Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 tmcgrail

tmcgrail

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 27 November 2011 - 07:41 PM

Any assistance that could be provided to help me remove this virus would be greatly appreciated.

When I click on search results in Google, I'm redirected to an unrelated web site.

Thanks very much for your help.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tom at 19:01:46 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -5:00]
.
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Tom\Desktop\rkill.scr
C:\DOCUME~1\Tom\LOCALS~1\Temp\RarSFX3\nird\iexplore.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
TCP: Interfaces\{7335A3C0-9C7B-4173-A840-2A5ACE62B2E1} : DhcpNameServer = 192.168.0.1 71.243.0.12
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-7-10 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-11-10 52824]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-27 41272]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
=============== Created Last 30 ================
.
2011-11-27 21:55:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-27 21:22:00 111616 ----a-w- c:\windows\system32\E4j7a.com_
2011-11-27 20:19:53 275456 ----a-w- c:\documents and settings\tom\local settings\application data\whw.exe1
2011-11-27 19:17:01 -------- d-----w- c:\program files\ESET
2011-11-27 17:49:20 -------- d-----w- c:\documents and settings\tom\application data\SUPERAntiSpyware.com
2011-11-27 17:48:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 17:48:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-27 16:27:21 388096 ----a-r- c:\documents and settings\tom\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-27 14:48:04 -------- d-----w- C:\ComboFix
2011-11-27 04:45:41 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
2011-11-27 04:45:29 -------- d-----w- c:\program files\ErrorEND
2011-10-29 02:46:43 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2011-10-29 02:45:42 -------- d--h--w- c:\program files\iPod
2011-10-29 02:45:38 -------- d--h--w- c:\program files\iTunes
2011-10-29 02:44:12 -------- d--h--w- c:\program files\Bonjour
2011-10-29 01:54:23 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-10-29 01:54:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
.
==================== Find3M ====================
.
2011-11-11 00:16:27 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00:50 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05:04 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ---ha-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 19:07:14.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 28 November 2011 - 12:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 28 November 2011 - 10:02 PM

Gringo,

Thanks for your help with this virus.

I'm going to have to use a two-step process here because the keyboard on my laptop stopped working after I ran Combofix. I can send you the log from my laptop, but I will have to communicate with you from my iPad.

When I ran Combofix, I got a message that it detected a root kit and, later on, Combofix told me it had to reboot my laptop because of the root kit.

I'll send the Combofix log in my next post, but I'd like to fix the keyboard problem first, if we could please.

Thanks.

Tom

#4 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 28 November 2011 - 10:05 PM

ComboFix 11-11-28.02 - Tom 11/28/2011 19:12:54.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -5:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tom\Application Data\0076.076
c:\documents and settings\Tom\Desktop\Internet Explorer.lnk
c:\documents and settings\Tom\Local Settings\Application Data\whw.exe1
c:\windows\$NtUninstallKB36056$\3425714408\@
c:\windows\$NtUninstallKB36056$\3425714408\bckfg.tmp
c:\windows\$NtUninstallKB36056$\3425714408\cfg.ini
c:\windows\$NtUninstallKB36056$\3425714408\Desktop.ini
c:\windows\$NtUninstallKB36056$\3425714408\keywords
c:\windows\$NtUninstallKB36056$\3425714408\kwrd.dll
c:\windows\$NtUninstallKB36056$\3425714408\L\pdmzmplg
c:\windows\$NtUninstallKB36056$\3425714408\lsflt7.ver
c:\windows\$NtUninstallKB36056$\3425714408\U\00000001.@
c:\windows\$NtUninstallKB36056$\3425714408\U\00000002.@
c:\windows\$NtUninstallKB36056$\3425714408\U\00000004.@
c:\windows\$NtUninstallKB36056$\3425714408\U\80000000.@
c:\windows\$NtUninstallKB36056$\3425714408\U\80000004.@
c:\windows\$NtUninstallKB36056$\3425714408\U\80000032.@
c:\windows\$NtUninstallKB36056$\3946849172
c:\windows\CSC\d6
E:\Autorun.inf
E:\Setup.exe
c:\windows\$NtUninstallKB36056$ . . . . Failed to delete
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\VNFgalygGdHd.exe
c:\program files\Clarity Seek Service\FFProfile.vbs
c:\program files\Clarity Seek Service\ie_reset.vbs
c:\program files\Clarity Seek Service\ie_set.vbs
c:\program files\Clarity Seek Service\inspa.xml
c:\program files\Clarity Seek Service\ResetFF.vbs
c:\program files\Clarity Seek Service\ResetGC.vbs
c:\program files\Clarity Seek Service\SetFF.vbs
c:\program files\Clarity Seek Service\SetGC.vbs
c:\program files\Setup Support for Browser Seek and Clarity Seek\uninst.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\mwusbw32.dll
c:\windows\system32\vmusbw32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:22 . 2011-11-27 20:33 111616 ----a-w- c:\windows\system32\E4j7a.com_
2011-11-27 21:02 . 2011-11-27 21:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-27 19:17 . 2011-11-27 19:17 -------- d-----w- c:\program files\ESET
2011-11-27 17:49 . 2011-11-27 17:49 -------- d-----w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com
2011-11-27 17:48 . 2011-11-27 17:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 17:48 . 2011-11-27 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-27 16:27 . 2011-11-27 16:27 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 04:45 . 2011-11-27 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-11-27 04:45 . 2011-11-27 04:45 -------- d-----w- c:\program files\ErrorEND
2011-11-27 04:08 . 2011-11-27 04:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-27 01:52 . 2011-11-27 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-26 12:29 . 2011-11-26 12:32 -------- d-----w- c:\documents and settings\Tom\Application Data\dvdcss
2011-11-05 16:16 . 2011-11-05 16:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 00:16 . 2011-05-15 18:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2009-10-17 21:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-27_15.42.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 16:27 . 2011-11-27 16:27 1094656 c:\windows\Installer\124c1a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 19:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-08-22 21:32 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 16:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-11-22 21:23 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [11/10/2010 10:15 PM 52824]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\At10.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At12.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At14.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At16.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At18.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At2.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At20.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At22.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At24.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At26.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At28.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At30.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At32.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At34.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At36.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At38.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At4.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At40.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At42.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At44.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At46.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At48.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At6.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-28 c:\windows\Tasks\At8.job
- c:\windows\system32\E4j7a.com_ [2011-11-27 20:33]
.
2011-11-27 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-07-20 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-11-11 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(6816)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-11-28 20:27:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 01:26
ComboFix2.txt 2011-07-08 03:18
ComboFix3.txt 2010-05-01 13:31
ComboFix4.txt 2009-12-19 02:58
ComboFix5.txt 2011-11-28 23:39
.
Pre-Run: 61,505,904,640 bytes free
Post-Run: 62,709,977,088 bytes free
.
- - End Of File - - 5D5C4078D2BD263DA0612369B8747979

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 29 November 2011 - 08:16 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

AtJob::

File::
c:\windows\system32\E4j7a.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 29 November 2011 - 09:05 PM

Gringo,

Here's the new Combofix log. Still have the same issues. My browser is still being redirected and none of the keys on my keyboard are working.

Tom



ComboFix 11-11-29.04 - Tom 11/29/2011 19:27:00.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.620 [GMT -5:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\E4j7a.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
c:\windows\system32\usmt\migwiz_a.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:22 . 2011-11-27 20:33 111616 ----a-w- c:\windows\system32\E4j7a.com_
2011-11-27 21:02 . 2011-11-27 21:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-27 19:17 . 2011-11-27 19:17 -------- d-----w- c:\program files\ESET
2011-11-27 17:49 . 2011-11-27 17:49 -------- d-----w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com
2011-11-27 17:48 . 2011-11-29 02:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 17:48 . 2011-11-27 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-27 16:27 . 2011-11-27 16:27 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 04:45 . 2011-11-27 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-11-27 04:45 . 2011-11-27 04:45 -------- d-----w- c:\program files\ErrorEND
2011-11-27 04:08 . 2011-11-27 04:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-27 01:52 . 2011-11-27 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-26 12:29 . 2011-11-26 12:32 -------- d-----w- c:\documents and settings\Tom\Application Data\dvdcss
2011-11-05 16:16 . 2011-11-05 16:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 00:16 . 2011-05-15 18:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-27_15.42.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 16:27 . 2011-11-27 16:27 1094656 c:\windows\Installer\124c1a.msi
+ 2006-12-08 02:17 . 2011-11-29 02:30 14847664 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 19:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-08-22 21:32 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 16:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-11-22 21:23 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [11/10/2010 10:15 PM 52824]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-07-20 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-11-11 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-11-29 20:50:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-30 01:49
ComboFix2.txt 2011-11-29 01:27
ComboFix3.txt 2011-07-08 03:18
ComboFix4.txt 2010-05-01 13:31
ComboFix5.txt 2011-11-30 00:18
.
Pre-Run: 62,491,443,200 bytes free
Post-Run: 62,525,362,176 bytes free
.
- - End Of File - - 5710A0483E50565E0E98BC95CEF2B5CA

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 30 November 2011 - 08:08 AM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\E4j7a.com_

AtJob:

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 30 November 2011 - 09:42 PM

Hey Gringo,

Unfortunately, no luck. My web browser is still being redirected and the keyboard still doesn't work. Plus, my computer got hung up when Combofix tried to restart the computer after it was done. I had to manually stop and restart the computer. Here's the log.

ComboFix 11-11-30.03 - Tom 11/30/2011 19:18:34.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -5:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\E4j7a.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
c:\windows\system32\E4j7a.com_
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:02 . 2011-11-27 21:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-27 19:17 . 2011-11-27 19:17 -------- d-----w- c:\program files\ESET
2011-11-27 17:49 . 2011-11-27 17:49 -------- d-----w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com
2011-11-27 17:48 . 2011-11-29 02:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 17:48 . 2011-11-27 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-27 16:27 . 2011-11-27 16:27 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 04:45 . 2011-11-27 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-11-27 04:45 . 2011-11-27 04:45 -------- d-----w- c:\program files\ErrorEND
2011-11-27 04:08 . 2011-11-27 04:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-27 01:52 . 2011-11-27 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-26 12:29 . 2011-11-26 12:32 -------- d-----w- c:\documents and settings\Tom\Application Data\dvdcss
2011-11-05 16:16 . 2011-11-05 16:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 00:16 . 2011-05-15 18:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-27_15.42.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 16:27 . 2011-11-27 16:27 1094656 c:\windows\Installer\124c1a.msi
+ 2006-12-08 02:17 . 2011-11-29 02:30 14847664 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 19:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-08-22 21:32 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 16:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-11-22 21:23 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [11/10/2010 10:15 PM 52824]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-07-20 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-11-11 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-11-30 21:25:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 02:25
ComboFix2.txt 2011-11-30 01:50
ComboFix3.txt 2011-11-29 01:27
ComboFix4.txt 2011-07-08 03:18
ComboFix5.txt 2011-12-01 00:09
.
Pre-Run: 62,394,249,216 bytes free
Post-Run: 62,541,328,384 bytes free
.
- - End Of File - - D92896096929FB53E4B961599AA17C74

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 30 November 2011 - 09:46 PM

this is a laptop?

what is the make and model


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 December 2011 - 07:21 AM

Yes, it's a laptop. A Dell Inspiron.

I downloaded TDSSkiller, but it wouldn't run when I doublle-clicked on it. Nothing happened. I tried running it from a flash drive, but that didn't work either.

Edited by tmcgrail, 01 December 2011 - 07:22 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 01 December 2011 - 08:02 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 December 2011 - 09:38 PM

Gringo,

fixTDSS said "Infected MBR detected". Ran the repair and the repair succeeded.

TDSSKiller was able to run. Here's the report.

Tom

21:18:40.0984 2396 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:18:41.0250 2396 ============================================================
21:18:41.0250 2396 Current date / time: 2011/12/01 21:18:41.0250
21:18:41.0250 2396 SystemInfo:
21:18:41.0250 2396
21:18:41.0250 2396 OS Version: 5.1.2600 ServicePack: 3.0
21:18:41.0250 2396 Product type: Workstation
21:18:41.0250 2396 ComputerName: DAD
21:18:41.0250 2396 UserName: Tom
21:18:41.0250 2396 Windows directory: C:\WINDOWS
21:18:41.0250 2396 System windows directory: C:\WINDOWS
21:18:41.0250 2396 Processor architecture: Intel x86
21:18:41.0250 2396 Number of processors: 2
21:18:41.0250 2396 Page size: 0x1000
21:18:41.0250 2396 Boot type: Normal boot
21:18:41.0250 2396 ============================================================
21:18:42.0734 2396 Initialize success
21:19:11.0171 3480 ============================================================
21:19:11.0171 3480 Scan started
21:19:11.0171 3480 Mode: Manual;
21:19:11.0171 3480 ============================================================
21:19:11.0390 3480 Abiosdsk - ok
21:19:11.0453 3480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:19:11.0453 3480 abp480n5 - ok
21:19:11.0500 3480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:11.0500 3480 ACPI - ok
21:19:11.0531 3480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:19:11.0531 3480 ACPIEC - ok
21:19:11.0546 3480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:19:11.0562 3480 adpu160m - ok
21:19:11.0609 3480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:19:11.0609 3480 aec - ok
21:19:11.0734 3480 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
21:19:11.0734 3480 Afc - ok
21:19:11.0781 3480 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:19:11.0781 3480 AFD - ok
21:19:11.0828 3480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:19:11.0828 3480 agp440 - ok
21:19:11.0875 3480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:19:11.0875 3480 agpCPQ - ok
21:19:11.0937 3480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:19:11.0937 3480 Aha154x - ok
21:19:12.0015 3480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:19:12.0031 3480 aic78u2 - ok
21:19:12.0046 3480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:19:12.0062 3480 aic78xx - ok
21:19:12.0078 3480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:19:12.0093 3480 AliIde - ok
21:19:12.0109 3480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:19:12.0109 3480 alim1541 - ok
21:19:12.0140 3480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:19:12.0140 3480 amdagp - ok
21:19:12.0156 3480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:19:12.0156 3480 amsint - ok
21:19:12.0203 3480 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:19:12.0203 3480 APPDRV - ok
21:19:12.0312 3480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:19:12.0312 3480 Arp1394 - ok
21:19:12.0375 3480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:19:12.0375 3480 asc - ok
21:19:12.0406 3480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:19:12.0406 3480 asc3350p - ok
21:19:12.0453 3480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:19:12.0453 3480 asc3550 - ok
21:19:12.0484 3480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:12.0484 3480 AsyncMac - ok
21:19:12.0531 3480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:12.0531 3480 atapi - ok
21:19:12.0609 3480 Atdisk - ok
21:19:12.0718 3480 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:19:12.0734 3480 ati2mtag - ok
21:19:12.0796 3480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:12.0796 3480 Atmarpc - ok
21:19:12.0953 3480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:12.0953 3480 audstub - ok
21:19:13.0046 3480 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:19:13.0062 3480 BCM43XX - ok
21:19:13.0156 3480 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:19:13.0171 3480 bcm4sbxp - ok
21:19:13.0203 3480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:19:13.0203 3480 Beep - ok
21:19:13.0265 3480 catchme - ok
21:19:13.0296 3480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:19:13.0296 3480 cbidf - ok
21:19:13.0312 3480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:13.0312 3480 cbidf2k - ok
21:19:13.0359 3480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:19:13.0359 3480 CCDECODE - ok
21:19:13.0375 3480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:19:13.0375 3480 cd20xrnt - ok
21:19:13.0468 3480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:13.0468 3480 Cdaudio - ok
21:19:13.0562 3480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:13.0562 3480 Cdfs - ok
21:19:13.0625 3480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:13.0625 3480 Cdrom - ok
21:19:13.0640 3480 Changer - ok
21:19:13.0671 3480 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:19:13.0671 3480 CmBatt - ok
21:19:13.0734 3480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:19:13.0734 3480 CmdIde - ok
21:19:13.0765 3480 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:19:13.0765 3480 Compbatt - ok
21:19:13.0828 3480 CO_Mon (9dbd4a34f6f292ab4ddc3b209ec07c2f) C:\WINDOWS\system32\Drivers\CO_Mon.sys
21:19:13.0828 3480 CO_Mon - ok
21:19:13.0906 3480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:19:13.0906 3480 Cpqarray - ok
21:19:13.0953 3480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:19:13.0953 3480 dac2w2k - ok
21:19:13.0968 3480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:19:13.0968 3480 dac960nt - ok
21:19:14.0031 3480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:14.0031 3480 Disk - ok
21:19:14.0140 3480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:19:14.0156 3480 dmboot - ok
21:19:14.0312 3480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:19:14.0312 3480 dmio - ok
21:19:14.0328 3480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:19:14.0328 3480 dmload - ok
21:19:14.0375 3480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:19:14.0375 3480 DMusic - ok
21:19:14.0437 3480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:19:14.0437 3480 dpti2o - ok
21:19:14.0484 3480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:14.0484 3480 drmkaud - ok
21:19:14.0500 3480 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:19:14.0500 3480 drvmcdb - ok
21:19:14.0515 3480 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
21:19:14.0531 3480 drvnddm - ok
21:19:14.0578 3480 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
21:19:14.0578 3480 dsNcAdpt - ok
21:19:14.0718 3480 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:19:14.0718 3480 DSproct - ok
21:19:14.0859 3480 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:19:14.0875 3480 E100B - ok
21:19:14.0937 3480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:14.0937 3480 Fastfat - ok
21:19:14.0968 3480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:14.0968 3480 Fdc - ok
21:19:15.0015 3480 FileDisk (093913a016845fe257ed9b7fc8e28ed8) C:\WINDOWS\system32\drivers\FileDisk.sys
21:19:15.0015 3480 FileDisk - ok
21:19:15.0062 3480 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:19:15.0078 3480 FilterService - ok
21:19:15.0156 3480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:19:15.0171 3480 Fips - ok
21:19:15.0203 3480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:19:15.0203 3480 Flpydisk - ok
21:19:15.0234 3480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:15.0234 3480 FltMgr - ok
21:19:15.0250 3480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:15.0250 3480 Fs_Rec - ok
21:19:15.0281 3480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:15.0281 3480 Ftdisk - ok
21:19:15.0328 3480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:19:15.0328 3480 GEARAspiWDM - ok
21:19:15.0375 3480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:15.0375 3480 Gpc - ok
21:19:15.0500 3480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:15.0500 3480 HDAudBus - ok
21:19:15.0562 3480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:15.0562 3480 HidUsb - ok
21:19:15.0625 3480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:19:15.0625 3480 hpn - ok
21:19:15.0671 3480 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:19:15.0687 3480 HSFHWAZL - ok
21:19:15.0750 3480 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:19:15.0765 3480 HSF_DPV - ok
21:19:15.0906 3480 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:15.0906 3480 HTTP - ok
21:19:15.0953 3480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:19:15.0953 3480 i2omgmt - ok
21:19:15.0984 3480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:19:16.0000 3480 i2omp - ok
21:19:16.0015 3480 i8042prt (51958d8c287f8ba3a62bcdd19c7f531c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:16.0015 3480 i8042prt - ok
21:19:16.0031 3480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:16.0031 3480 Imapi - ok
21:19:16.0093 3480 InCDfs (1da147acb525a4822228be06154c7cbb) C:\WINDOWS\system32\drivers\InCDFs.sys
21:19:16.0093 3480 InCDfs - ok
21:19:16.0125 3480 InCDPass (2ec469a401ae6fe7a67d80effd3091b1) C:\WINDOWS\system32\drivers\InCDPass.sys
21:19:16.0125 3480 InCDPass - ok
21:19:16.0203 3480 InCDRec (544498d06b8ca187a5960b4f3b4bd63e) C:\WINDOWS\system32\drivers\InCDRec.sys
21:19:16.0203 3480 InCDRec - ok
21:19:16.0234 3480 incdrm (2863a00b0f64d937f0cd9561c53b5a37) C:\WINDOWS\system32\drivers\InCDRm.sys
21:19:16.0250 3480 incdrm - ok
21:19:16.0296 3480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:19:16.0296 3480 ini910u - ok
21:19:16.0359 3480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:19:16.0359 3480 IntelIde - ok
21:19:16.0375 3480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:16.0375 3480 intelppm - ok
21:19:16.0421 3480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:16.0421 3480 Ip6Fw - ok
21:19:16.0531 3480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:16.0531 3480 IpFilterDriver - ok
21:19:16.0578 3480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:16.0578 3480 IpInIp - ok
21:19:16.0609 3480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:16.0609 3480 IpNat - ok
21:19:16.0656 3480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:16.0656 3480 IPSec - ok
21:19:16.0703 3480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:16.0703 3480 IRENUM - ok
21:19:16.0718 3480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:16.0734 3480 isapnp - ok
21:19:16.0750 3480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:16.0750 3480 Kbdclass - ok
21:19:16.0843 3480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:19:16.0859 3480 kmixer - ok
21:19:16.0875 3480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:16.0875 3480 KSecDD - ok
21:19:16.0890 3480 lbrtfdc - ok
21:19:17.0031 3480 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
21:19:17.0062 3480 LVcKap - ok
21:19:17.0312 3480 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
21:19:17.0343 3480 LVMVDrv - ok
21:19:17.0578 3480 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
21:19:17.0609 3480 lvpopflt - ok
21:19:17.0750 3480 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:19:17.0765 3480 LVPr2Mon - ok
21:19:17.0812 3480 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:19:17.0812 3480 LVUSBSta - ok
21:19:18.0000 3480 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:19:18.0046 3480 LVUVC - ok
21:19:18.0156 3480 MBAMSwissArmy - ok
21:19:18.0187 3480 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:19:18.0203 3480 mdmxsdk - ok
21:19:18.0265 3480 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:19:18.0265 3480 MHNDRV - ok
21:19:18.0296 3480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:18.0296 3480 mnmdd - ok
21:19:18.0328 3480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:19:18.0328 3480 Modem - ok
21:19:18.0359 3480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:18.0359 3480 Mouclass - ok
21:19:18.0421 3480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:19:18.0421 3480 mouhid - ok
21:19:18.0531 3480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:18.0531 3480 MountMgr - ok
21:19:18.0593 3480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:19:18.0593 3480 mraid35x - ok
21:19:18.0656 3480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:18.0656 3480 MRxDAV - ok
21:19:18.0703 3480 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:18.0703 3480 MRxSmb - ok
21:19:18.0812 3480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:19:18.0812 3480 Msfs - ok
21:19:18.0843 3480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:18.0859 3480 MSKSSRV - ok
21:19:18.0890 3480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:18.0890 3480 MSPCLOCK - ok
21:19:18.0921 3480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:18.0921 3480 MSPQM - ok
21:19:18.0968 3480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:18.0968 3480 mssmbios - ok
21:19:19.0000 3480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:19:19.0000 3480 MSTEE - ok
21:19:19.0109 3480 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:19:19.0109 3480 Mup - ok
21:19:19.0171 3480 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
21:19:19.0171 3480 MXOPSWD - ok
21:19:19.0203 3480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:19:19.0203 3480 NABTSFEC - ok
21:19:19.0234 3480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:19:19.0234 3480 NDIS - ok
21:19:19.0265 3480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:19:19.0265 3480 NdisIP - ok
21:19:19.0312 3480 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:19.0312 3480 NdisTapi - ok
21:19:19.0390 3480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:19.0390 3480 Ndisuio - ok
21:19:19.0453 3480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:19.0453 3480 NdisWan - ok
21:19:19.0500 3480 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:19.0500 3480 NDProxy - ok
21:19:19.0546 3480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:19.0546 3480 NetBIOS - ok
21:19:19.0578 3480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:19.0578 3480 NetBT - ok
21:19:19.0609 3480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:19:19.0609 3480 NIC1394 - ok
21:19:19.0703 3480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:19:19.0703 3480 Npfs - ok
21:19:19.0765 3480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:19.0781 3480 Ntfs - ok
21:19:19.0828 3480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:19:19.0828 3480 Null - ok
21:19:19.0968 3480 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:19:20.0000 3480 nv - ok
21:19:20.0109 3480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:20.0109 3480 NwlnkFlt - ok
21:19:20.0140 3480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:20.0140 3480 NwlnkFwd - ok
21:19:20.0187 3480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:19:20.0187 3480 ohci1394 - ok
21:19:20.0203 3480 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
21:19:20.0203 3480 omci - ok
21:19:20.0265 3480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:19:20.0265 3480 Parport - ok
21:19:20.0296 3480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:20.0296 3480 PartMgr - ok
21:19:20.0390 3480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:20.0390 3480 ParVdm - ok
21:19:20.0453 3480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:20.0468 3480 PCI - ok
21:19:20.0468 3480 PCIDump - ok
21:19:20.0500 3480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:20.0500 3480 PCIIde - ok
21:19:20.0531 3480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:20.0531 3480 Pcmcia - ok
21:19:20.0546 3480 PDCOMP - ok
21:19:20.0562 3480 PDFRAME - ok
21:19:20.0578 3480 PDRELI - ok
21:19:20.0593 3480 PDRFRAME - ok
21:19:20.0640 3480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:19:20.0656 3480 perc2 - ok
21:19:20.0671 3480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:19:20.0671 3480 perc2hib - ok
21:19:20.0734 3480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:20.0734 3480 PptpMiniport - ok
21:19:20.0843 3480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:19:20.0843 3480 PSched - ok
21:19:20.0859 3480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:20.0859 3480 Ptilink - ok
21:19:20.0906 3480 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:19:20.0906 3480 PxHelp20 - ok
21:19:20.0937 3480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:19:20.0937 3480 ql1080 - ok
21:19:21.0000 3480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:19:21.0000 3480 Ql10wnt - ok
21:19:21.0015 3480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:19:21.0015 3480 ql12160 - ok
21:19:21.0109 3480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:19:21.0109 3480 ql1240 - ok
21:19:21.0140 3480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:19:21.0140 3480 ql1280 - ok
21:19:21.0187 3480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:21.0187 3480 RasAcd - ok
21:19:21.0234 3480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:21.0234 3480 Rasl2tp - ok
21:19:21.0265 3480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:21.0265 3480 RasPppoe - ok
21:19:21.0281 3480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:21.0281 3480 Raspti - ok
21:19:21.0390 3480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:21.0390 3480 Rdbss - ok
21:19:21.0437 3480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:21.0437 3480 RDPCDD - ok
21:19:21.0468 3480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:19:21.0468 3480 rdpdr - ok
21:19:21.0500 3480 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:21.0500 3480 RDPWD - ok
21:19:21.0546 3480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:21.0546 3480 redbook - ok
21:19:21.0593 3480 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:19:21.0593 3480 rimmptsk - ok
21:19:21.0687 3480 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:19:21.0687 3480 rimsptsk - ok
21:19:21.0734 3480 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:19:21.0750 3480 RimUsb - ok
21:19:21.0765 3480 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:19:21.0765 3480 RimVSerPort - ok
21:19:21.0796 3480 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:19:21.0812 3480 rismxdp - ok
21:19:21.0828 3480 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:19:21.0828 3480 ROOTMODEM - ok
21:19:22.0000 3480 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:19:22.0000 3480 SASDIFSV - ok
21:19:22.0015 3480 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:19:22.0015 3480 SASKUTIL - ok
21:19:22.0109 3480 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
21:19:22.0109 3480 sbp2port - ok
21:19:22.0187 3480 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:19:22.0187 3480 sdbus - ok
21:19:22.0234 3480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:22.0234 3480 Secdrv - ok
21:19:22.0265 3480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:19:22.0265 3480 serenum - ok
21:19:22.0296 3480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:19:22.0296 3480 Serial - ok
21:19:22.0328 3480 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:19:22.0328 3480 sffdisk - ok
21:19:22.0421 3480 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:19:22.0421 3480 sffp_sd - ok
21:19:22.0500 3480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:22.0500 3480 Sfloppy - ok
21:19:22.0531 3480 Simbad - ok
21:19:22.0546 3480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:19:22.0546 3480 sisagp - ok
21:19:22.0609 3480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:19:22.0609 3480 SLIP - ok
21:19:22.0671 3480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:19:22.0671 3480 Sparrow - ok
21:19:22.0765 3480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:19:22.0765 3480 splitter - ok
21:19:22.0843 3480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:22.0843 3480 sr - ok
21:19:22.0921 3480 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:22.0937 3480 Srv - ok
21:19:22.0968 3480 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:19:22.0968 3480 sscdbhk5 - ok
21:19:22.0984 3480 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
21:19:22.0984 3480 ssrtln - ok
21:19:23.0046 3480 stdriver (8bb19094def583e0eece1830457444ee) C:\WINDOWS\system32\DRIVERS\stdriver32.sys
21:19:23.0046 3480 stdriver - ok
21:19:23.0203 3480 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
21:19:23.0218 3480 STHDA - ok
21:19:23.0281 3480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:19:23.0281 3480 streamip - ok
21:19:23.0375 3480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:23.0375 3480 swenum - ok
21:19:23.0406 3480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:19:23.0406 3480 swmidi - ok
21:19:23.0484 3480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:19:23.0484 3480 symc810 - ok
21:19:23.0500 3480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:19:23.0515 3480 symc8xx - ok
21:19:23.0531 3480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:19:23.0531 3480 sym_hi - ok
21:19:23.0562 3480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:19:23.0578 3480 sym_u3 - ok
21:19:23.0703 3480 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:19:23.0703 3480 SynTP - ok
21:19:23.0750 3480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:23.0750 3480 sysaudio - ok
21:19:23.0828 3480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:23.0828 3480 Tcpip - ok
21:19:23.0859 3480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:23.0859 3480 TDPIPE - ok
21:19:23.0968 3480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:23.0968 3480 TDTCP - ok
21:19:24.0000 3480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:24.0000 3480 TermDD - ok
21:19:24.0062 3480 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
21:19:24.0062 3480 tfsnboio - ok
21:19:24.0093 3480 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
21:19:24.0093 3480 tfsncofs - ok
21:19:24.0109 3480 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
21:19:24.0109 3480 tfsndrct - ok
21:19:24.0140 3480 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
21:19:24.0140 3480 tfsndres - ok
21:19:24.0250 3480 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
21:19:24.0250 3480 tfsnifs - ok
21:19:24.0265 3480 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
21:19:24.0265 3480 tfsnopio - ok
21:19:24.0281 3480 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
21:19:24.0281 3480 tfsnpool - ok
21:19:24.0312 3480 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
21:19:24.0312 3480 tfsnudf - ok
21:19:24.0328 3480 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:19:24.0328 3480 tfsnudfa - ok
21:19:24.0406 3480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:19:24.0406 3480 TosIde - ok
21:19:24.0421 3480 TotRec8 - ok
21:19:24.0484 3480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:19:24.0484 3480 Udfs - ok
21:19:24.0515 3480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:19:24.0515 3480 ultra - ok
21:19:24.0625 3480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:19:24.0640 3480 Update - ok
21:19:24.0687 3480 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:24.0703 3480 USBAAPL - ok
21:19:24.0750 3480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:19:24.0750 3480 usbaudio - ok
21:19:24.0796 3480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:24.0796 3480 usbccgp - ok
21:19:24.0953 3480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:24.0953 3480 usbehci - ok
21:19:24.0968 3480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:24.0968 3480 usbhub - ok
21:19:25.0000 3480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:25.0000 3480 usbscan - ok
21:19:25.0031 3480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:25.0031 3480 USBSTOR - ok
21:19:25.0046 3480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:19:25.0046 3480 usbuhci - ok
21:19:25.0093 3480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:19:25.0093 3480 VgaSave - ok
21:19:25.0156 3480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:19:25.0156 3480 viaagp - ok
21:19:25.0265 3480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:19:25.0265 3480 ViaIde - ok
21:19:25.0281 3480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:25.0296 3480 VolSnap - ok
21:19:25.0328 3480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:25.0328 3480 Wanarp - ok
21:19:25.0343 3480 WDICA - ok
21:19:25.0359 3480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:25.0375 3480 wdmaud - ok
21:19:25.0375 3480 WD_FireWire_HID - ok
21:19:25.0468 3480 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:19:25.0484 3480 winachsf - ok
21:19:25.0593 3480 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:19:25.0609 3480 WmiAcpi - ok
21:19:25.0656 3480 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:19:25.0656 3480 WpdUsb - ok
21:19:25.0687 3480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:19:25.0687 3480 WS2IFSL - ok
21:19:25.0734 3480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:19:25.0734 3480 WSTCODEC - ok
21:19:25.0781 3480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:19:25.0781 3480 WudfPf - ok
21:19:25.0828 3480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:19:25.0828 3480 WudfRd - ok
21:19:25.0890 3480 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:19:25.0890 3480 \Device\Harddisk0\DR0 - ok
21:19:25.0906 3480 Boot (0x1200) (e64db88e9cbd3e3642583fff17f895af) \Device\Harddisk0\DR0\Partition0
21:19:25.0906 3480 \Device\Harddisk0\DR0\Partition0 - ok
21:19:25.0906 3480 ============================================================
21:19:25.0906 3480 Scan finished
21:19:25.0906 3480 ============================================================
21:19:25.0921 1988 Detected object count: 0
21:19:25.0921 1988 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 01 December 2011 - 10:18 PM

Hello

what model number is the dell and what problems do we still have



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 December 2011 - 10:37 PM

Good news! The redirect virus appears to be gone.

The keyboard still isn't working. That problem started after the first time we ran Combofix. Also, the My Computer icon on my desktop disappeared after we ran Combofix.

Otherwise, I don't think there's any other issues.

The laptop is a Dell Inspiron E1505.

Tom

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 02 December 2011 - 12:18 AM

Hello


go here and download and install the input drivers - http://www.dell.com/support/drivers/us/en/usgen1/DriversHome/




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users