Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

after windows resore now have Google Redirect, Bogus Radio Station > noob


  • This topic is locked This topic is locked
28 replies to this topic

#1 warp9racing

warp9racing

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 21 November 2011 - 09:15 PM

HI there,
I had the windows restore issue a few weeks ago and managed to get rid of it be searching on your site. I'm a noob and a bit computor illiterate...so please bear with me...
I seem to have the google redirect is affecting both IE and Firefox, and fake radio stations for IE..

Please help and thanks in adavance for your patience

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:08 PM

Posted 22 November 2011 - 01:12 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 23 November 2011 - 01:02 AM

ok so following the guide...I made it to step 8, dl the GMER.zip...however when i extract it and run it it shows error of

"Loaddriver.......error 0xc00001de . an instance of the service is already running." and it prompts me to click "OK".

and i do, it runs a scan, but i can not check mark the fields as in step 8...the only boxes checked are "Services" "Registry" "FILES"...should i skip this step as per your instructions?

#4 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 23 November 2011 - 01:04 AM

here is DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by mikey at 21:28:24 on 2011-11-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2549.970 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\MSC\mcinfo.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mikey\Downloads\Defogger(1).exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bcsportbikes.com/forum/forum.php
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6081206
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6081206
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMini.dll
mURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMini.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111118064844.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMini.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMini.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB0.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.questroute.com/onlinegames/sport/tablefooty.php"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [nountool] "c:\programdata\DoesSoftSoft.ch4em"
mRun: [Date four drv bash] "c:\programdata\Regs internet aim.9hc4ht"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\mikey\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\mikey\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~3.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\shawsu~1.lnk - c:\program files\shaw\bin\shawsupport.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://zone.nnanet.com/controls/sglw2hcm.ocx
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18195D25-8314-43CB-A946-7E4C06E60F67} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E6EE3EA3-94CB-47C1-A931-805589825F11} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mikey\appdata\roaming\mozilla\firefox\profiles\za3sghgi.default\
FF - prefs.js: browser.startup.homepage - hxxp://bcsportbikes.com/forum/forum.php|http://www.mcsearcher.com/page.php?code=a00a197b
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 464176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-13 320856]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-25 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-25 165680]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2ba5baa4\AEstSrv.exe [2008-12-5 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-13 54616]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-5 1168632]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-13 44768]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-14 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-23 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 150856]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-12-5 475136]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57600]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-5 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-12-5 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-12-5 203264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-14 22216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338176]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-12-5 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-12-5 277440]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-12-21 31616]
S2 0069421321627769mcinstcleanup;McAfee Application Installer Cleanup (0069421321627769);c:\windows\temp\006942~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\006942~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-5 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-16 04:10:03 -------- d-----w- c:\users\mikey\appdata\local\Mozilla
2011-11-14 21:18:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 18:21:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-14 18:21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-13 18:24:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 18:24:41 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-13 18:23:39 41184 ----a-w- c:\windows\avastSS.scr
2011-11-13 18:23:02 -------- d-----w- c:\programdata\AVAST Software
2011-11-13 18:23:02 -------- d-----w- c:\program files\AVAST Software
2011-11-13 18:05:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-13 18:04:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 18:04:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-13 04:26:53 -------- d--h--w- c:\programdata\Common Files
2011-11-13 04:24:45 -------- d-----w- c:\programdata\AVG2012
2011-11-13 04:23:23 -------- d-----w- c:\program files\AVG
2011-11-13 04:18:49 -------- d-----w- c:\programdata\MFAData
2011-11-06 23:17:57 -------- d-----w- c:\users\mikey\appdata\roaming\Malwarebytes
2011-11-06 23:17:48 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 20:10:07 -------- d-----w- c:\users\mikey\appdata\roaming\Speeding Up My PC
2011-11-06 20:10:07 -------- d-----w- c:\users\mikey\appdata\roaming\RegistryKeys
2011-11-06 19:21:23 -------- dc----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 19:20:48 -------- d-----w- c:\users\mikey\appdata\local\PackageAware
2011-11-06 18:53:51 -------- d-----w- c:\program files\Babylon
2011-11-06 18:53:27 -------- d-----w- c:\users\mikey\appdata\roaming\Systweak
2011-10-26 14:20:45 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-10-15 21:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 21:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 21:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 21:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 21:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 21:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 21:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 21:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 21:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 21:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 01:07:32 103784 ----a-w- c:\users\mikey\GoToAssistDownloadHelper.exe
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:37:29.50 ===============

#5 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 23 November 2011 - 01:11 AM

here is attach

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 23 November 2011 - 02:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 24 November 2011 - 01:47 AM

here is combo fix log...took a long time to complete....

ComboFix 11-11-23.03 - mikey 23/11/2011 20:28:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2549.1016 [GMT -8:00]
Running from: c:\users\mikey\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mikey\GoToAssistDownloadHelper.exe
c:\windows\bwUnin-7.2.0.137-8876480SL.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 05:47 . 2011-11-24 05:47 -------- d-----w- c:\users\triena\AppData\Local\temp
2011-11-24 05:47 . 2011-11-24 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 04:10 . 2011-11-16 04:10 -------- d-----w- c:\users\mikey\AppData\Local\Mozilla
2011-11-15 00:10 . 2011-11-15 00:10 -------- d-----w- c:\users\triena\AppData\Roaming\Malwarebytes
2011-11-14 21:18 . 2011-11-22 02:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 18:21 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-14 18:21 . 2011-11-14 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-13 18:24 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-13 18:24 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-13 18:24 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 18:24 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-13 18:24 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-13 18:24 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-13 18:23 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-13 18:23 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-13 18:23 . 2011-11-13 18:23 -------- d-----w- c:\programdata\AVAST Software
2011-11-13 18:23 . 2011-11-13 18:23 -------- d-----w- c:\program files\AVAST Software
2011-11-13 18:05 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-13 18:04 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 18:04 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-13 04:26 . 2011-11-13 04:26 -------- d--h--w- c:\programdata\Common Files
2011-11-13 04:24 . 2011-11-13 04:34 -------- d-----w- c:\programdata\AVG2012
2011-11-13 04:23 . 2011-11-13 04:23 -------- d-----w- c:\program files\AVG
2011-11-13 04:18 . 2011-11-13 04:35 -------- d-----w- c:\programdata\MFAData
2011-11-06 23:17 . 2011-11-06 23:17 -------- d-----w- c:\users\mikey\AppData\Roaming\Malwarebytes
2011-11-06 23:17 . 2011-11-06 23:17 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 20:10 . 2011-11-06 20:10 -------- d-----w- c:\users\mikey\AppData\Roaming\Speeding Up My PC
2011-11-06 20:10 . 2011-11-06 20:10 -------- d-----w- c:\users\mikey\AppData\Roaming\RegistryKeys
2011-11-06 19:21 . 2011-11-06 20:14 -------- dc----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-06 19:20 . 2011-11-06 19:20 -------- d-----w- c:\users\mikey\AppData\Local\PackageAware
2011-11-06 18:53 . 2011-11-06 18:53 -------- d-----w- c:\program files\Babylon
2011-11-06 18:53 . 2011-11-13 02:48 -------- d-----w- c:\users\mikey\AppData\Roaming\Systweak
2011-10-26 14:20 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 21:16 . 2010-08-26 01:38 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 21:16 . 2010-08-26 01:38 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 21:16 . 2010-08-26 01:38 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 21:16 . 2010-08-26 01:38 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 21:16 . 2010-08-26 01:38 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 21:16 . 2010-08-26 01:38 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 21:16 . 2010-08-26 01:38 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 21:16 . 2010-08-26 01:38 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 21:16 . 2010-08-26 01:38 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 21:16 . 2010-08-26 01:38 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-30 23:06 . 2011-10-13 05:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 05:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 05:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 05:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 05:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 05:10 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 05:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 05:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-13 05:10 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-11-16 04:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2008-09-15 13:47 1784856 ----a-w- c:\program files\Mininova-Vuze\tbMini.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-29 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nountool"="c:\programdata\DoesSoftSoft.ch4em" [X]
"Date four drv bash"="c:\programdata\Regs internet aim.9hc4ht" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-11 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-06-09 814144]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-10-03 1742064]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-29 442460]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1318552]
"shawnotify"="c:\progra~1\shaw\update\siuloader.exe" [2009-08-26 378152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-29 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-25 450560]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]
Shaw Support.lnk - c:\program files\shaw\bin\shawsupport.exe [2010-9-26 1287528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-06 05:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-08 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-29 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 150856]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-06-30 475136]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-11 111616]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-10-06 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-10-06 277440]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:55]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bcsportbikes.com/forum/forum.php
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://zone.nnanet.com/controls/sglw2hcm.ocx
FF - ProfilePath - c:\users\mikey\AppData\Roaming\Mozilla\Firefox\Profiles\za3sghgi.default\
FF - prefs.js: browser.startup.homepage - hxxp://bcsportbikes.com/forum/forum.php|http://www.mcsearcher.com/page.php?code=a00a197b
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 21:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,4c,6e,9c,32,0c,3c,41,96,6c,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,4c,6e,9c,32,0c,3c,41,96,6c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2011-11-23 22:19:15
ComboFix-quarantined-files.txt 2011-11-24 06:18
.
Pre-Run: 55,891,144,704 bytes free
Post-Run: 58,934,083,584 bytes free
.
- - End Of File - - 9EDEA64B51FF282C05A7AAB2D75C1D07

#8 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 24 November 2011 - 01:50 AM

i still get redirected when i google search...also google image search only shows a few rows of pictures and nothing else....waiting to see if the fake radiostation comes back on....

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 24 November 2011 - 01:54 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 24 November 2011 - 06:40 PM

i saved tdsskiller to my desktop, but when i double click it and hit run...nothing happens

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 24 November 2011 - 07:53 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 24 November 2011 - 11:52 PM

20:48:25.0243 3128 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:48:26.0546 3128 ============================================================
20:48:26.0546 3128 Current date / time: 2011/11/24 20:48:26.0546
20:48:26.0546 3128 SystemInfo:
20:48:26.0546 3128
20:48:26.0546 3128 OS Version: 6.0.6002 ServicePack: 2.0
20:48:26.0546 3128 Product type: Workstation
20:48:26.0547 3128 ComputerName: MIKEY-PC
20:48:26.0547 3128 UserName: mikey
20:48:26.0547 3128 Windows directory: C:\Windows
20:48:26.0547 3128 System windows directory: C:\Windows
20:48:26.0547 3128 Processor architecture: Intel x86
20:48:26.0547 3128 Number of processors: 2
20:48:26.0547 3128 Page size: 0x1000
20:48:26.0547 3128 Boot type: Normal boot
20:48:26.0547 3128 ============================================================
20:48:27.0076 3128 Initialize success
20:48:29.0144 4984 ============================================================
20:48:29.0144 4984 Scan started
20:48:29.0144 4984 Mode: Manual;
20:48:29.0144 4984 ============================================================
20:48:29.0600 4984 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:48:29.0603 4984 ACPI - ok
20:48:29.0660 4984 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:48:29.0677 4984 adp94xx - ok
20:48:29.0710 4984 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:48:29.0721 4984 adpahci - ok
20:48:29.0768 4984 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:48:29.0774 4984 adpu160m - ok
20:48:29.0806 4984 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:48:29.0815 4984 adpu320 - ok
20:48:29.0973 4984 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:48:29.0979 4984 AFD - ok
20:48:30.0062 4984 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:48:30.0070 4984 agp440 - ok
20:48:30.0093 4984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:48:30.0102 4984 aic78xx - ok
20:48:30.0131 4984 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:48:30.0138 4984 aliide - ok
20:48:30.0232 4984 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:48:30.0237 4984 amdagp - ok
20:48:30.0265 4984 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:48:30.0275 4984 amdide - ok
20:48:30.0306 4984 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:48:30.0310 4984 AmdK7 - ok
20:48:30.0338 4984 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:48:30.0343 4984 AmdK8 - ok
20:48:30.0394 4984 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:48:30.0471 4984 ApfiltrService - ok
20:48:30.0562 4984 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:48:30.0569 4984 arc - ok
20:48:30.0607 4984 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:48:30.0616 4984 arcsas - ok
20:48:30.0661 4984 ASPI32 - ok
20:48:30.0735 4984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:30.0739 4984 AsyncMac - ok
20:48:30.0798 4984 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:48:30.0911 4984 atapi - ok
20:48:31.0050 4984 ATSwpWDF (30407fb218940ae61f1aa3821b69f567) C:\Windows\system32\Drivers\ATSwpWDF.sys
20:48:31.0144 4984 ATSwpWDF - ok
20:48:31.0291 4984 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
20:48:31.0293 4984 BCM42RLY - ok
20:48:31.0360 4984 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:48:31.0395 4984 BCM43XX - ok
20:48:31.0511 4984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:48:31.0516 4984 Beep - ok
20:48:31.0558 4984 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:48:31.0566 4984 blbdrive - ok
20:48:31.0657 4984 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:48:31.0730 4984 bowser - ok
20:48:31.0791 4984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:48:31.0800 4984 BrFiltLo - ok
20:48:31.0827 4984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:48:31.0838 4984 BrFiltUp - ok
20:48:31.0890 4984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:48:31.0901 4984 Brserid - ok
20:48:31.0918 4984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:48:31.0926 4984 BrSerWdm - ok
20:48:31.0979 4984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:48:31.0983 4984 BrUsbMdm - ok
20:48:32.0012 4984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:48:32.0024 4984 BrUsbSer - ok
20:48:32.0050 4984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:48:32.0073 4984 BTHMODEM - ok
20:48:32.0247 4984 catchme - ok
20:48:32.0339 4984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:48:32.0368 4984 cdfs - ok
20:48:32.0462 4984 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:48:32.0467 4984 cdrom - ok
20:48:32.0584 4984 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
20:48:32.0587 4984 cfwids - ok
20:48:32.0664 4984 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
20:48:32.0671 4984 circlass - ok
20:48:32.0821 4984 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:48:32.0827 4984 CLFS - ok
20:48:33.0068 4984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:33.0072 4984 CmBatt - ok
20:48:33.0241 4984 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:48:33.0247 4984 cmdide - ok
20:48:33.0290 4984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:48:33.0293 4984 Compbatt - ok
20:48:33.0349 4984 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:48:33.0351 4984 crcdisk - ok
20:48:33.0443 4984 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:48:33.0450 4984 Crusoe - ok
20:48:33.0750 4984 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:48:33.0753 4984 DfsC - ok
20:48:33.0973 4984 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:48:33.0975 4984 disk - ok
20:48:34.0264 4984 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:48:34.0283 4984 Dot4 - ok
20:48:34.0382 4984 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:48:34.0386 4984 Dot4Print - ok
20:48:34.0480 4984 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:48:34.0488 4984 dot4usb - ok
20:48:34.0641 4984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:48:34.0650 4984 drmkaud - ok
20:48:34.0786 4984 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:48:34.0809 4984 DXGKrnl - ok
20:48:34.0963 4984 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:48:34.0976 4984 e1express - ok
20:48:35.0088 4984 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:48:35.0097 4984 E1G60 - ok
20:48:35.0266 4984 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:48:35.0270 4984 Ecache - ok
20:48:35.0349 4984 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:48:35.0363 4984 elxstor - ok
20:48:35.0400 4984 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:48:35.0403 4984 ErrDev - ok
20:48:35.0555 4984 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:48:35.0563 4984 exfat - ok
20:48:35.0603 4984 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:48:35.0611 4984 fastfat - ok
20:48:35.0682 4984 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:48:35.0691 4984 fdc - ok
20:48:35.0739 4984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:48:35.0742 4984 FileInfo - ok
20:48:35.0787 4984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:48:35.0792 4984 Filetrace - ok
20:48:35.0838 4984 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:35.0844 4984 flpydisk - ok
20:48:35.0899 4984 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:48:35.0902 4984 FltMgr - ok
20:48:35.0938 4984 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:48:35.0946 4984 Fs_Rec - ok
20:48:35.0976 4984 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:48:35.0983 4984 gagp30kx - ok
20:48:36.0077 4984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:36.0132 4984 GEARAspiWDM - ok
20:48:36.0400 4984 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:36.0411 4984 HDAudBus - ok
20:48:36.0502 4984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:48:36.0508 4984 HidBth - ok
20:48:36.0554 4984 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
20:48:36.0559 4984 HidIr - ok
20:48:36.0700 4984 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:48:36.0706 4984 HidUsb - ok
20:48:36.0769 4984 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:48:36.0777 4984 HpCISSs - ok
20:48:36.0848 4984 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:48:36.0865 4984 HTTP - ok
20:48:36.0903 4984 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:48:36.0912 4984 i2omp - ok
20:48:36.0968 4984 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:36.0972 4984 i8042prt - ok
20:48:37.0017 4984 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
20:48:37.0022 4984 iaStor - ok
20:48:37.0066 4984 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:48:37.0079 4984 iaStorV - ok
20:48:37.0274 4984 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:48:37.0352 4984 igfx - ok
20:48:37.0380 4984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:48:37.0389 4984 iirsp - ok
20:48:37.0448 4984 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
20:48:37.0579 4984 IntcHdmiAddService - ok
20:48:37.0680 4984 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:48:37.0685 4984 intelide - ok
20:48:37.0730 4984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:48:37.0731 4984 intelppm - ok
20:48:37.0799 4984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:37.0808 4984 IpFilterDriver - ok
20:48:37.0827 4984 IpInIp - ok
20:48:37.0854 4984 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:48:37.0862 4984 IPMIDRV - ok
20:48:37.0889 4984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:48:37.0896 4984 IPNAT - ok
20:48:37.0939 4984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:48:37.0946 4984 IRENUM - ok
20:48:37.0966 4984 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:48:37.0977 4984 isapnp - ok
20:48:38.0021 4984 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:48:38.0025 4984 iScsiPrt - ok
20:48:38.0057 4984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:48:38.0065 4984 iteatapi - ok
20:48:38.0088 4984 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
20:48:38.0156 4984 itecir - ok
20:48:38.0226 4984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:48:38.0233 4984 iteraid - ok
20:48:38.0261 4984 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:48:38.0281 4984 k57nd60x - ok
20:48:38.0306 4984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:48:38.0308 4984 kbdclass - ok
20:48:38.0351 4984 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:48:38.0353 4984 kbdhid - ok
20:48:38.0413 4984 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:48:38.0423 4984 KSecDD - ok
20:48:38.0488 4984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:48:38.0496 4984 lltdio - ok
20:48:38.0538 4984 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:48:38.0548 4984 LSI_FC - ok
20:48:38.0574 4984 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:48:38.0581 4984 LSI_SAS - ok
20:48:38.0611 4984 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:48:38.0623 4984 LSI_SCSI - ok
20:48:38.0657 4984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:48:38.0663 4984 luafv - ok
20:48:38.0693 4984 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
20:48:38.0695 4984 MBAMProtector - ok
20:48:38.0786 4984 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:48:38.0793 4984 megasas - ok
20:48:38.0827 4984 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:48:38.0853 4984 MegaSR - ok
20:48:38.0910 4984 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
20:48:38.0914 4984 mfeapfk - ok
20:48:38.0959 4984 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
20:48:39.0034 4984 mfeavfk - ok
20:48:39.0053 4984 mfeavfk01 - ok
20:48:39.0085 4984 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
20:48:39.0088 4984 mfebopk - ok
20:48:39.0233 4984 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
20:48:39.0315 4984 mfefirek - ok
20:48:39.0361 4984 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
20:48:39.0382 4984 mfehidk - ok
20:48:39.0427 4984 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:48:39.0430 4984 mfenlfk - ok
20:48:39.0490 4984 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
20:48:39.0564 4984 mferkdet - ok
20:48:39.0644 4984 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
20:48:39.0649 4984 mfewfpk - ok
20:48:39.0699 4984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:48:39.0708 4984 Modem - ok
20:48:39.0735 4984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:48:39.0737 4984 monitor - ok
20:48:39.0766 4984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:48:39.0768 4984 mouclass - ok
20:48:39.0788 4984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:48:39.0801 4984 mouhid - ok
20:48:39.0819 4984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:48:39.0822 4984 MountMgr - ok
20:48:39.0912 4984 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:48:39.0921 4984 mpio - ok
20:48:39.0958 4984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:48:39.0968 4984 mpsdrv - ok
20:48:40.0082 4984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:48:40.0090 4984 Mraid35x - ok
20:48:40.0274 4984 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:48:40.0282 4984 MRxDAV - ok
20:48:40.0619 4984 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:40.0739 4984 mrxsmb - ok
20:48:41.0126 4984 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:41.0256 4984 mrxsmb10 - ok
20:48:41.0754 4984 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:41.0873 4984 mrxsmb20 - ok
20:48:42.0430 4984 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:48:42.0562 4984 msahci - ok
20:48:42.0953 4984 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:48:42.0963 4984 msdsm - ok
20:48:43.0046 4984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:48:43.0048 4984 Msfs - ok
20:48:43.0096 4984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:48:43.0098 4984 msisadrv - ok
20:48:43.0162 4984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:48:43.0177 4984 MSKSSRV - ok
20:48:43.0223 4984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:43.0226 4984 MSPCLOCK - ok
20:48:43.0299 4984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:48:43.0305 4984 MSPQM - ok
20:48:43.0364 4984 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:48:43.0374 4984 MsRPC - ok
20:48:43.0417 4984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:48:43.0418 4984 mssmbios - ok
20:48:43.0445 4984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:48:43.0452 4984 MSTEE - ok
20:48:43.0479 4984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:48:43.0482 4984 Mup - ok
20:48:43.0549 4984 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:48:43.0559 4984 NativeWifiP - ok
20:48:43.0622 4984 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:48:43.0629 4984 NDIS - ok
20:48:43.0651 4984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:43.0655 4984 NdisTapi - ok
20:48:43.0679 4984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:43.0687 4984 Ndisuio - ok
20:48:43.0730 4984 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:43.0755 4984 NdisWan - ok
20:48:43.0779 4984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:48:43.0786 4984 NDProxy - ok
20:48:43.0834 4984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:48:43.0836 4984 NetBIOS - ok
20:48:43.0881 4984 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:48:43.0886 4984 netbt - ok
20:48:43.0946 4984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:48:43.0955 4984 nfrd960 - ok
20:48:44.0055 4984 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:48:44.0057 4984 Npfs - ok
20:48:44.0093 4984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:48:44.0096 4984 nsiproxy - ok
20:48:44.0237 4984 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:48:44.0287 4984 Ntfs - ok
20:48:44.0392 4984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:48:44.0401 4984 ntrigdigi - ok
20:48:44.0432 4984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:48:44.0433 4984 Null - ok
20:48:44.0475 4984 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:48:44.0485 4984 nvraid - ok
20:48:44.0515 4984 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:48:44.0521 4984 nvstor - ok
20:48:44.0549 4984 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:48:44.0560 4984 nv_agp - ok
20:48:44.0584 4984 NwlnkFlt - ok
20:48:44.0604 4984 NwlnkFwd - ok
20:48:44.0651 4984 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
20:48:44.0715 4984 OA001Ufd - ok
20:48:44.0758 4984 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\Windows\system32\DRIVERS\OA001Vid.sys
20:48:44.0829 4984 OA001Vid - ok
20:48:44.0934 4984 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:48:44.0936 4984 ohci1394 - ok
20:48:44.0972 4984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:48:44.0978 4984 Parport - ok
20:48:45.0021 4984 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:48:45.0023 4984 partmgr - ok
20:48:45.0051 4984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:48:45.0059 4984 Parvdm - ok
20:48:45.0100 4984 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:48:45.0103 4984 pci - ok
20:48:45.0136 4984 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:48:45.0141 4984 pciide - ok
20:48:45.0224 4984 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:48:45.0233 4984 pcmcia - ok
20:48:45.0298 4984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:48:45.0327 4984 PEAUTH - ok
20:48:45.0446 4984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:48:45.0454 4984 PptpMiniport - ok
20:48:45.0486 4984 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:48:45.0492 4984 Processor - ok
20:48:45.0545 4984 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:48:45.0546 4984 PSched - ok
20:48:45.0570 4984 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
20:48:45.0573 4984 PxHelp20 - ok
20:48:45.0634 4984 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:48:45.0696 4984 ql2300 - ok
20:48:45.0723 4984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:48:45.0728 4984 ql40xx - ok
20:48:45.0775 4984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:48:45.0781 4984 QWAVEdrv - ok
20:48:45.0891 4984 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:48:45.0974 4984 R300 - ok
20:48:46.0002 4984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:48:46.0003 4984 RasAcd - ok
20:48:46.0035 4984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:46.0043 4984 Rasl2tp - ok
20:48:46.0080 4984 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:46.0088 4984 RasPppoe - ok
20:48:46.0134 4984 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:48:46.0144 4984 RasSstp - ok
20:48:46.0227 4984 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:48:46.0235 4984 rdbss - ok
20:48:46.0263 4984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:46.0265 4984 RDPCDD - ok
20:48:46.0316 4984 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:48:46.0327 4984 rdpdr - ok
20:48:46.0353 4984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:48:46.0354 4984 RDPENCDD - ok
20:48:46.0398 4984 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:48:46.0407 4984 RDPWD - ok
20:48:46.0443 4984 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:48:46.0568 4984 rimmptsk - ok
20:48:46.0650 4984 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:48:46.0773 4984 rimsptsk - ok
20:48:46.0799 4984 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:48:46.0921 4984 rismxdp - ok
20:48:46.0986 4984 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
20:48:47.0088 4984 RLDesignVirtualAudioCableWdm - ok
20:48:47.0145 4984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:48:47.0222 4984 rspndr - ok
20:48:47.0269 4984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:48:47.0278 4984 sbp2port - ok
20:48:47.0340 4984 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:48:47.0349 4984 sdbus - ok
20:48:47.0383 4984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:48:47.0388 4984 secdrv - ok
20:48:47.0425 4984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:48:47.0434 4984 Serenum - ok
20:48:47.0504 4984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:48:47.0513 4984 Serial - ok
20:48:47.0533 4984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:48:47.0539 4984 sermouse - ok
20:48:47.0589 4984 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:48:47.0594 4984 sffdisk - ok
20:48:47.0618 4984 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:48:47.0623 4984 sffp_mmc - ok
20:48:47.0676 4984 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:48:47.0685 4984 sffp_sd - ok
20:48:47.0710 4984 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:48:47.0719 4984 sfloppy - ok
20:48:47.0747 4984 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:48:47.0756 4984 sisagp - ok
20:48:47.0785 4984 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:48:47.0793 4984 SiSRaid2 - ok
20:48:47.0820 4984 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:48:47.0825 4984 SiSRaid4 - ok
20:48:47.0878 4984 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:48:47.0880 4984 Smb - ok
20:48:47.0938 4984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:48:47.0940 4984 spldr - ok
20:48:48.0038 4984 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:48:48.0172 4984 srv - ok
20:48:48.0237 4984 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:48:48.0239 4984 srv2 - ok
20:48:48.0262 4984 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:48:48.0331 4984 srvnet - ok
20:48:48.0396 4984 STHDA (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\DRIVERS\stwrt.sys
20:48:48.0526 4984 STHDA - ok
20:48:48.0585 4984 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:48:48.0591 4984 StillCam - ok
20:48:48.0651 4984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:48:48.0656 4984 swenum - ok
20:48:48.0688 4984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:48:48.0695 4984 Symc8xx - ok
20:48:48.0723 4984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:48:48.0729 4984 Sym_hi - ok
20:48:48.0753 4984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:48:48.0760 4984 Sym_u3 - ok
20:48:48.0846 4984 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:48:48.0854 4984 Tcpip - ok
20:48:48.0901 4984 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:48:48.0909 4984 Tcpip6 - ok
20:48:48.0945 4984 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:48:48.0954 4984 tcpipreg - ok
20:48:48.0999 4984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:48:49.0011 4984 TDPIPE - ok
20:48:49.0041 4984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:48:49.0048 4984 TDTCP - ok
20:48:49.0090 4984 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:48:49.0093 4984 tdx - ok
20:48:49.0123 4984 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:48:49.0125 4984 TermDD - ok
20:48:49.0215 4984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:49.0223 4984 tssecsrv - ok
20:48:49.0264 4984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:48:49.0270 4984 tunmp - ok
20:48:49.0317 4984 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:48:49.0327 4984 tunnel - ok
20:48:49.0369 4984 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:48:49.0377 4984 uagp35 - ok
20:48:49.0436 4984 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:48:49.0451 4984 udfs - ok
20:48:49.0549 4984 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:48:49.0556 4984 uliagpkx - ok
20:48:49.0592 4984 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:48:49.0603 4984 uliahci - ok
20:48:49.0642 4984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:48:49.0653 4984 UlSata - ok
20:48:49.0684 4984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:48:49.0696 4984 ulsata2 - ok
20:48:49.0743 4984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:48:49.0745 4984 umbus - ok
20:48:49.0799 4984 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
20:48:49.0940 4984 USBAAPL - ok
20:48:49.0993 4984 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:50.0005 4984 usbccgp - ok
20:48:50.0041 4984 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:48:50.0049 4984 usbcir - ok
20:48:50.0299 4984 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:48:50.0309 4984 usbehci - ok
20:48:50.0369 4984 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:48:50.0377 4984 usbhub - ok
20:48:50.0481 4984 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:48:50.0488 4984 usbohci - ok
20:48:50.0562 4984 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:48:50.0571 4984 usbprint - ok
20:48:50.0833 4984 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:48:50.0839 4984 usbscan - ok
20:48:51.0159 4984 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:51.0165 4984 USBSTOR - ok
20:48:51.0332 4984 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:51.0338 4984 usbuhci - ok
20:48:51.0707 4984 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:51.0711 4984 vga - ok
20:48:51.0864 4984 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:48:51.0866 4984 VgaSave - ok
20:48:51.0961 4984 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:48:51.0969 4984 viaagp - ok
20:48:51.0988 4984 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:48:51.0995 4984 ViaC7 - ok
20:48:52.0088 4984 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:48:52.0094 4984 viaide - ok
20:48:52.0276 4984 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:48:52.0278 4984 volmgr - ok
20:48:52.0562 4984 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:48:52.0566 4984 volmgrx - ok
20:48:52.0689 4984 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:48:52.0691 4984 volsnap - ok
20:48:52.0763 4984 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:48:52.0771 4984 vsmraid - ok
20:48:52.0814 4984 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:48:52.0817 4984 WacomPen - ok
20:48:52.0903 4984 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:52.0906 4984 Wanarp - ok
20:48:52.0916 4984 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:52.0918 4984 Wanarpv6 - ok
20:48:53.0010 4984 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:48:53.0014 4984 Wd - ok
20:48:53.0103 4984 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:48:53.0108 4984 Wdf01000 - ok
20:48:53.0551 4984 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:48:53.0552 4984 WmiAcpi - ok
20:48:53.0902 4984 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:48:53.0906 4984 WpdUsb - ok
20:48:54.0054 4984 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:48:54.0061 4984 ws2ifsl - ok
20:48:54.0250 4984 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:54.0261 4984 WUDFRd - ok
20:48:54.0360 4984 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:48:54.0383 4984 \Device\Harddisk0\DR0 - ok
20:48:54.0433 4984 Boot (0x1200) (a431838945ca4aead0b42711b8ca0e9b) \Device\Harddisk0\DR0\Partition0
20:48:54.0434 4984 \Device\Harddisk0\DR0\Partition0 - ok
20:48:54.0477 4984 Boot (0x1200) (7e9f1f72adf4379e3e1150a0f3ff98f4) \Device\Harddisk0\DR0\Partition1
20:48:54.0478 4984 \Device\Harddisk0\DR0\Partition1 - ok
20:48:54.0482 4984 ============================================================
20:48:54.0482 4984 Scan finished
20:48:54.0482 4984 ============================================================
20:48:54.0541 1340 Detected object count: 0
20:48:54.0541 1340 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 25 November 2011 - 05:23 PM

Hello


How are things running now??


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 warp9racing

warp9racing
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 25 November 2011 - 10:41 PM

so far so good!

will run cf script now...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 25 November 2011 - 10:42 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users