\Windows\system32\drivers
08:56:13.190 AVAST engine scan C:\Users\mminter.TUFTCO
09:12:03.941 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:12:03.947 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 09:13:03
-----------------------------
09:13:03.790 OS Version: Windows x64 6.1.7600
09:13:03.790 Number of processors: 2 586 0x170A
09:13:03.791 ComputerName: T1MMINTER UserName: mminter
09:13:05.953 Initialize success
09:13:09.323 AVAST engine defs: 11111600
09:13:19.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:19.893 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
09:13:19.897 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:13:19.899 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:13:19.981 Disk 0 MBR read successfully
09:13:19.984 Disk 0 MBR scan
09:13:19.988 Disk 0 Windows VISTA default MBR code
09:13:19.996 Service scanning
09:13:20.385 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:13:21.009 Modules scanning
09:13:21.009 Disk 0 trace - called modules:
09:13:21.009 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80086c9334]<<
09:13:21.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086b12d0]
09:13:21.139 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075d7050]
09:13:21.139 \Driver\iaStor[0xfffffa800757e480] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80086c9334
09:13:21.149 Scan finished successfully
09:13:42.996 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:13:43.001 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 09:06:52
-----------------------------
09:06:52.292 OS Version: Windows x64 6.1.7600
09:06:52.292 Number of processors: 2 586 0x170A
09:06:52.292 ComputerName: T1MMINTER UserName: mminter
09:06:54.306 Initialize success
09:07:04.275 AVAST engine defs: 11111600
09:07:07.975 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:07:07.975 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
09:07:07.975 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:07:07.975 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:07:07.995 Disk 0 MBR read successfully
09:07:07.995 Disk 0 MBR scan
09:07:07.995 Disk 0 Windows VISTA default MBR code
09:07:08.005 Service scanning
09:07:10.315 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:07:10.995 Modules scanning
09:07:10.995 Disk 0 trace - called modules:
09:07:11.015 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:07:11.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008693060]
09:07:11.345 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007565050]
09:07:11.345 Scan finished successfully
09:07:28.629 Disk 0 MBR has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\MBR.dat"
09:07:28.659 The log file has been saved successfully to "C:\Users\mminter.TUFTCO\Downloads\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 21 November 2011 - 01:15 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users