Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Rootkit & Google redirects me


  • This topic is locked This topic is locked
40 replies to this topic

#1 druman

druman

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 16 January 2012 - 07:26 PM

Hi guys! I'm having the same trouble as this post http://www.bleepingcomputer.com/forums/topic309347.html
What is happening is that my IE redirects my google to google.com/webhp. As I read the other post I had scan my sistem with GMER and this is my output:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-16 21:09:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-15
Running: zf6hzxug.exe; Driver: C:\Users\bds\AppData\Local\Temp\pwliapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 81A3F369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A78D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 76EA55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 76EA55D3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 1 Byte [28]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 76EA5C33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 76EA5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 76EA5CE3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 76EA5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 76EA5D93 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + 6 76EA5D9E 4 Bytes CALL 75EA64A4 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 76EA5DA3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DB3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 76EA5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 76EA5E13 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 76EA5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 76EA5E23 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E2E 4 Bytes CALL 75EA6535 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 76EA5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 76EA5F43 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + 6 76EA5FEE 4 Bytes CALL 75EA66F3 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 76EA5FF3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 76EA663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 76EA6643 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 76EA669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 76EA66A3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 1 Byte [68]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 76EA69C3 1 Byte [E2]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1936] kernel32.dll!SetUnhandledExceptionFilter 76FFF4FB 4 Bytes [C2, 04, 00, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtCreateFile + 6 76EA55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtCreateFile + B 76EA55D3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 1 Byte [28]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtMapViewOfSection + B 76EA5C33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenFile + 6 76EA5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenFile + B 76EA5CE3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcess + 6 76EA5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcess + B 76EA5D93 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessToken + 6 76EA5D9E 4 Bytes CALL 75EA64A4 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessToken + B 76EA5DA3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DB3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThread + 6 76EA5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThread + B 76EA5E13 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadToken + 6 76EA5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadToken + B 76EA5E23 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E2E 4 Bytes CALL 75EA6535 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryAttributesFile + 6 76EA5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryAttributesFile + B 76EA5F43 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryFullAttributesFile + 6 76EA5FEE 4 Bytes CALL 75EA66F3 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtQueryFullAttributesFile + B 76EA5FF3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationFile + 6 76EA663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationFile + B 76EA6643 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationThread + 6 76EA669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtSetInformationThread + B 76EA66A3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 1 Byte [68]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[2844] ntdll.dll!NtUnmapViewOfSection + B 76EA69C3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + 6 76EA55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + B 76EA55D3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 1 Byte [28]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + 6 76EA5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + B 76EA5C33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + 6 76EA5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + B 76EA5CE3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + 6 76EA5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + B 76EA5D93 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessToken + 6 76EA5D9E 4 Bytes CALL 75EA64A4 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessToken + B 76EA5DA3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + 6 76EA5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + B 76EA5DB3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + 6 76EA5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + B 76EA5E13 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + 6 76EA5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + B 76EA5E23 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadTokenEx + 6 76EA5E2E 4 Bytes CALL 75EA6535 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadTokenEx + B 76EA5E33 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + 6 76EA5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + B 76EA5F43 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryFullAttributesFile + 6 76EA5FEE 4 Bytes CALL 75EA66F3 C:\Windows\system32\SHELL32.dll (Archivo DLL común del shell de Windows/Microsoft Corporation)
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryFullAttributesFile + B 76EA5FF3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + 6 76EA663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + B 76EA6643 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + 6 76EA669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + B 76EA66A3 1 Byte [E2]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 1 Byte [68]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + 6 76EA69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + B 76EA69C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BB2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B95600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BB24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BA8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BA4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BA506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BA5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BA6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BA826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BA87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BA901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BAE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BA4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2516] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74EBFFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Administrador de filtros del sistema de archivos de Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----


I also did before a scan with Malwarebytes Anti-Malware and showed me that nothing happened. I dont want to touch anymore unless someone that knows about this stuff gives me hand.
Thanks!!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 20 January 2012 - 02:52 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 January 2012 - 09:08 PM

Hello and thank you for helping me with this problem. Also, I havent been with my pc for these two days so I couldnt read your message.
I didnt understand the way you want the reports (attach file o paste it on the topic) cause english isnt my language; so in order to make no trouble I will wait until you tell me this (I already have the .txt)

In general the problems i ve noted was that my internet speed and my processor speed are lower
Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 22 January 2012 - 09:15 PM

just like the Gmer scan above


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 January 2012 - 09:35 PM

Here is everything:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by bds at 22:51:36 on 2012-01-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.54.3082.18.2038.1119 [GMT -3:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\bds\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bds.edu.ar/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MonsterDivx: {cc39f8cf-d307-4688-885b-ade739b788e8} - c:\program files\masize\masize.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\bds\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [IDC_PDisplay] c:\program files\ideacom\tsc\IDC_PDisplay.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\bds\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 200.49.130.27 200.49.130.31 172.20.2.11
TCP: Interfaces\{A76D1A4C-D53A-4486-BE52-F149C7FD092D}\24443593 : DhcpNameServer = 192.168.0.20 192.168.0.10
TCP: Interfaces\{A76D1A4C-D53A-4486-BE52-F149C7FD092D}\75966496D2C4A5 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC52AC77-DE2B-4710-B7DF-FBA10D6B8004} : DhcpNameServer = 200.49.130.27 200.49.130.31 172.20.2.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bds\appdata\roaming\mozilla\firefox\profiles\275u8f1i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bds.edu.ar/
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\bds\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-11 95896]
R2 ETSCSERVICE;ETSCSERVICE Service;c:\program files\ideacom\tsc\ETSCSERVICE.exe [2010-4-30 233472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-15 652872]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet: NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-15 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 StorSvc;Servicio de almacenamiento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-15 1343400]
.
=============== Created Last 30 ================
.
2012-01-23 01:42:17 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d0dcf253-6b03-4239-92d7-739f4aa79922}\mpengine.dll
2012-01-23 01:36:32 -------- d-----w- c:\users\bds\appdata\local\{C77D9EDB-9D44-4F16-A66D-EA4BA3F19F52}
2012-01-23 01:36:09 -------- d-----w- c:\users\bds\appdata\local\{A28B9C08-E532-4545-8CE8-DCC640BF4A9B}
2012-01-19 18:35:14 -------- d-----w- c:\users\bds\appdata\local\{0042C12A-85D0-4176-AAAD-0C5C4C6F7719}
2012-01-19 18:34:54 -------- d-----w- c:\users\bds\appdata\local\{6FC8B56D-0737-4A31-BAB2-E6F21D97E9B5}
2012-01-18 18:27:01 -------- d-----w- c:\users\bds\appdata\local\{136B6547-6131-461E-A032-7F8A7A5E849F}
2012-01-18 18:26:44 -------- d-----w- c:\users\bds\appdata\local\{034D392C-BD24-4EBA-AA60-D8DD68458338}
2012-01-18 04:22:52 -------- d-----w- c:\users\bds\appdata\local\{111C8EF1-6DA1-4C02-AB32-15403B198FA9}
2012-01-18 04:22:31 -------- d-----w- c:\users\bds\appdata\local\{8209F136-2EE1-4386-908D-1AC97A6409E4}
2012-01-16 22:26:58 -------- d-----w- c:\users\bds\appdata\local\{16F8D82D-02B6-4387-B56E-795001D7E255}
2012-01-16 22:26:35 -------- d-----w- c:\users\bds\appdata\local\{1F9F1044-CD6F-4E10-BBD8-B56EA150B9F0}
2012-01-16 02:43:15 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 02:43:14 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-16 02:43:13 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-16 02:43:13 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 02:43:11 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 02:43:11 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 02:43:10 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-16 02:43:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-16 02:43:08 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 02:43:07 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-16 02:06:17 -------- d-----w- c:\users\bds\appdata\local\{CF94E478-19DB-4941-B2F4-4964AECDD6C3}
2012-01-16 02:06:03 -------- d-----w- c:\users\bds\appdata\local\{9896B793-DDE9-4EDF-BFDE-FA8930D2608F}
2012-01-16 01:59:12 6260088 ----a-w- c:\program files\common files\windows live\.cache\6f05e5101ccd3f207\Silverlight.4.0.exe
2012-01-16 01:49:11 -------- d-----w- c:\users\bds\appdata\local\{AC968138-F772-406A-B33F-D08E8FB9E500}
2012-01-16 01:27:46 -------- d-----r- c:\program files\Skype
2012-01-16 01:18:03 -------- d-----w- c:\users\bds\appdata\local\{8AF88754-5D6B-42FA-AC97-642446525583}
2012-01-16 01:17:36 -------- d-----w- c:\users\bds\appdata\local\{52F890B0-DFBB-4DA3-A329-FEED6654EF58}
2012-01-15 20:13:41 -------- d-----w- c:\users\bds\appdata\local\{FD43AD15-DFE1-4A34-9FE0-43B106D2EF9D}
2012-01-15 20:13:16 -------- d-----w- c:\users\bds\appdata\local\{E7A1B6CD-8DAB-40D4-BE8F-6C88D76BB562}
2012-01-15 14:17:35 -------- d-----w- c:\users\bds\appdata\local\{158CB67D-D6DA-4CD1-9E24-F85F7529D92C}
2012-01-15 14:17:02 -------- d-----w- c:\users\bds\appdata\local\{5E28DD48-D389-4056-8497-D56958D7D23C}
2012-01-15 14:14:08 -------- d-----w- c:\users\bds\appdata\local\{CB3886B8-1A49-4332-BC2B-B85643F3B693}
2012-01-15 14:12:23 -------- d-----w- c:\users\bds\appdata\local\{69E92184-281B-4D6F-B544-6B056B65702E}
2012-01-15 14:06:37 -------- d-----w- c:\users\bds\appdata\local\{6586AE20-C2B5-4812-A7C9-8BF3DB5F3484}
2012-01-15 14:06:11 -------- d-----w- c:\users\bds\appdata\local\{C7AEE8AC-5D7C-4536-977A-F2B6F94974FF}
2012-01-15 13:44:59 -------- d-----w- c:\users\bds\appdata\local\{E0968AEE-5D51-4987-9A62-F6EF063CA471}
2012-01-15 13:44:43 -------- d-----w- c:\users\bds\appdata\local\{BFF1FCF9-5DA2-4FA6-97F4-62DD35040739}
2012-01-15 03:43:25 -------- d-----w- c:\users\bds\appdata\local\{1D76C16B-7B81-4431-B80B-C63458FC7C80}
2012-01-15 03:42:43 -------- d-----w- c:\users\bds\appdata\local\{C6D9F2CF-503C-4D76-A8B5-767D453A3921}
2012-01-14 23:19:09 -------- d-----w- c:\users\bds\appdata\local\{4A4E396E-DCDA-4A1B-B28E-9ACE71D5A09C}
2012-01-14 23:18:54 -------- d-----w- c:\users\bds\appdata\local\{160B239B-0AD4-4D01-BED7-EBBCB0D51F72}
2012-01-14 21:49:57 -------- d-----w- c:\users\bds\appdata\local\Chromium
2012-01-14 21:34:59 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2012-01-14 20:22:06 -------- d-----w- c:\users\bds\appdata\local\{C43EA37B-675F-42E7-9681-EA64C2D9AE64}
2012-01-14 20:21:50 -------- d-----w- c:\users\bds\appdata\local\{56D031BF-4A03-48FF-87DB-9A35E68DE4ED}
2012-01-12 21:04:29 -------- d-----w- c:\program files\common files\Steam
2012-01-12 21:04:23 -------- d-----w- c:\program files\Steam
2012-01-12 18:47:39 -------- d-----w- c:\users\bds\appdata\local\{B91F8A15-1EBA-4ADD-ADCD-31AFF4B7A736}
2012-01-12 18:47:21 -------- d-----w- c:\users\bds\appdata\local\{6330F093-11F6-49E9-8376-8D9EE4B29531}
2012-01-12 03:03:21 -------- d-----w- c:\users\bds\appdata\local\{D126B0B0-7CC0-46B5-934A-582AC5B6931F}
2012-01-12 03:03:05 -------- d-----w- c:\users\bds\appdata\local\{6FFAB010-E836-4A93-9C7E-C7F14CBB247A}
2012-01-11 21:21:39 -------- d-----w- c:\users\bds\appdata\local\{01B04395-F8EC-48DE-87E0-33E43E32CC5A}
2012-01-11 21:21:24 -------- d-----w- c:\users\bds\appdata\local\{0E951713-E2F7-4E62-8ED1-9890EEA397EA}
2012-01-11 18:45:48 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:45:46 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:45:41 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:45:40 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:38:28 -------- d-----w- c:\users\bds\appdata\local\{09362A86-563C-4133-B252-88511A0E5351}
2012-01-11 18:38:03 -------- d-----w- c:\users\bds\appdata\local\{B60126CC-B820-4766-B48C-5B6695007AC4}
2012-01-11 01:45:39 -------- d-----w- c:\users\bds\appdata\local\{10C7F02B-72DC-4A7E-A712-C911D40F9F2F}
2012-01-11 01:45:24 -------- d-----w- c:\users\bds\appdata\local\{030D3710-72D6-40A6-88C2-4E9FF0C3D9F0}
2012-01-10 12:38:26 -------- d-----w- c:\users\bds\appdata\local\{9C363517-CD95-4D90-B638-C1AF71B082FA}
2012-01-10 12:38:01 -------- d-----w- c:\users\bds\appdata\local\{3E3492B7-E22B-49F8-8ADC-568F98C369E7}
2012-01-10 03:10:13 -------- d-----w- c:\users\bds\appdata\local\{1C01971F-747E-47B1-965C-7D5A3F6EA553}
2012-01-10 03:09:50 -------- d-----w- c:\users\bds\appdata\local\{6B40118C-9AE1-4F14-A114-E607E2D401DE}
2012-01-09 20:25:15 -------- d-----w- c:\users\bds\appdata\local\{4B32B902-FF87-44EB-B2C5-DF3C8E239BA5}
2012-01-09 20:24:58 -------- d-----w- c:\users\bds\appdata\local\{83C913AB-A3EB-473A-9C83-1EE78D1237C1}
2012-01-09 19:12:51 -------- d-----w- c:\users\bds\appdata\local\{EEA236FD-ED29-4B69-81A5-2AF27E2ADB89}
2012-01-09 19:12:36 -------- d-----w- c:\users\bds\appdata\local\{8DA7F341-BC2C-4EB6-B656-6EB66E5502AA}
2012-01-09 18:29:35 -------- d-----w- c:\users\bds\appdata\local\{9713D0CE-1B47-4F03-92ED-475C1033315D}
2012-01-09 18:29:15 -------- d-----w- c:\users\bds\appdata\local\{60A4E801-0CC7-4731-B0FF-F525D1FC3D6B}
2012-01-09 14:50:41 -------- d-----w- c:\users\bds\appdata\local\{8D019840-C317-4651-B038-53DF2ABACED5}
2012-01-09 14:50:25 -------- d-----w- c:\users\bds\appdata\local\{47A07E4A-6AC6-4695-A8CE-65FEC23BEC1A}
2012-01-08 21:44:16 -------- d-----w- c:\users\bds\appdata\local\{C97ECA70-8B4F-400A-93C9-6949A21FA230}
2012-01-08 21:43:57 -------- d-----w- c:\users\bds\appdata\local\{3E8F376C-A2E0-4253-B196-D932EDE1C2D1}
2012-01-08 13:21:55 -------- d-----w- c:\users\bds\appdata\local\{30DBC155-9CF7-4C21-81F2-507EDBDE3864}
2012-01-08 13:21:36 -------- d-----w- c:\users\bds\appdata\local\{DAC4C587-BDE7-4D6C-96CB-62DC8939147D}
2012-01-07 23:55:22 -------- d-----w- c:\users\bds\appdata\local\{07A13F6E-80AA-4D76-8291-19566379A33C}
2012-01-07 23:54:55 -------- d-----w- c:\users\bds\appdata\local\{CD153A2D-F8D7-4739-9669-C2892AA555C3}
2012-01-07 14:30:27 -------- d-----w- c:\users\bds\appdata\local\{88FA5995-DBD8-45A0-A993-37B74E2F3A53}
2012-01-07 14:30:08 -------- d-----w- c:\users\bds\appdata\local\{A981F65C-9380-4C5E-8538-3343FB71B74E}
2012-01-07 12:09:18 -------- d-----w- c:\users\bds\appdata\local\{5E13F4EF-BB72-4CC3-A597-112C4640C077}
2012-01-07 12:08:50 -------- d-----w- c:\users\bds\appdata\local\{DB5E44DD-6551-4E6F-BECE-C65060FC767F}
2012-01-07 03:10:25 -------- d-----w- c:\users\bds\appdata\local\{645817BC-B7A5-4CE9-B640-5D3879774A5F}
2012-01-07 03:10:06 -------- d-----w- c:\users\bds\appdata\local\{FA6D6DDD-AB07-4515-B995-AD86B5A4A8C0}
2012-01-06 20:30:18 -------- d-----w- c:\users\bds\appdata\local\{C5F56548-A5CC-4E4F-B4BA-66C35C528589}
2012-01-06 20:30:00 -------- d-----w- c:\users\bds\appdata\local\{84C36230-8610-47E2-8D6D-F05DD596CF2E}
2012-01-06 12:57:52 -------- d-----w- c:\users\bds\appdata\local\{4DDE97E4-CF87-4212-88EE-EF011EC15BEA}
2012-01-06 12:57:36 -------- d-----w- c:\users\bds\appdata\local\{5F9EAF2F-EEAC-44FB-9BFB-DAF7716DB35E}
2012-01-06 00:30:01 -------- d-----w- c:\users\bds\appdata\local\{CED68000-AAF1-46A7-92A5-BA0B4025E42F}
2012-01-06 00:29:42 -------- d-----w- c:\users\bds\appdata\local\{0CD580AE-6BD8-4FEF-9250-5BE78DDB8EB5}
2012-01-05 19:58:53 -------- d-----w- c:\users\bds\appdata\local\{90992784-D694-4E9B-A8FC-97F6FDDEC90F}
2012-01-05 19:58:28 -------- d-----w- c:\users\bds\appdata\local\{AE1BBAE3-34DC-4456-AC54-1CECEE8FE184}
2012-01-05 12:07:22 -------- d-----w- c:\users\bds\appdata\local\{78D0D6A8-C53E-46C2-B7A0-3F789BD98F1D}
2012-01-05 12:07:05 -------- d-----w- c:\users\bds\appdata\local\{E186B06B-8E9D-4FDE-9C0A-879A9098BA9B}
2012-01-04 20:22:02 -------- d-----w- c:\users\bds\appdata\local\{EB89DED4-4F99-40F8-B04A-15187ABE49DE}
2012-01-04 20:21:41 -------- d-----w- c:\users\bds\appdata\local\{C7053A86-C3DA-47BB-8E9F-8B53A3A200FA}
2012-01-04 11:48:30 -------- d-----w- c:\users\bds\appdata\local\{834D378D-6CF2-4122-99AA-6D08381C5A3C}
2012-01-04 11:48:13 -------- d-----w- c:\users\bds\appdata\local\{FD474C87-59C5-42F2-943B-4B3A6AA2B207}
2012-01-03 21:56:30 -------- d-----w- c:\users\bds\appdata\local\{F3AE26BF-7FE7-4909-A22F-EC7D35A2AFA6}
2012-01-03 21:56:04 -------- d-----w- c:\users\bds\appdata\local\{B7AA0C4A-61BF-48C0-B775-7AD8084C9AE2}
2012-01-03 18:44:20 -------- d-----w- c:\users\bds\appdata\local\{98D1CFAE-2B8C-463F-BB4C-FE0678AD0599}
2012-01-03 18:44:02 -------- d-----w- c:\users\bds\appdata\local\{8143670B-15E4-4579-AA35-9C5B14891BD2}
2012-01-03 13:48:15 -------- d-----w- c:\users\bds\appdata\local\{70C0DA0F-090D-4C7C-9B4F-83D3101A21A4}
2012-01-03 13:47:58 -------- d-----w- c:\users\bds\appdata\local\{AFAF6C6D-D39A-4C45-89E0-60AB668AB1D4}
2012-01-03 00:56:27 -------- d-----w- c:\users\bds\appdata\local\{80C6E115-F7CA-498F-A607-72BBF3232B40}
2012-01-03 00:56:12 -------- d-----w- c:\users\bds\appdata\local\{17DD0BA2-C1B0-4EF1-8B01-A4999C68DC5C}
2012-01-02 15:43:52 -------- d-----w- c:\users\bds\appdata\local\{6F048F1F-C3AB-4E86-9C10-26836C199EE3}
2012-01-02 15:43:36 -------- d-----w- c:\users\bds\appdata\local\{53C48A8C-D61B-40C5-A8E1-07C5B3590CAD}
2012-01-01 21:40:39 -------- d-----w- c:\users\bds\appdata\local\{C4D91B57-8D3A-4F8A-8DC4-859E7C4F6593}
2012-01-01 21:40:24 -------- d-----w- c:\users\bds\appdata\local\{2A8C660F-B49F-4773-A6D8-AAA40A72C2A8}
2012-01-01 14:18:14 -------- d-----w- c:\users\bds\appdata\local\{D7F216A4-0174-4675-9070-6FEE987DACF1}
2012-01-01 14:17:46 -------- d-----w- c:\users\bds\appdata\local\{4C843229-6344-4E8D-953E-BA55FD031921}
2012-01-01 12:46:18 -------- d-----w- c:\users\bds\appdata\local\{3A398D2F-6E4C-4AA2-B0B3-0379E7137D6E}
2012-01-01 12:45:47 -------- d-----w- c:\users\bds\appdata\local\{4CB72959-056F-4048-95E1-9BB70DE67EE1}
2012-01-01 05:19:16 -------- d-----w- C:\Philips
2012-01-01 04:14:36 -------- d-----w- c:\users\bds\appdata\local\{BCDBB179-EB36-41EF-A324-E6ACDB8E812A}
2012-01-01 04:14:19 -------- d-----w- c:\users\bds\appdata\local\{90FBDF86-E949-4627-B7E2-811452234953}
2011-12-31 15:54:53 -------- d-----w- c:\users\bds\appdata\local\{DC52B677-6584-4338-AE8C-A4DAA48383C9}
2011-12-31 15:54:36 -------- d-----w- c:\users\bds\appdata\local\{141DB559-57BA-47EA-AF7A-91DE71DD0B83}
2011-12-31 12:03:59 -------- d-----w- c:\users\bds\appdata\local\{C6B0B5F4-5E70-4DAB-977B-CE74DF75C417}
2011-12-31 12:03:40 -------- d-----w- c:\users\bds\appdata\local\{B45486F1-7B88-4161-A9F2-B350F26B3F70}
2011-12-30 23:54:21 -------- d-----w- c:\users\bds\appdata\local\{D30084BB-62A8-42B7-ACAB-8AD10F771515}
2011-12-30 23:54:05 -------- d-----w- c:\users\bds\appdata\local\{6DD811EA-4666-499F-8514-48CB9223879E}
2011-12-30 21:53:54 -------- d-----w- c:\users\bds\appdata\local\{DDE69EEF-7848-42B0-8A07-0AF48BFF9F2E}
2011-12-30 21:53:37 -------- d-----w- c:\users\bds\appdata\local\{E85FDC46-FEC7-4DD0-B0D6-0F0C952C91F2}
2011-12-30 15:59:19 -------- d-----w- c:\users\bds\appdata\local\{0F27CF86-0B20-425B-B095-E8E900DE6C0D}
2011-12-30 00:22:57 -------- d-----w- c:\users\bds\appdata\local\{DCB4B0D2-60B9-4415-AF6C-8DD9AC3E34F2}
2011-12-29 20:20:36 -------- d-----w- c:\users\bds\appdata\local\{12F0DA07-B037-4592-97AB-DD69A7A935B2}
2011-12-29 20:20:19 -------- d-----w- c:\users\bds\appdata\local\{495421C7-CFE4-4F01-B2DD-110B53A6AB51}
2011-12-29 19:19:19 -------- d-----w- c:\users\bds\appdata\local\{AC2EEE1B-6031-483C-80F2-FC5BBC73509D}
2011-12-29 19:19:03 -------- d-----w- c:\users\bds\appdata\local\{A9A14C99-DA65-43F6-B904-868F185CD502}
2011-12-29 18:45:15 -------- d-----w- c:\users\bds\appdata\local\{B21D1F31-AB0B-46F6-BE66-225F899B8510}
2011-12-29 18:44:55 -------- d-----w- c:\users\bds\appdata\local\{D65B970A-B496-4448-8CD2-E6F4A32259E5}
2011-12-29 12:32:31 -------- d-----w- c:\users\bds\appdata\local\{C7E5B987-A178-4F50-8E5B-DE6E9A533943}
2011-12-29 12:32:09 -------- d-----w- c:\users\bds\appdata\local\{0597701E-0363-4DD9-9498-0F694176C61B}
2011-12-29 06:38:49 -------- d-----w- c:\users\bds\appdata\local\{0DBF66E0-2AFF-4146-9BA7-A9A51A0C384E}
2011-12-29 06:38:32 -------- d-----w- c:\users\bds\appdata\local\{AAB12394-B485-4536-8EC8-461DCFFB9EE4}
2011-12-29 01:26:02 -------- d-----w- c:\users\bds\appdata\local\{672E7AB0-160F-474F-86FD-4344F70A06BE}
2011-12-29 01:25:37 -------- d-----w- c:\users\bds\appdata\local\{F6E7D7BA-374A-44E8-92AA-3DB8E19EA491}
2011-12-28 18:48:10 -------- d-----w- c:\users\bds\appdata\local\{FE13C6E5-009D-428A-A22D-40674F0A5149}
2011-12-28 18:47:47 -------- d-----w- c:\users\bds\appdata\local\{378255F9-43B4-4D21-B8DA-61C738A50368}
2011-12-28 13:04:59 -------- d-----w- c:\users\bds\appdata\local\{F6BBD239-903C-47BB-9549-59A6BB1CA8D4}
2011-12-28 13:04:39 -------- d-----w- c:\users\bds\appdata\local\{29B90634-D14B-4271-AB05-11C4372BFAAD}
2011-12-27 11:27:19 -------- d-----w- c:\users\bds\appdata\local\{B54B7E36-A746-4716-AA36-AE7364960BB5}
2011-12-27 11:27:01 -------- d-----w- c:\users\bds\appdata\local\{0869ECDE-CF69-485F-B276-D82E459FC801}
2011-12-26 16:12:15 -------- d-----w- c:\users\bds\appdata\local\{F454651A-22D3-4BB6-936E-586982821295}
2011-12-26 16:11:59 -------- d-----w- c:\users\bds\appdata\local\{11E97117-2EE0-4ED0-9491-49032399B7C4}
2011-12-26 12:28:02 -------- d-----w- c:\users\bds\appdata\local\{8B2060B0-8ADF-4DAF-8E35-961576B84DFD}
2011-12-26 12:27:48 -------- d-----w- c:\users\bds\appdata\local\{E83CDD35-B0F3-45DA-8209-033FE75DC320}
2011-12-26 05:05:24 -------- d-----w- c:\users\bds\appdata\local\{B545BF51-D959-485A-9118-F43E2B08C7E7}
2011-12-26 05:05:07 -------- d-----w- c:\users\bds\appdata\local\{F4B875C3-4854-4347-83CC-24DEA8DADB0F}
2011-12-25 21:31:15 -------- d-----w- c:\users\bds\appdata\local\{F0DDFEEC-0CE8-4CD8-8AF1-3D7318C8C3A3}
2011-12-25 21:31:00 -------- d-----w- c:\users\bds\appdata\local\{5328F926-8D7C-41E9-B3E2-EFFD4B949AAD}
2011-12-25 15:38:21 -------- d-----w- c:\users\bds\appdata\local\{83581708-9FF2-4BE2-83C9-EC73E1C8454B}
2011-12-25 15:38:04 -------- d-----w- c:\users\bds\appdata\local\{044B793C-86F7-4B74-9815-5BCBEF8B74A1}
2011-12-24 13:52:43 -------- d-----w- c:\users\bds\appdata\local\{F9F98971-0999-4B0C-8AB9-393A12AF3C15}
2011-12-24 13:52:15 -------- d-----w- c:\users\bds\appdata\local\{922F69AD-15A8-45B5-83D4-E50A650A8CCC}
2011-12-24 03:09:45 -------- d-----w- c:\users\bds\appdata\local\{39CFA830-3738-495C-B910-266623207A19}
2011-12-24 03:09:26 -------- d-----w- c:\users\bds\appdata\local\{98DF54B9-42DC-4526-AC2B-459ED3A3E68A}
.
==================== Find3M ====================
.
2011-12-10 18:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 22:19:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 17:35:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 17:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 22:47:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 22:54:18,07 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/04/2010 12:50:02 p.m.
System Uptime: 22/01/2012 10:35:18 p.m. (0 hours ago)
.
Motherboard: Dell Inc. | | 0W785N
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | Microprocessor | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 147 GiB total, 112,865 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP206: 03/01/2012 10:52:57 a.m. - Windows Update
RP207: 10/01/2012 09:43:10 a.m. - Windows Update
RP208: 11/01/2012 08:20:15 p.m. - Windows Update
RP209: 12/01/2012 06:03:19 p.m. - Instalado Steam
RP211: 14/01/2012 06:33:33 p.m. - Se ha instalado DirectX
RP212: 15/01/2012 10:47:53 a.m. - CheckIfInstallerIsBusy
RP214: 15/01/2012 10:52:05 a.m. - Windows Live Essentials
RP216: 15/01/2012 10:46:12 p.m. - Windows Live Essentials
RP217: 15/01/2012 10:47:29 p.m. - WLSetup
RP218: 15/01/2012 10:55:37 p.m. - CheckIfInstallerIsBusy
RP220: 15/01/2012 10:58:05 p.m. - Windows Live Essentials
RP221: 15/01/2012 11:01:38 p.m. - WLSetup
RP222: 16/01/2012 01:24:39 a.m. - Windows Update
RP223: 22/01/2012 10:41:14 p.m. - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1 - Español
BufferChm
CCleaner
Compresor WinRAR
Copy
D3DX10
Dell Resource CD
Destinations
DeviceDiscovery
DJ_AIO_03_F4200_Software_Min
DjVuLibre+DjView
ESET NOD32 Antivirus
F4200
Football Manager 2012 Demo
Google Chrome
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IdeaCom TSC 2.6.0.5.18
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 29
Malwarebytes Anti-Malware versión 1.60.0.1800
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ESN Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Monster Divx 1.0
Mozilla Firefox (3.6.24)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
SA23xx Device Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2478663)
Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2518870)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Status
Steam
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VLC media player 1.0.2
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
22/01/2012 10:35:57 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
19/01/2012 07:27:37 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
19/01/2012 03:34:45 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
18/01/2012 11:03:15 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
18/01/2012 06:36:55 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
18/01/2012 03:43:56 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
18/01/2012 03:26:33 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
18/01/2012 01:22:17 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
16/01/2012 10:39:38 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
16/01/2012 07:26:23 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 12:42:29 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 11:16:45 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 11:14:00 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 11:13:43 a.m., Error: Service Control Manager [7000] - El servicio epfwwfpr no pudo iniciarse debido al siguiente error: No hay más extremos disponibles desde el asignador de extremos.
15/01/2012 11:13:39 a.m., Error: Service Control Manager [7001] - El servicio Programador de tareas depende del servicio Registro de eventos de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
15/01/2012 11:12:13 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 11:11:57 a.m., Error: Service Control Manager [7000] - El servicio epfwwfpr no pudo iniciarse debido al siguiente error: No hay más extremos disponibles desde el asignador de extremos.
15/01/2012 11:11:53 a.m., Error: Service Control Manager [7001] - El servicio Programador de tareas depende del servicio Registro de eventos de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
15/01/2012 11:10:48 a.m., Error: Service Control Manager [7006] - Error en la llamada ScRegSetValueExW para Start con el error siguiente: Acceso denegado.
15/01/2012 11:05:59 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 11:03:45 a.m., Error: Service Control Manager [7001] - El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.
15/01/2012 11:01:53 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}
15/01/2012 11:01:53 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/01/2012 11:01:49 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/01/2012 11:01:38 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom discache ehdrv spldr Wanarpv6
15/01/2012 11:01:38 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}
15/01/2012 10:57:08 a.m., Error: Service Control Manager [7034] - El servicio MBAMService se terminó de manera inesperada. Esto ha sucedido 1 veces.
15/01/2012 10:54:30 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 10:43:53 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 06:01:55 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
15/01/2012 05:12:59 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom
15/01/2012 01:35:58 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Wlansvc.
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 22 January 2012 - 09:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 January 2012 - 10:34 PM

ok, here is the combofix scan.
Google search continues redirecting me to that fake google and the only change that Ive seen on my pc was that after the log was created, I tried to open Chrome and Firefox, and told me that those programmes didnt exists!! I rebooted the pc and now everyting is fine
Im suprised that every scan I did shows me that nothing bad is hapenning here (as far as I know hehe)
Ill be waitien for the next steps
Thanks!


ComboFix 12-01-23.01 - bds 22/01/2012 23:53:56.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.54.3082.18.2038.1199 [GMT -3:00]
Running from: c:\users\bds\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 03:11 . 2012-01-23 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-23 02:56 . 2012-01-23 02:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0DCF253-6B03-4239-92D7-739F4AA79922}\offreg.dll
2012-01-23 01:42 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0DCF253-6B03-4239-92D7-739F4AA79922}\mpengine.dll
2012-01-16 02:43 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 02:43 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-16 02:43 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-16 02:43 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 02:43 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 02:43 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 02:43 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-16 02:43 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-16 02:43 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 02:43 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-16 02:02 . 2012-01-16 02:04 -------- d-----w- c:\program files\Windows Live
2012-01-16 01:59 . 2012-01-16 01:59 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\6f05e5101ccd3f207\Silverlight.4.0.exe
2012-01-16 01:28 . 2012-01-17 01:03 -------- d-----w- c:\users\bds\AppData\Roaming\Skype
2012-01-16 01:27 . 2012-01-16 01:30 -------- d-----r- c:\program files\Skype
2012-01-16 01:27 . 2012-01-16 01:27 -------- d-----w- c:\programdata\Skype
2012-01-14 21:49 . 2012-01-14 21:49 -------- d-----w- c:\users\bds\AppData\Local\Chromium
2012-01-14 21:34 . 2007-03-12 19:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2012-01-12 21:04 . 2012-01-14 20:21 -------- d-----w- c:\program files\Common Files\Steam
2012-01-12 21:04 . 2012-01-23 01:35 -------- d-----w- c:\program files\Steam
2012-01-11 18:45 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:45 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:45 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:45 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-01 05:19 . 2012-01-01 05:19 -------- d-----w- C:\Philips
2012-01-01 05:19 . 2012-01-01 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-01-01 05:18 . 2012-01-01 05:18 -------- d-----w- c:\users\bds\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 02:01 . 2011-03-28 21:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 18:24 . 2010-07-15 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 22:19 . 2010-04-30 16:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 04:25 . 2011-12-14 19:10 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 17:35 . 2011-06-21 03:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 17:29 . 2010-04-30 16:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 22:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-05 04:35 . 2011-12-14 19:11 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-14 19:10 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-14 19:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47 . 2011-12-14 19:09 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:47 . 2011-12-14 19:09 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:28 . 2011-12-14 19:10 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC39F8CF-D307-4688-885B-ADE739B788E8}]
2011-08-06 21:07 119296 ----a-w- c:\program files\Masize\masize.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-01-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"IDC_PDisplay"="c:\program files\IdeaCom\TSC\IDC_PDisplay.exe" [2009-05-06 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\bds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UNDPX2K;UNDPX2K;c:\windows\system32\drivers\UNDPX2K.SYS [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
S2 ETSCSERVICE;ETSCSERVICE Service;c:\program files\IdeaCom\TSC\ETSCSERVICE.exe [2009-06-02 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209624259-3720360530-3430748174-1000Core.job
- c:\users\bds\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 11:57]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209624259-3720360530-3430748174-1000UA.job
- c:\users\bds\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 11:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bds.edu.ar/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.49.130.27 200.49.130.31 172.20.2.11
FF - ProfilePath - c:\users\bds\AppData\Roaming\Mozilla\Firefox\Profiles\275u8f1i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bds.edu.ar/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-23 00:18:25
ComboFix-quarantined-files.txt 2012-01-23 03:18
.
Pre-Run: 122.237.575.168 bytes libres
Post-Run: 122.187.501.568 bytes libres
.
- - End Of File - - 3BDE1A5D4AA76FC5D558163193A9893D

#8 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 January 2012 - 10:51 PM

Ive tried to open a few videos online and I realized that my speed is lower than before starting the first step ( using DDS and that)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 22 January 2012 - 11:31 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 January 2012 - 04:41 PM

18:40:08.0684 3956 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:40:09.0892 3956 ============================================================
18:40:09.0892 3956 Current date / time: 2012/01/23 18:40:09.0892
18:40:09.0892 3956 SystemInfo:
18:40:09.0892 3956
18:40:09.0892 3956 OS Version: 6.1.7601 ServicePack: 1.0
18:40:09.0892 3956 Product type: Workstation
18:40:09.0892 3956 ComputerName: BDS-DELL04
18:40:09.0892 3956 UserName: bds
18:40:09.0892 3956 Windows directory: C:\Windows
18:40:09.0892 3956 System windows directory: C:\Windows
18:40:09.0892 3956 Processor architecture: Intel x86
18:40:09.0892 3956 Number of processors: 2
18:40:09.0892 3956 Page size: 0x1000
18:40:09.0892 3956 Boot type: Normal boot
18:40:09.0892 3956 ============================================================
18:40:14.0557 3956 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:40:14.0603 3956 Initialize success
18:40:17.0021 2276 ============================================================
18:40:17.0021 2276 Scan started
18:40:17.0021 2276 Mode: Manual;
18:40:17.0021 2276 ============================================================
18:40:19.0502 2276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:40:19.0517 2276 1394ohci - ok
18:40:19.0595 2276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:40:19.0595 2276 ACPI - ok
18:40:19.0658 2276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:40:19.0767 2276 AcpiPmi - ok
18:40:19.0861 2276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:40:20.0110 2276 adp94xx - ok
18:40:20.0157 2276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:40:20.0251 2276 adpahci - ok
18:40:20.0297 2276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:40:20.0375 2276 adpu320 - ok
18:40:20.0531 2276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:40:20.0547 2276 AFD - ok
18:40:20.0609 2276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:40:20.0609 2276 agp440 - ok
18:40:20.0672 2276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:40:20.0672 2276 aic78xx - ok
18:40:20.0765 2276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:40:20.0765 2276 aliide - ok
18:40:20.0797 2276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:40:20.0812 2276 amdagp - ok
18:40:20.0843 2276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:40:20.0843 2276 amdide - ok
18:40:20.0921 2276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:40:20.0921 2276 AmdK8 - ok
18:40:20.0968 2276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:40:20.0984 2276 AmdPPM - ok
18:40:21.0062 2276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:40:21.0062 2276 amdsata - ok
18:40:21.0140 2276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:40:21.0140 2276 amdsbs - ok
18:40:21.0187 2276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:40:21.0327 2276 amdxata - ok
18:40:21.0389 2276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:40:21.0405 2276 AppID - ok
18:40:21.0514 2276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:40:21.0514 2276 arc - ok
18:40:21.0561 2276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:40:21.0561 2276 arcsas - ok
18:40:21.0623 2276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:40:21.0623 2276 AsyncMac - ok
18:40:21.0717 2276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:40:21.0717 2276 atapi - ok
18:40:21.0826 2276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:40:21.0842 2276 b06bdrv - ok
18:40:21.0904 2276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:40:22.0123 2276 b57nd60x - ok
18:40:22.0279 2276 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:40:22.0310 2276 BCM43XX - ok
18:40:22.0388 2276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:40:22.0466 2276 Beep - ok
18:40:22.0544 2276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:40:22.0653 2276 blbdrive - ok
18:40:22.0731 2276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:40:22.0856 2276 bowser - ok
18:40:22.0887 2276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:40:22.0887 2276 BrFiltLo - ok
18:40:22.0934 2276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:40:22.0949 2276 BrFiltUp - ok
18:40:23.0027 2276 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:40:23.0293 2276 BridgeMP - ok
18:40:23.0589 2276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:40:23.0605 2276 Brserid - ok
18:40:23.0651 2276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:40:23.0651 2276 BrSerWdm - ok
18:40:23.0698 2276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:40:23.0698 2276 BrUsbMdm - ok
18:40:23.0776 2276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:40:23.0792 2276 BrUsbSer - ok
18:40:23.0839 2276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:40:23.0839 2276 BTHMODEM - ok
18:40:23.0995 2276 catchme - ok
18:40:24.0057 2276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:40:24.0166 2276 cdfs - ok
18:40:24.0244 2276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:40:24.0260 2276 cdrom - ok
18:40:24.0307 2276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:40:24.0322 2276 circlass - ok
18:40:24.0385 2276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:40:24.0400 2276 CLFS - ok
18:40:24.0494 2276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:40:24.0572 2276 CmBatt - ok
18:40:24.0634 2276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:40:24.0728 2276 cmdide - ok
18:40:24.0806 2276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:40:24.0821 2276 CNG - ok
18:40:24.0899 2276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:40:24.0962 2276 Compbatt - ok
18:40:25.0024 2276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:40:25.0040 2276 CompositeBus - ok
18:40:25.0118 2276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:40:25.0211 2276 crcdisk - ok
18:40:25.0367 2276 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:40:25.0477 2276 CSC - ok
18:40:25.0617 2276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:40:25.0695 2276 DfsC - ok
18:40:25.0757 2276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:40:25.0757 2276 discache - ok
18:40:25.0820 2276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:40:25.0898 2276 Disk - ok
18:40:26.0007 2276 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
18:40:26.0116 2276 Dot4 - ok
18:40:26.0194 2276 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
18:40:26.0397 2276 Dot4Print - ok
18:40:26.0444 2276 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
18:40:26.0584 2276 dot4usb - ok
18:40:26.0647 2276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:40:26.0740 2276 drmkaud - ok
18:40:26.0865 2276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:40:27.0458 2276 DXGKrnl - ok
18:40:27.0551 2276 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
18:40:27.0926 2276 eamon - ok
18:40:28.0253 2276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:40:28.0425 2276 ebdrv - ok
18:40:28.0565 2276 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
18:40:28.0643 2276 ehdrv - ok
18:40:28.0784 2276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:40:29.0002 2276 elxstor - ok
18:40:29.0065 2276 epfwwfpr (edce64430652f6a0bbccc348e2713fc3) C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:40:29.0080 2276 epfwwfpr - ok
18:40:29.0143 2276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:40:29.0236 2276 ErrDev - ok
18:40:29.0330 2276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:40:29.0408 2276 exfat - ok
18:40:29.0470 2276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:40:29.0564 2276 fastfat - ok
18:40:29.0626 2276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:40:29.0813 2276 fdc - ok
18:40:29.0876 2276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:40:29.0969 2276 FileInfo - ok
18:40:30.0001 2276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:40:30.0094 2276 Filetrace - ok
18:40:30.0110 2276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:40:30.0203 2276 flpydisk - ok
18:40:30.0250 2276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:40:30.0375 2276 FltMgr - ok
18:40:30.0437 2276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:40:30.0562 2276 FsDepends - ok
18:40:30.0593 2276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:40:30.0671 2276 Fs_Rec - ok
18:40:30.0749 2276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:40:30.0765 2276 fvevol - ok
18:40:30.0812 2276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:40:30.0890 2276 gagp30kx - ok
18:40:30.0952 2276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:40:30.0952 2276 hcw85cir - ok
18:40:31.0061 2276 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:40:31.0077 2276 HdAudAddService - ok
18:40:31.0124 2276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:40:31.0124 2276 HDAudBus - ok
18:40:31.0171 2276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:40:31.0233 2276 HidBatt - ok
18:40:31.0280 2276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:40:31.0280 2276 HidBth - ok
18:40:31.0327 2276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:40:31.0342 2276 HidIr - ok
18:40:31.0405 2276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:40:31.0405 2276 HidUsb - ok
18:40:31.0592 2276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:40:31.0592 2276 HpSAMD - ok
18:40:31.0701 2276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:40:31.0717 2276 HTTP - ok
18:40:31.0779 2276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:40:31.0779 2276 hwpolicy - ok
18:40:31.0857 2276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:40:31.0857 2276 i8042prt - ok
18:40:31.0935 2276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:40:31.0951 2276 iaStorV - ok
18:40:32.0185 2276 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:40:32.0403 2276 igfx - ok
18:40:32.0559 2276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:40:32.0621 2276 iirsp - ok
18:40:32.0731 2276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:40:32.0793 2276 intelide - ok
18:40:32.0840 2276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:40:32.0840 2276 intelppm - ok
18:40:32.0918 2276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:40:33.0027 2276 IpFilterDriver - ok
18:40:33.0105 2276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:40:33.0183 2276 IPMIDRV - ok
18:40:33.0230 2276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:40:33.0448 2276 IPNAT - ok
18:40:33.0495 2276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:40:33.0589 2276 IRENUM - ok
18:40:33.0635 2276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:40:33.0776 2276 isapnp - ok
18:40:33.0823 2276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:40:33.0994 2276 iScsiPrt - ok
18:40:34.0041 2276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:40:34.0119 2276 kbdclass - ok
18:40:34.0166 2276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:40:34.0291 2276 kbdhid - ok
18:40:34.0369 2276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:40:34.0369 2276 KSecDD - ok
18:40:34.0447 2276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:40:34.0525 2276 KSecPkg - ok
18:40:34.0649 2276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:40:34.0743 2276 lltdio - ok
18:40:34.0837 2276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:40:34.0899 2276 LSI_FC - ok
18:40:34.0946 2276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:40:35.0039 2276 LSI_SAS - ok
18:40:35.0086 2276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:40:35.0211 2276 LSI_SAS2 - ok
18:40:35.0258 2276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:40:35.0398 2276 LSI_SCSI - ok
18:40:35.0445 2276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:40:35.0523 2276 luafv - ok
18:40:35.0617 2276 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:40:35.0632 2276 MBAMProtector - ok
18:40:35.0710 2276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:40:35.0960 2276 megasas - ok
18:40:36.0069 2276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:40:36.0147 2276 MegaSR - ok
18:40:36.0241 2276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:40:36.0319 2276 Modem - ok
18:40:36.0381 2276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:40:36.0381 2276 monitor - ok
18:40:36.0459 2276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:40:36.0521 2276 mouclass - ok
18:40:36.0584 2276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:40:36.0677 2276 mouhid - ok
18:40:36.0755 2276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:40:36.0771 2276 mountmgr - ok
18:40:36.0833 2276 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:40:36.0958 2276 mpio - ok
18:40:37.0005 2276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:40:37.0192 2276 mpsdrv - ok
18:40:37.0270 2276 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:40:37.0348 2276 MRxDAV - ok
18:40:37.0426 2276 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:40:37.0535 2276 mrxsmb - ok
18:40:37.0598 2276 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:40:37.0723 2276 mrxsmb10 - ok
18:40:37.0769 2276 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:40:37.0847 2276 mrxsmb20 - ok
18:40:37.0925 2276 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:40:38.0003 2276 msahci - ok
18:40:38.0066 2276 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:40:38.0144 2276 msdsm - ok
18:40:38.0237 2276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:40:38.0409 2276 Msfs - ok
18:40:38.0440 2276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:40:38.0503 2276 mshidkmdf - ok
18:40:38.0534 2276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:40:38.0627 2276 msisadrv - ok
18:40:38.0721 2276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:40:38.0737 2276 MSKSSRV - ok
18:40:38.0783 2276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:40:38.0861 2276 MSPCLOCK - ok
18:40:38.0908 2276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:40:38.0924 2276 MSPQM - ok
18:40:38.0971 2276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:40:38.0986 2276 MsRPC - ok
18:40:39.0033 2276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:40:39.0049 2276 mssmbios - ok
18:40:39.0111 2276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:40:39.0189 2276 MSTEE - ok
18:40:39.0236 2276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:40:39.0329 2276 MTConfig - ok
18:40:39.0361 2276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:40:39.0392 2276 Mup - ok
18:40:39.0470 2276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:40:39.0595 2276 NativeWifiP - ok
18:40:39.0797 2276 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:40:39.0813 2276 NDIS - ok
18:40:39.0922 2276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:40:40.0000 2276 NdisCap - ok
18:40:40.0063 2276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:40:40.0078 2276 NdisTapi - ok
18:40:40.0141 2276 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:40:40.0203 2276 Ndisuio - ok
18:40:40.0281 2276 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:40:40.0343 2276 NdisWan - ok
18:40:40.0406 2276 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:40:40.0546 2276 NDProxy - ok
18:40:40.0655 2276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:40:40.0780 2276 NetBIOS - ok
18:40:40.0858 2276 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:40:40.0874 2276 NetBT - ok
18:40:40.0967 2276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:40:41.0077 2276 nfrd960 - ok
18:40:41.0123 2276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:40:41.0201 2276 Npfs - ok
18:40:41.0248 2276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:40:41.0264 2276 nsiproxy - ok
18:40:41.0389 2276 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:40:41.0482 2276 Ntfs - ok
18:40:41.0513 2276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:40:41.0607 2276 Null - ok
18:40:41.0654 2276 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:40:41.0732 2276 nvraid - ok
18:40:41.0763 2276 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:40:41.0919 2276 nvstor - ok
18:40:41.0966 2276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:40:42.0044 2276 nv_agp - ok
18:40:42.0106 2276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:40:42.0122 2276 ohci1394 - ok
18:40:42.0231 2276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:40:42.0309 2276 Parport - ok
18:40:42.0371 2276 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:40:42.0449 2276 partmgr - ok
18:40:42.0512 2276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:40:42.0590 2276 Parvdm - ok
18:40:42.0652 2276 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:40:42.0730 2276 pci - ok
18:40:42.0761 2276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:40:42.0839 2276 pciide - ok
18:40:42.0886 2276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:40:42.0964 2276 pcmcia - ok
18:40:43.0011 2276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:40:43.0089 2276 pcw - ok
18:40:43.0167 2276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:40:43.0183 2276 PEAUTH - ok
18:40:43.0417 2276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:40:43.0495 2276 PptpMiniport - ok
18:40:43.0541 2276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:40:43.0619 2276 Processor - ok
18:40:43.0760 2276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:40:43.0853 2276 Psched - ok
18:40:44.0025 2276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:40:44.0150 2276 ql2300 - ok
18:40:44.0197 2276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:40:44.0290 2276 ql40xx - ok
18:40:44.0353 2276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:40:44.0446 2276 QWAVEdrv - ok
18:40:44.0493 2276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:40:44.0587 2276 RasAcd - ok
18:40:44.0649 2276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:40:44.0727 2276 RasAgileVpn - ok
18:40:44.0789 2276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:40:44.0852 2276 Rasl2tp - ok
18:40:44.0930 2276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:40:45.0008 2276 RasPppoe - ok
18:40:45.0070 2276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:40:45.0148 2276 RasSstp - ok
18:40:45.0257 2276 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:40:45.0413 2276 rdbss - ok
18:40:45.0460 2276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:40:45.0569 2276 rdpbus - ok
18:40:45.0647 2276 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:40:45.0647 2276 RDPCDD - ok
18:40:45.0741 2276 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:40:45.0757 2276 RDPDR - ok
18:40:45.0835 2276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:40:45.0835 2276 RDPENCDD - ok
18:40:45.0928 2276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:40:45.0928 2276 RDPREFMP - ok
18:40:46.0037 2276 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:40:46.0131 2276 RDPWD - ok
18:40:46.0303 2276 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:40:46.0396 2276 rdyboost - ok
18:40:46.0739 2276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:40:46.0927 2276 rspndr - ok
18:40:47.0332 2276 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:40:47.0504 2276 s3cap - ok
18:40:47.0909 2276 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:40:48.0097 2276 sbp2port - ok
18:40:48.0534 2276 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:40:48.0534 2276 scfilter - ok
18:40:48.0690 2276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:40:48.0768 2276 secdrv - ok
18:40:48.0861 2276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:40:48.0939 2276 Serenum - ok
18:40:48.0986 2276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:40:49.0064 2276 Serial - ok
18:40:49.0126 2276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:40:49.0204 2276 sermouse - ok
18:40:49.0329 2276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:40:49.0392 2276 sffdisk - ok
18:40:49.0470 2276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:40:49.0938 2276 sffp_mmc - ok
18:40:50.0187 2276 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:40:50.0265 2276 sffp_sd - ok
18:40:50.0343 2276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:40:50.0421 2276 sfloppy - ok
18:40:50.0530 2276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:40:50.0640 2276 sisagp - ok
18:40:50.0702 2276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:40:50.0827 2276 SiSRaid2 - ok
18:40:50.0889 2276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:40:51.0061 2276 SiSRaid4 - ok
18:40:51.0154 2276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:40:51.0232 2276 Smb - ok
18:40:51.0560 2276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:40:51.0560 2276 spldr - ok
18:40:51.0872 2276 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:40:52.0044 2276 srv - ok
18:40:52.0122 2276 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:40:52.0215 2276 srv2 - ok
18:40:52.0246 2276 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:40:52.0387 2276 srvnet - ok
18:40:52.0574 2276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:40:52.0652 2276 stexstor - ok
18:40:52.0792 2276 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:40:52.0855 2276 storflt - ok
18:40:52.0964 2276 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:40:53.0026 2276 storvsc - ok
18:40:53.0167 2276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:40:53.0167 2276 swenum - ok
18:40:53.0510 2276 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:40:53.0619 2276 Tcpip - ok
18:40:53.0775 2276 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:40:53.0791 2276 TCPIP6 - ok
18:40:54.0103 2276 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:40:54.0274 2276 tcpipreg - ok
18:40:54.0399 2276 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:40:54.0493 2276 TDPIPE - ok
18:40:54.0555 2276 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:40:54.0633 2276 TDTCP - ok
18:40:54.0696 2276 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:40:54.0836 2276 tdx - ok
18:40:54.0976 2276 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:40:55.0039 2276 TermDD - ok
18:40:55.0288 2276 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:40:55.0522 2276 tssecsrv - ok
18:40:55.0803 2276 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:40:56.0474 2276 TsUsbFlt - ok
18:40:56.0677 2276 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:40:56.0895 2276 tunnel - ok
18:40:57.0114 2276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:40:57.0192 2276 uagp35 - ok
18:40:57.0472 2276 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:40:57.0613 2276 udfs - ok
18:40:57.0784 2276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:40:57.0847 2276 uliagpkx - ok
18:40:57.0940 2276 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:40:58.0050 2276 umbus - ok
18:40:58.0112 2276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:40:58.0206 2276 UmPass - ok
18:40:58.0299 2276 UNDPX2K - ok
18:40:58.0471 2276 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:40:58.0627 2276 usbccgp - ok
18:40:58.0705 2276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:40:58.0861 2276 usbcir - ok
18:40:58.0908 2276 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:40:58.0986 2276 usbehci - ok
18:40:59.0079 2276 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:40:59.0157 2276 usbhub - ok
18:40:59.0220 2276 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:40:59.0298 2276 usbohci - ok
18:40:59.0376 2276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:40:59.0469 2276 usbprint - ok
18:40:59.0547 2276 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:40:59.0672 2276 usbscan - ok
18:40:59.0750 2276 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:40:59.0844 2276 USBSTOR - ok
18:41:00.0156 2276 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:41:00.0234 2276 usbuhci - ok
18:41:00.0390 2276 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
18:41:00.0421 2276 usbvideo - ok
18:41:00.0561 2276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:41:00.0639 2276 vdrvroot - ok
18:41:00.0717 2276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:00.0780 2276 vga - ok
18:41:00.0858 2276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:41:01.0076 2276 VgaSave - ok
18:41:01.0216 2276 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:41:01.0279 2276 vhdmp - ok
18:41:01.0419 2276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:41:01.0497 2276 viaagp - ok
18:41:01.0825 2276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:41:01.0887 2276 ViaC7 - ok
18:41:02.0090 2276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:41:02.0168 2276 viaide - ok
18:41:02.0293 2276 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:41:02.0308 2276 vmbus - ok
18:41:02.0355 2276 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:41:02.0371 2276 VMBusHID - ok
18:41:02.0418 2276 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:41:02.0558 2276 volmgr - ok
18:41:02.0636 2276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:41:02.0652 2276 volmgrx - ok
18:41:02.0698 2276 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:41:02.0823 2276 volsnap - ok
18:41:02.0901 2276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:41:02.0964 2276 vsmraid - ok
18:41:03.0120 2276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:41:03.0198 2276 vwifibus - ok
18:41:03.0244 2276 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:41:03.0369 2276 vwififlt - ok
18:41:03.0478 2276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:41:03.0541 2276 WacomPen - ok
18:41:03.0650 2276 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:03.0744 2276 WANARP - ok
18:41:03.0759 2276 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:03.0759 2276 Wanarpv6 - ok
18:41:03.0900 2276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:41:03.0993 2276 Wd - ok
18:41:04.0056 2276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:41:04.0180 2276 Wdf01000 - ok
18:41:04.0336 2276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:41:04.0414 2276 WfpLwf - ok
18:41:04.0461 2276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:41:04.0555 2276 WIMMount - ok
18:41:04.0773 2276 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:41:04.0789 2276 WinUsb - ok
18:41:04.0898 2276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:41:04.0898 2276 WmiAcpi - ok
18:41:05.0038 2276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:41:05.0116 2276 ws2ifsl - ok
18:41:05.0241 2276 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:41:05.0304 2276 WudfPf - ok
18:41:05.0350 2276 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:05.0382 2276 WUDFRd - ok
18:41:05.0491 2276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:41:05.0584 2276 \Device\Harddisk0\DR0 - ok
18:41:05.0600 2276 Boot (0x1200) (5ffaa678bd930ae7a98126b2577c9405) \Device\Harddisk0\DR0\Partition0
18:41:05.0600 2276 \Device\Harddisk0\DR0\Partition0 - ok
18:41:05.0616 2276 Boot (0x1200) (97ecc103475ee937bdeac782690534ef) \Device\Harddisk0\DR0\Partition1
18:41:05.0631 2276 \Device\Harddisk0\DR0\Partition1 - ok
18:41:05.0631 2276 ============================================================
18:41:05.0631 2276 Scan finished
18:41:05.0631 2276 ============================================================
18:41:05.0694 2216 Detected object count: 0
18:41:05.0694 2216 Actual detected object count: 0

#11 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 January 2012 - 04:42 PM

Hi, there above is thwe report

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 23 January 2012 - 09:17 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 January 2012 - 09:53 PM

Hello Gringo!!
This is the log


aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 23:51:57
-----------------------------
23:51:57.599 OS Version: Windows 6.1.7601 Service Pack 1
23:51:57.600 Number of processors: 2 586 0x1C02
23:51:57.606 ComputerName: BDS-DELL04 UserName: bds
23:52:00.365 Initialize success
23:52:15.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:52:15.515 Disk 0 Vendor: SAMSUNG_HM160HI HH100-15 Size: 152627MB BusType: 11
23:52:15.542 Disk 0 MBR read successfully
23:52:15.552 Disk 0 MBR scan
23:52:15.566 Disk 0 Windows 7 default MBR code
23:52:15.587 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:52:15.619 Disk 0 Partition 2 80 (A) 0B FAT32 Null 4.1 2000 MB offset 80325
23:52:15.640 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150586 MB offset 4177920
23:52:15.667 Disk 0 scanning sectors +312578048
23:52:15.766 Disk 0 scanning C:\Windows\system32\drivers
23:52:35.775 Service scanning
23:52:37.791 Modules scanning
23:52:48.582 Disk 0 trace - called modules:
23:52:48.657 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:52:49.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84615030]
23:52:49.128 3 CLASSPNP.SYS[87fc859e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8414b908]
23:52:49.160 Scan finished successfully
23:53:13.398 Disk 0 MBR has been saved successfully to "C:\Users\bds\Desktop\MBR.dat"
23:53:13.434 The log file has been saved successfully to "C:\Users\bds\Desktop\aswMBR.txt"

#14 druman

druman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 23 January 2012 - 10:12 PM

Gringo; Ive tested again my google search on my IE7. When I make the search it appears a white page with just a message:
Please, click here if you havent been redirected in a few secondds (im translating). After that, when I click on it,shows me a google search (its easy to notice that it isnt de real page) but now the direction is google.com/search... like a normal one (it doesnt appear anymore the google.com/webhp)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:31 PM

Posted 23 January 2012 - 10:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users