Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chronically Reinfected Laptop


  • This topic is locked This topic is locked
23 replies to this topic

#1 CammyK

CammyK

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 29 December 2011 - 07:23 PM

We currently have the trojan, wscsvc.exe, on our laptop. This is my mother's laptop and there are constantly trojans infecting the computer. Right before this trojan was detected we removed the fake "Vista Antispyware 2012" virus. The computer is a Lenovo computer from 2007 with Windows Vista Home Premium, Service Pack 1. Intel 2.16 Ghz processor, 3 GB of RAM, 32-bit OS. I am having to post this in safe mode because in the normal mode a 1 second task takes ~10 minutes. However, I did run HijackThis in normal mode to generate the log file. Here is our HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:43 PM, on 12/28/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\aol\1239333554\ee\aolsoftware.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\aol\1239333554\ee\aolupdates.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15784&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe -TrayMode
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1239333554\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7269 bytes

BC AdBot (Login to Remove)

 


#2 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 02 January 2012 - 02:58 PM

Hope everyone had a nice holiday. Just posting to make sure this didn't get lost in the flood of messages that came in between then and now. :)

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 05 January 2012 - 12:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435252 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 05 January 2012 - 07:53 PM

I was asked to include another reply by the Helpbot. Yes, I am still interested in receiving help for this issue. The laptop has not been in use since this subject was posted.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 06 January 2012 - 12:01 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 07 January 2012 - 10:18 PM

From DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_29
Run by Fran at 21:14:07 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3032.1790 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\aol\1239333554\ee\aolsoftware.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\aol\1239333554\ee\aolupdates.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15784&l=dis
mStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [Readycomm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [HostManager] c:\program files\common files\aol\1239333554\ee\AOLSoftware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 4.2.2.2 4.2.2.3
TCP: Interfaces\{CE1CCAC1-FB01-435E-943F-60A21A38E460} : DhcpNameServer = 4.2.2.2 4.2.2.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fran\appdata\roaming\mozilla\firefox\profiles\r9ajhv9z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15781&locale=en_US&apn_uid=78AD04DE-866E-4909-96C4-8B84507C58A9&apn_ptnrs=HP&apn_sauid=329B1C29-2A40-4C03-997D-8D6224B8E75E&apn_dtid=YYYYYYYYUS&&q=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\fran\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\fran\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\fran\appdata\roaming\mozilla\firefox\profiles\r9ajhv9z.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\fran\appdata\roaming\mozilla\firefox\profiles\r9ajhv9z.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\fran\appdata\roaming\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-6-13 8832]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-13 36000]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-1-7 49472]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-13 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-13 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-13 74640]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-2-14 32768]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-1-7 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-1-7 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-1-7 18448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-16 112128]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-6-13 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-6 1153368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-1-7 81192]
.
=============== Created Last 30 ================
.
2011-12-29 00:57:35 388096 ----a-r- c:\users\fran\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-29 00:57:33 -------- d-----w- c:\program files\Trend Micro
2011-12-14 01:20:44 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-12-14 01:19:45 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-12-14 01:11:45 -------- d-----w- c:\users\fran\appdata\roaming\Avira
2011-12-14 01:06:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-14 01:06:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-14 01:05:55 -------- d-----w- c:\programdata\Avira
2011-12-14 01:05:55 -------- d-----w- c:\program files\Avira
2011-12-13 21:41:06 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5eefe8d4-21a3-4e2b-ba19-70abf2eb28f1}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-25 15:26:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:15:52.16 ===============









From "Attach":

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2009 7:57:18 PM
System Uptime: 1/7/2012 9:06:16 PM (0 hours ago)
.
Motherboard: LENOVO | | JIWA1
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | U2E1 | 1666/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 63.44 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 28.792 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.2.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Ask Toolbar
Avira Free Antivirus
Broadcom Gigabit Integrated Controller
Broadcom WLAN
Business Contact Manager for Outlook 2007 SP2
Carbonite Online Backup Setup
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
DivX Setup
Drivers.com
DVD Flick 1.3.0.7
EasyCapture
Energy Management
Facebook Plug-In
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 29
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Premium
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Move Media Player
Mozilla Firefox (3.6.25)
Napster
Napster Burn Engine
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
Orb
Orb Runtime libraries
Power2Go
PRS-500 USB driver
QuickTime
Reader Library by Sony
RealPlayer
RTC Client API v1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
VeriFace III
Viewpoint Media Player
WildGames
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Toolbar
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 9:09:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/7/2012 9:07:25 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 9:00:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr spldr ssmdrv Wanarpv6
1/7/2012 9:00:24 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 9:00:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2012 8:59:12 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
1/7/2012 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2012 8:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================



Thanks!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 07 January 2012 - 10:24 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 10 January 2012 - 12:29 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 January 2012 - 08:05 PM

Here's the log:

ComboFix 12-01-10.02 - Fran 01/10/2012 18:39:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3032.1878 [GMT -6:00]
Running from: F:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fran\Desktop\Data Recovery.lnk
c:\users\Fran\Documents\~WRD0002.tmp
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 00:46 . 2012-01-11 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 00:57 . 2011-12-29 00:57 388096 ----a-r- c:\users\Fran\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-29 00:57 . 2011-12-29 00:57 -------- d-----w- c:\program files\Trend Micro
2011-12-14 01:20 . 2011-05-05 21:08 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-12-14 01:19 . 2011-12-14 01:21 -------- d-----w- c:\program files\AOL Desktop 9.6
2011-12-14 01:11 . 2011-12-14 01:11 -------- d-----w- c:\users\Fran\AppData\Roaming\Avira
2011-12-14 01:06 . 2011-12-09 18:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-14 01:06 . 2011-12-09 18:40 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-14 01:06 . 2011-12-09 18:40 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-14 01:05 . 2011-12-14 01:05 -------- d-----w- c:\programdata\Avira
2011-12-14 01:05 . 2011-12-14 01:05 -------- d-----w- c:\program files\Avira
2011-12-13 21:41 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EEFE8D4-21A3-4E2B-BA19-70ABF2EB28F1}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 15:26 . 2011-06-04 05:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-06-13 2693688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-06-19 284096]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"Readycomm"="c:\program files\Lenovo\ReadyComm\ReadyComm.exe" [2007-06-03 425984]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-07-16 5285792]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-31 8857488]
"HostManager"="c:\program files\Common Files\AOL\1239333554\ee\AOLSoftware.exe" [2010-03-08 41800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Fran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-08-24 02:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-05-10 14:27 906656 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 15:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-05 22:50 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
2009-01-08 02:45 2916352 ----a-w- c:\program files\Lenovo\VeriFaceIII\PManage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-01-02 18448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter IncSvc PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15784&l=dis
mStart Page = hxxp://lenovo.live.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 4.2.2.2 4.2.2.3
FF - ProfilePath - c:\users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\r9ajhv9z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15781&locale=en_US&apn_uid=78AD04DE-866E-4909-96C4-8B84507C58A9&apn_ptnrs=HP&apn_sauid=329B1C29-2A40-4C03-997D-8D6224B8E75E&apn_dtid=YYYYYYYYUS&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Fran\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{771C7324-DA80-49D3-8017-753B0AF60951} - c:\users\Fran\AppData\Local\Temp\ftj.dll
MSConfigStartUp-Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0} - c:\windows\test.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 18:46
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-10 18:48:08
ComboFix-quarantined-files.txt 2012-01-11 00:48
.
Pre-Run: 67,385,933,824 bytes free
Post-Run: 68,084,871,168 bytes free
.
- - End Of File - - FE628B9188355F6EA6BF0A8AD1139254

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 10 January 2012 - 08:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 10 January 2012 - 09:22 PM

Hello, I ran the scanner and it wasn't able to detect anything. The computer is doing better than before; however, it still seems to be lagging quite a bit. Here is the log:

20:17:24.0169 1280 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:17:24.0455 1280 ============================================================
20:17:24.0455 1280 Current date / time: 2012/01/10 20:17:24.0455
20:17:24.0455 1280 SystemInfo:
20:17:24.0455 1280
20:17:24.0455 1280 OS Version: 6.0.6001 ServicePack: 1.0
20:17:24.0455 1280 Product type: Workstation
20:17:24.0455 1280 ComputerName: FRAN-PC
20:17:24.0455 1280 UserName: Fran
20:17:24.0456 1280 Windows directory: C:\Windows
20:17:24.0456 1280 System windows directory: C:\Windows
20:17:24.0456 1280 Processor architecture: Intel x86
20:17:24.0456 1280 Number of processors: 2
20:17:24.0456 1280 Page size: 0x1000
20:17:24.0456 1280 Boot type: Normal boot
20:17:24.0456 1280 ============================================================
20:17:25.0663 1280 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:17:25.0807 1280 Initialize success
20:17:32.0814 1356 ============================================================
20:17:32.0814 1356 Scan started
20:17:32.0814 1356 Mode: Manual;
20:17:32.0814 1356 ============================================================
20:17:33.0925 1356 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:17:33.0928 1356 ACPI - ok
20:17:34.0014 1356 ACPIVPC (08712de3bb98202059237dba3d3b90a5) C:\Windows\system32\DRIVERS\AcpiVpc.sys
20:17:34.0019 1356 ACPIVPC - ok
20:17:34.0080 1356 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:17:34.0110 1356 adp94xx - ok
20:17:34.0149 1356 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:17:34.0171 1356 adpahci - ok
20:17:34.0192 1356 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:17:34.0200 1356 adpu160m - ok
20:17:34.0221 1356 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:17:34.0223 1356 adpu320 - ok
20:17:34.0311 1356 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:17:34.0337 1356 AFD - ok
20:17:34.0386 1356 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:17:34.0394 1356 agp440 - ok
20:17:34.0442 1356 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:17:34.0451 1356 aic78xx - ok
20:17:34.0475 1356 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:17:34.0482 1356 aliide - ok
20:17:34.0508 1356 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:17:34.0524 1356 amdagp - ok
20:17:34.0544 1356 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:17:34.0550 1356 amdide - ok
20:17:34.0574 1356 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:17:34.0575 1356 AmdK7 - ok
20:17:34.0621 1356 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:17:34.0627 1356 AmdK8 - ok
20:17:34.0734 1356 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:17:34.0744 1356 arc - ok
20:17:34.0773 1356 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:17:34.0781 1356 arcsas - ok
20:17:34.0823 1356 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:34.0827 1356 AsyncMac - ok
20:17:34.0853 1356 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:17:34.0853 1356 atapi - ok
20:17:34.0943 1356 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:17:34.0951 1356 avgntflt - ok
20:17:34.0989 1356 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
20:17:34.0998 1356 avipbb - ok
20:17:35.0066 1356 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:17:35.0072 1356 avkmgr - ok
20:17:35.0141 1356 b57nd60x (f17463eddb3b6a988f939ff403e067c3) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:17:35.0153 1356 b57nd60x - ok
20:17:35.0833 1356 BCM43XX (36aec496ba179120305319d1086228fc) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:17:35.0842 1356 BCM43XX - ok
20:17:35.0968 1356 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:17:35.0969 1356 Beep - ok
20:17:36.0060 1356 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:17:36.0068 1356 blbdrive - ok
20:17:36.0118 1356 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:17:36.0127 1356 bowser - ok
20:17:36.0171 1356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:17:36.0175 1356 BrFiltLo - ok
20:17:36.0192 1356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:17:36.0196 1356 BrFiltUp - ok
20:17:36.0237 1356 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:17:36.0237 1356 Brserid - ok
20:17:36.0264 1356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:17:36.0271 1356 BrSerWdm - ok
20:17:36.0308 1356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:17:36.0309 1356 BrUsbMdm - ok
20:17:36.0322 1356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:17:36.0327 1356 BrUsbSer - ok
20:17:36.0351 1356 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:17:36.0357 1356 BTHMODEM - ok
20:17:36.0473 1356 catchme - ok
20:17:36.0541 1356 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:17:36.0548 1356 cdfs - ok
20:17:36.0582 1356 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:17:36.0591 1356 cdrom - ok
20:17:36.0616 1356 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:17:36.0623 1356 circlass - ok
20:17:36.0661 1356 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:17:36.0663 1356 CLFS - ok
20:17:36.0709 1356 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:17:36.0713 1356 CmBatt - ok
20:17:36.0747 1356 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:17:36.0754 1356 cmdide - ok
20:17:36.0816 1356 CnxtHdAudService (8b7a0ce6613f991359ff95212900396c) C:\Windows\system32\drivers\CHDRT32.sys
20:17:36.0827 1356 CnxtHdAudService - ok
20:17:36.0860 1356 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:17:36.0866 1356 Compbatt - ok
20:17:36.0907 1356 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:17:36.0914 1356 crcdisk - ok
20:17:37.0120 1356 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:17:37.0127 1356 Crusoe - ok
20:17:37.0490 1356 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:17:37.0497 1356 DfsC - ok
20:17:37.0836 1356 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:17:37.0843 1356 disk - ok
20:17:37.0929 1356 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:17:37.0932 1356 drmkaud - ok
20:17:37.0981 1356 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:17:37.0990 1356 DXGKrnl - ok
20:17:38.0019 1356 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:17:38.0028 1356 E1G60 - ok
20:17:38.0112 1356 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:17:38.0127 1356 Ecache - ok
20:17:38.0181 1356 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:17:38.0202 1356 elxstor - ok
20:17:38.0230 1356 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:17:38.0230 1356 ErrDev - ok
20:17:38.0279 1356 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:17:38.0288 1356 exfat - ok
20:17:38.0308 1356 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:17:38.0320 1356 fastfat - ok
20:17:38.0337 1356 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:17:38.0338 1356 fdc - ok
20:17:38.0419 1356 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:17:38.0428 1356 FileInfo - ok
20:17:38.0447 1356 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:17:38.0452 1356 Filetrace - ok
20:17:38.0477 1356 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:38.0482 1356 flpydisk - ok
20:17:38.0508 1356 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:17:38.0521 1356 FltMgr - ok
20:17:38.0544 1356 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:17:38.0548 1356 Fs_Rec - ok
20:17:38.0602 1356 funfrm (000b97efe617d05f197420e4112dc8a8) C:\Windows\system32\drivers\funfrm.sys
20:17:38.0607 1356 funfrm - ok
20:17:38.0722 1356 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:17:38.0730 1356 gagp30kx - ok
20:17:38.0864 1356 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:17:38.0878 1356 HdAudAddService - ok
20:17:38.0940 1356 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:17:38.0941 1356 HDAudBus - ok
20:17:38.0968 1356 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:17:38.0970 1356 HidBth - ok
20:17:38.0991 1356 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:17:39.0005 1356 HidIr - ok
20:17:39.0065 1356 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
20:17:39.0066 1356 HidUsb - ok
20:17:39.0102 1356 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:17:39.0110 1356 HpCISSs - ok
20:17:39.0199 1356 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:17:39.0275 1356 HSF_DPV - ok
20:17:39.0308 1356 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:17:39.0310 1356 HSXHWAZL - ok
20:17:39.0358 1356 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:17:39.0387 1356 HTTP - ok
20:17:39.0426 1356 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:17:39.0432 1356 i2omp - ok
20:17:39.0484 1356 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:17:39.0491 1356 i8042prt - ok
20:17:39.0538 1356 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:17:39.0560 1356 iaStorV - ok
20:17:39.0800 1356 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:17:40.0050 1356 igfx - ok
20:17:40.0183 1356 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:17:40.0189 1356 iirsp - ok
20:17:40.0294 1356 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
20:17:40.0302 1356 IntcHdmiAddService - ok
20:17:40.0373 1356 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:17:40.0379 1356 intelide - ok
20:17:40.0412 1356 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:17:40.0413 1356 intelppm - ok
20:17:40.0456 1356 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:40.0457 1356 IpFilterDriver - ok
20:17:40.0473 1356 IpInIp - ok
20:17:40.0828 1356 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:17:40.0837 1356 IPMIDRV - ok
20:17:40.0868 1356 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:17:40.0878 1356 IPNAT - ok
20:17:40.0909 1356 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:17:40.0914 1356 IRENUM - ok
20:17:40.0930 1356 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:17:40.0939 1356 isapnp - ok
20:17:40.0968 1356 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:17:40.0970 1356 iScsiPrt - ok
20:17:41.0002 1356 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:17:41.0009 1356 iteatapi - ok
20:17:41.0028 1356 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:17:41.0035 1356 iteraid - ok
20:17:41.0057 1356 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:41.0065 1356 kbdclass - ok
20:17:41.0089 1356 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:17:41.0094 1356 kbdhid - ok
20:17:41.0157 1356 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:17:41.0187 1356 KSecDD - ok
20:17:41.0252 1356 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:17:41.0253 1356 lltdio - ok
20:17:41.0292 1356 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:17:41.0300 1356 LSI_FC - ok
20:17:41.0344 1356 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:17:41.0352 1356 LSI_SAS - ok
20:17:41.0374 1356 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:17:41.0382 1356 LSI_SCSI - ok
20:17:41.0415 1356 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:17:41.0423 1356 luafv - ok
20:17:41.0615 1356 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:17:41.0620 1356 mdmxsdk - ok
20:17:41.0645 1356 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:17:41.0652 1356 megasas - ok
20:17:41.0714 1356 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:17:41.0742 1356 MegaSR - ok
20:17:41.0777 1356 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:17:41.0781 1356 Modem - ok
20:17:41.0813 1356 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:17:41.0814 1356 monitor - ok
20:17:41.0831 1356 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:17:41.0841 1356 mouclass - ok
20:17:41.0884 1356 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:17:41.0888 1356 mouhid - ok
20:17:41.0933 1356 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:17:41.0934 1356 MountMgr - ok
20:17:41.0968 1356 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:17:41.0969 1356 mpio - ok
20:17:42.0005 1356 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:17:42.0011 1356 mpsdrv - ok
20:17:42.0053 1356 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:17:42.0059 1356 Mraid35x - ok
20:17:42.0077 1356 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:17:42.0087 1356 MRxDAV - ok
20:17:42.0135 1356 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:42.0153 1356 mrxsmb - ok
20:17:42.0215 1356 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:42.0248 1356 mrxsmb10 - ok
20:17:42.0274 1356 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:42.0282 1356 mrxsmb20 - ok
20:17:42.0326 1356 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:17:42.0333 1356 msahci - ok
20:17:42.0358 1356 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:17:42.0359 1356 msdsm - ok
20:17:42.0390 1356 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:17:42.0394 1356 Msfs - ok
20:17:42.0435 1356 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:17:42.0440 1356 msisadrv - ok
20:17:42.0487 1356 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:17:42.0491 1356 MSKSSRV - ok
20:17:42.0527 1356 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:42.0531 1356 MSPCLOCK - ok
20:17:42.0555 1356 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:17:42.0560 1356 MSPQM - ok
20:17:42.0584 1356 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:17:42.0585 1356 MsRPC - ok
20:17:42.0621 1356 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:17:42.0622 1356 mssmbios - ok
20:17:42.0661 1356 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:17:42.0665 1356 MSTEE - ok
20:17:42.0692 1356 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:17:42.0698 1356 Mup - ok
20:17:42.0757 1356 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:17:42.0768 1356 NativeWifiP - ok
20:17:42.0826 1356 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:17:42.0832 1356 NDIS - ok
20:17:42.0860 1356 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:42.0866 1356 NdisTapi - ok
20:17:42.0893 1356 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:42.0898 1356 Ndisuio - ok
20:17:42.0930 1356 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:42.0939 1356 NdisWan - ok
20:17:42.0956 1356 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:17:42.0957 1356 NDProxy - ok
20:17:42.0985 1356 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:17:42.0986 1356 NetBIOS - ok
20:17:43.0012 1356 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:17:43.0024 1356 netbt - ok
20:17:43.0081 1356 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:17:43.0088 1356 nfrd960 - ok
20:17:43.0107 1356 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:17:43.0115 1356 Npfs - ok
20:17:43.0148 1356 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:17:43.0153 1356 nsiproxy - ok
20:17:43.0235 1356 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:17:43.0299 1356 Ntfs - ok
20:17:43.0323 1356 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:17:43.0333 1356 ntrigdigi - ok
20:17:43.0361 1356 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:17:43.0365 1356 Null - ok
20:17:43.0396 1356 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:17:43.0397 1356 nvraid - ok
20:17:43.0462 1356 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:17:43.0469 1356 nvstor - ok
20:17:43.0505 1356 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:17:43.0515 1356 nv_agp - ok
20:17:43.0528 1356 NwlnkFlt - ok
20:17:43.0544 1356 NwlnkFwd - ok
20:17:43.0582 1356 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:17:43.0592 1356 ohci1394 - ok
20:17:43.0637 1356 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:17:43.0644 1356 Parport - ok
20:17:43.0670 1356 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:17:43.0676 1356 partmgr - ok
20:17:43.0699 1356 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:17:43.0703 1356 Parvdm - ok
20:17:43.0734 1356 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:17:43.0735 1356 pci - ok
20:17:43.0784 1356 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:17:43.0789 1356 pciide - ok
20:17:43.0824 1356 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:17:43.0837 1356 pcmcia - ok
20:17:43.0895 1356 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:17:43.0932 1356 PEAUTH - ok
20:17:44.0000 1356 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:17:44.0008 1356 PptpMiniport - ok
20:17:44.0030 1356 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:17:44.0037 1356 Processor - ok
20:17:44.0090 1356 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:17:44.0097 1356 PSched - ok
20:17:44.0148 1356 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:17:44.0158 1356 PxHelp20 - ok
20:17:44.0213 1356 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:17:44.0247 1356 ql2300 - ok
20:17:44.0268 1356 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:17:44.0276 1356 ql40xx - ok
20:17:44.0308 1356 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:17:44.0309 1356 QWAVEdrv - ok
20:17:44.0326 1356 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:17:44.0335 1356 RasAcd - ok
20:17:44.0355 1356 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:44.0364 1356 Rasl2tp - ok
20:17:44.0382 1356 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:44.0389 1356 RasPppoe - ok
20:17:44.0414 1356 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:17:44.0420 1356 RasSstp - ok
20:17:44.0462 1356 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:17:44.0484 1356 rdbss - ok
20:17:44.0507 1356 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:44.0511 1356 RDPCDD - ok
20:17:44.0545 1356 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:17:44.0559 1356 rdpdr - ok
20:17:44.0574 1356 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:17:44.0578 1356 RDPENCDD - ok
20:17:44.0609 1356 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:17:44.0621 1356 RDPWD - ok
20:17:44.0668 1356 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:17:44.0675 1356 rspndr - ok
20:17:44.0705 1356 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:17:44.0713 1356 sbp2port - ok
20:17:44.0782 1356 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:17:44.0790 1356 sdbus - ok
20:17:44.0820 1356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:17:44.0825 1356 secdrv - ok
20:17:44.0852 1356 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:17:44.0856 1356 Serenum - ok
20:17:44.0878 1356 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:17:44.0886 1356 Serial - ok
20:17:44.0905 1356 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:17:44.0912 1356 sermouse - ok
20:17:44.0945 1356 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:17:44.0950 1356 sffdisk - ok
20:17:44.0970 1356 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:17:44.0976 1356 sffp_mmc - ok
20:17:44.0992 1356 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:17:44.0997 1356 sffp_sd - ok
20:17:45.0011 1356 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:17:45.0016 1356 sfloppy - ok
20:17:45.0043 1356 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:17:45.0050 1356 sisagp - ok
20:17:45.0076 1356 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:17:45.0083 1356 SiSRaid2 - ok
20:17:45.0110 1356 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:17:45.0119 1356 SiSRaid4 - ok
20:17:45.0156 1356 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:17:45.0168 1356 Smb - ok
20:17:45.0253 1356 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
20:17:45.0274 1356 smserial - ok
20:17:45.0326 1356 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:17:45.0332 1356 spldr - ok
20:17:45.0402 1356 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:17:45.0406 1356 srv - ok
20:17:45.0686 1356 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:17:45.0695 1356 srv2 - ok
20:17:45.0871 1356 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:17:45.0880 1356 srvnet - ok
20:17:45.0962 1356 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:17:46.0014 1356 ssmdrv - ok
20:17:46.0071 1356 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:17:46.0134 1356 swenum - ok
20:17:46.0166 1356 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:17:46.0176 1356 Symc8xx - ok
20:17:46.0239 1356 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:17:46.0259 1356 Sym_hi - ok
20:17:46.0299 1356 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:17:46.0305 1356 Sym_u3 - ok
20:17:46.0374 1356 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
20:17:46.0383 1356 SynTP - ok
20:17:46.0464 1356 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
20:17:46.0517 1356 Tcpip - ok
20:17:46.0548 1356 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
20:17:46.0556 1356 Tcpip6 - ok
20:17:46.0626 1356 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:17:46.0627 1356 tcpipreg - ok
20:17:46.0650 1356 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:17:46.0651 1356 TDPIPE - ok
20:17:46.0692 1356 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:17:46.0697 1356 TDTCP - ok
20:17:46.0733 1356 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:17:46.0740 1356 tdx - ok
20:17:46.0773 1356 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:17:46.0781 1356 TermDD - ok
20:17:46.0832 1356 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:46.0836 1356 tssecsrv - ok
20:17:46.0866 1356 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:17:46.0871 1356 tunmp - ok
20:17:46.0937 1356 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:17:46.0954 1356 tunnel - ok
20:17:46.0985 1356 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\Windows\system32\DRIVERS\tvtumon.sys
20:17:46.0991 1356 tvtumon - ok
20:17:47.0021 1356 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:17:47.0029 1356 uagp35 - ok
20:17:47.0062 1356 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:17:47.0065 1356 udfs - ok
20:17:47.0103 1356 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:17:47.0111 1356 uliagpkx - ok
20:17:47.0151 1356 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:17:47.0267 1356 uliahci - ok
20:17:47.0297 1356 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:17:47.0306 1356 UlSata - ok
20:17:47.0326 1356 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:17:47.0335 1356 ulsata2 - ok
20:17:47.0395 1356 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:17:47.0401 1356 umbus - ok
20:17:47.0437 1356 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:47.0444 1356 usbccgp - ok
20:17:47.0469 1356 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:17:47.0470 1356 usbcir - ok
20:17:47.0510 1356 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:17:47.0516 1356 usbehci - ok
20:17:47.0550 1356 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:17:47.0560 1356 usbhub - ok
20:17:47.0593 1356 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:17:47.0597 1356 usbohci - ok
20:17:47.0645 1356 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:17:47.0650 1356 usbprint - ok
20:17:47.0672 1356 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:17:47.0679 1356 usbscan - ok
20:17:47.0702 1356 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:47.0717 1356 USBSTOR - ok
20:17:47.0740 1356 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:17:47.0741 1356 usbuhci - ok
20:17:47.0802 1356 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:17:47.0810 1356 usbvideo - ok
20:17:47.0860 1356 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:47.0865 1356 vga - ok
20:17:47.0887 1356 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:17:47.0892 1356 VgaSave - ok
20:17:47.0913 1356 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:17:47.0922 1356 viaagp - ok
20:17:47.0950 1356 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:17:47.0961 1356 ViaC7 - ok
20:17:47.0992 1356 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:17:47.0999 1356 viaide - ok
20:17:48.0023 1356 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:17:48.0029 1356 volmgr - ok
20:17:48.0059 1356 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:17:48.0062 1356 volmgrx - ok
20:17:48.0086 1356 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:17:48.0103 1356 volsnap - ok
20:17:48.0131 1356 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:17:48.0142 1356 vsmraid - ok
20:17:48.0203 1356 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:17:48.0207 1356 WacomPen - ok
20:17:48.0230 1356 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:17:48.0237 1356 Wanarp - ok
20:17:48.0249 1356 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:17:48.0250 1356 Wanarpv6 - ok
20:17:48.0333 1356 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
20:17:48.0338 1356 wanatw - ok
20:17:48.0378 1356 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:17:48.0384 1356 Wd - ok
20:17:48.0418 1356 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:17:48.0450 1356 Wdf01000 - ok
20:17:48.0501 1356 Wdkbdmou (c7d64b97b0667f5a0e489b3f85ba02f2) C:\Windows\system32\DRIVERS\Wdkbdmou.sys
20:17:48.0504 1356 Wdkbdmou - ok
20:17:48.0543 1356 wdmirror (e4dc54e432e479a15c56de6cbc85a154) C:\Windows\system32\DRIVERS\WDMirror.sys
20:17:48.0548 1356 wdmirror - ok
20:17:48.0669 1356 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:17:48.0670 1356 WimFltr - ok
20:17:48.0779 1356 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:17:48.0789 1356 winachsf - ok
20:17:48.0871 1356 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:17:48.0897 1356 WmiAcpi - ok
20:17:48.0969 1356 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:17:49.0031 1356 ws2ifsl - ok
20:17:49.0111 1356 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\Windows\system32\drivers\WSVD.sys
20:17:49.0177 1356 WSVD - ok
20:17:49.0225 1356 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:49.0259 1356 WUDFRd - ok
20:17:49.0295 1356 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:17:49.0299 1356 XAudio - ok
20:17:49.0337 1356 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:17:49.0353 1356 \Device\Harddisk0\DR0 - ok
20:17:49.0358 1356 Boot (0x1200) (3b2ac9866d94bcb2113f21769b7f2a92) \Device\Harddisk0\DR0\Partition0
20:17:49.0359 1356 \Device\Harddisk0\DR0\Partition0 - ok
20:17:49.0401 1356 Boot (0x1200) (fd3080696bea1625ae94c8d827c35d8f) \Device\Harddisk0\DR0\Partition1
20:17:49.0402 1356 \Device\Harddisk0\DR0\Partition1 - ok
20:17:49.0403 1356 ============================================================
20:17:49.0403 1356 Scan finished
20:17:49.0403 1356 ============================================================
20:17:49.0421 3816 Detected object count: 0
20:17:49.0421 3816 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 10 January 2012 - 09:35 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 12 January 2012 - 09:59 PM

Thank you for the reply. I will try to send you the next log by tomorrow.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 PM

Posted 12 January 2012 - 10:20 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CammyK

CammyK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 January 2012 - 09:00 PM

Would it be possible for you to send me the link to run cfscript again? It's just showing up as plain text. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users