Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TR/Patched.Gen found in \\\\winlogon.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 dira

dira

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 20 January 2012 - 02:35 PM

My PC seems to have gotten infected with this virus. Avast & Avira both keep on telling me that a virus has been found but I can not remove them. Please see my post HERE

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by User at 21:51:57 on 2012-01-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2080 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ameritrade.com
Trusted Zone: fox.com
Trusted Zone: fox.com\www
Trusted Zone: tdameritrade.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{017C263D-478C-4046-AF42-E33C74FD9E2C} : DhcpNameServer = 167.206.245.130 167.206.245.129
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\92wzgla4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 22123321;22123321;c:\windows\system32\drivers\22123321.sys [2010-9-15 128016]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-19 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-19 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-19 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-19 74640]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-2 47640]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440]
S0 22123322;22123322 Boot Guard Driver;c:\windows\system32\drivers\22123322.sys --> c:\windows\system32\drivers\22123322.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-01-20 01:50:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-01-19 21:54:01 -------- d-----w- c:\windows\system32\NtmsData
2012-01-19 21:48:33 -------- d-----w- c:\documents and settings\user\application data\Avira
2012-01-19 21:47:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-19 21:47:52 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-19 21:47:51 -------- d-----w- c:\program files\Avira
2012-01-19 21:47:51 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-01-19 03:56:29 -------- d-----w- c:\program files\ESET
2012-01-19 03:50:41 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-19 03:50:41 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-18 23:25:58 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-01-18 23:25:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-18 23:25:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 23:25:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 22:10:16 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-18 22:10:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-18 22:08:33 -------- d-----w- c:\program files\ConduitEngine
2012-01-18 22:08:33 -------- d-----w- c:\documents and settings\user\local settings\application data\ConduitEngine
2012-01-18 20:35:58 -------- d-----w- c:\documents and settings\all users\application data\SmartPCScan
2012-01-03 03:37:04 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-03 03:37:04 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-03 03:37:04 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-03 03:37:04 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-23 03:20:26 53248 ----a-w- c:\windows\system32\palmdevc.dll
2011-12-23 03:16:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
.
==================== Find3M ====================
.
2012-01-19 03:50:25 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-23 03:19:23 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-11-27 06:04:37 9618872 ----a-w- c:\documents and settings\all users\Tempmozy-update-b2dc44eb185732ade88416784fadbd67.exe
2011-11-27 00:04:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 21:52:46.29 ===============


I will post the GMER file as soon as its finished scanning

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 01:33 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 22 January 2012 - 02:22 PM

Thanks for taking the time to help. Here is the combo fix log
I still have a pop up from Avira saying "Malware found"

ComboFix 12-01-21.02 - ML 01/22/2012 10:50:51.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2486 [GMT -5:00]
Running from: c:\documents and settings\ML\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ISx10.tmp
c:\documents and settings\All Users\Application Data\ISx6F.tmp
c:\documents and settings\All Users\Application Data\ISxA.tmp
c:\documents and settings\All Users\Application Data\ISxB.tmp
c:\documents and settings\All Users\Application Data\ISxC.tmp
c:\documents and settings\All Users\Application Data\ISxD.tmp
c:\documents and settings\All Users\Application Data\ISxE.tmp
c:\documents and settings\All Users\Application Data\ISxF.tmp
c:\documents and settings\All Users\Tempmozy-update-b2dc44eb185732ade88416784fadbd67.exe
c:\documents and settings\ML\g2mdlhlpx.exe
c:\documents and settings\ML\WINDOWS
C:\install.exe
c:\windows\$NtUninstallKB17270$
c:\windows\$NtUninstallKB17270$\1029559051
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\rn.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\UA000071.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.mrxsmb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-20 01:50 . 2012-01-20 01:50 -------- d-----w- c:\documents and settings\ML\Local Settings\Application Data\Sun
2012-01-19 21:54 . 2012-01-21 23:57 -------- d-----w- c:\windows\system32\NtmsData
2012-01-19 21:48 . 2012-01-19 21:48 -------- d-----w- c:\documents and settings\ML\Application Data\Avira
2012-01-19 21:47 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-19 21:47 . 2012-01-21 23:30 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-19 21:47 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-19 21:47 . 2012-01-19 21:47 -------- d-----w- c:\program files\Avira
2012-01-19 21:47 . 2012-01-19 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-01-19 03:56 . 2012-01-19 03:56 -------- d-----w- c:\program files\ESET
2012-01-19 03:50 . 2012-01-19 03:50 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 03:50 . 2012-01-19 03:50 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\documents and settings\ML\Application Data\Malwarebytes
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 23:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 22:10 . 2012-01-18 22:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-18 22:08 . 2012-01-18 22:08 -------- d-----w- c:\program files\ConduitEngine
2012-01-18 22:08 . 2012-01-18 22:08 -------- d-----w- c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine
2012-01-18 20:35 . 2012-01-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartPCScan
2012-01-18 20:28 . 2012-01-18 22:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-03 03:37 . 2012-01-03 03:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-03 03:37 . 2012-01-03 03:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-03 03:37 . 2012-01-03 03:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-03 03:37 . 2012-01-03 03:37 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 03:50 . 2011-10-02 18:14 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-23 03:19 . 2011-12-23 03:20 53248 ----a-w- c:\windows\system32\palmdevc.dll
2011-12-23 03:19 . 2007-10-15 00:49 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-12-23 03:16 . 2011-12-23 03:16 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-27 00:04 . 2011-05-27 12:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-10 17:51 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 17:51 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-01-03 03:37 . 2011-05-01 02:01 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7AEB3EFD-E564-43F1-B658-5058A7C5743B}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 00:24 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk.disabled
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ML^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\ML\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ML^Start Menu^Programs^Startup^setup_9.0.0.722_13.09.2010_12-24.lnk]
path=c:\documents and settings\ML\Start Menu\Programs\Startup\setup_9.0.0.722_13.09.2010_12-24.lnk
backup=c:\windows\pss\setup_9.0.0.722_13.09.2010_12-24.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxcdrdrf]
xby5tyvr [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\windows\pchealth [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 19:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-01 22:25 136176 ----atw- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 21:50 86016 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 12:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 21:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 19:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 19:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 22:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 21:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 15:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"MBAMService"=2 (0x2)
"AVP"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"GoToMyPC"=c:\program files\Citrix\GoToMyPC\g2svc.exe -logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\ML\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\ML\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 22123321;22123321;c:\windows\system32\drivers\22123321.sys [9/15/2010 8:28 AM 128016]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [1/19/2012 4:47 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/19/2012 4:47 PM 86224]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [6/24/2011 8:16 PM 61440]
S0 22123322;22123322 Boot Guard Driver;c:\windows\system32\DRIVERS\22123322.sys --> c:\windows\system32\DRIVERS\22123322.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434777315-1682499820-4023185622-1007Core.job
- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-01 22:25]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434777315-1682499820-4023185622-1007UA.job
- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-01 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: ameritrade.com
Trusted Zone: fox.com
Trusted Zone: fox.com\www
Trusted Zone: tdameritrade.com
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\documents and settings\ML\Application Data\Mozilla\Firefox\Profiles\92wzgla4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5504)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MozyHome\mozybackup.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\fxssvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-22 11:40:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 16:40
ComboFix2.txt 2010-01-08 15:58
.
Pre-Run: 154,723,942,400 bytes free
Post-Run: 155,201,949,696 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FC82F3F02129DD3C6FDA1F19214DAE2C

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 02:26 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\ConduitEngine
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine
c:\program files\vshare.tv_Bar

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

Firefox::
FF - ProfilePath - c:\documents and settings\ML\Application Data\Mozilla\Firefox\Profiles\92wzgla4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 22 January 2012 - 04:06 PM

ComboFix 12-01-21.02 - ML 01/22/2012 15:04:51.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2376 [GMT -5:00]
Running from: c:\documents and settings\ML\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ML\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine\Dialogs\PIE.htc
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine\ldrConduitEngine.dll
c:\documents and settings\ML\Local Settings\Application Data\ConduitEngine\toolbar.cfg
c:\program files\ConduitEngine
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\ldrConduitEngine.dll
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\vshare.tv_Bar
c:\program files\vshare.tv_Bar\GottenAppsContextMenu.xml
c:\program files\vshare.tv_Bar\ldrtbvsha.dll
c:\program files\vshare.tv_Bar\OtherAppsContextMenu.xml
c:\program files\vshare.tv_Bar\prxtbvsha.dll
c:\program files\vshare.tv_Bar\SharedAppsContextMenu.xml
c:\program files\vshare.tv_Bar\tbvsha.dll
c:\program files\vshare.tv_Bar\toolbar.cfg
c:\program files\vshare.tv_Bar\ToolbarContextMenu.xml
c:\program files\vshare.tv_Bar\uninstall.exe
c:\program files\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-20 01:50 . 2012-01-20 01:50 -------- d-----w- c:\documents and settings\ML\Local Settings\Application Data\Sun
2012-01-19 21:54 . 2012-01-21 23:57 -------- d-----w- c:\windows\system32\NtmsData
2012-01-19 21:48 . 2012-01-19 21:48 -------- d-----w- c:\documents and settings\ML\Application Data\Avira
2012-01-19 21:47 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-19 21:47 . 2012-01-21 23:30 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-19 21:47 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-19 21:47 . 2012-01-19 21:47 -------- d-----w- c:\program files\Avira
2012-01-19 21:47 . 2012-01-19 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-01-19 03:56 . 2012-01-19 03:56 -------- d-----w- c:\program files\ESET
2012-01-19 03:50 . 2012-01-19 03:50 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 03:50 . 2012-01-19 03:50 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\documents and settings\ML\Application Data\Malwarebytes
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-18 23:25 . 2012-01-18 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 23:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 22:10 . 2012-01-18 22:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-18 20:35 . 2012-01-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartPCScan
2012-01-18 20:28 . 2012-01-18 22:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-03 03:37 . 2012-01-03 03:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-03 03:37 . 2012-01-03 03:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-03 03:37 . 2012-01-03 03:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-03 03:37 . 2012-01-03 03:37 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 03:50 . 2011-10-02 18:14 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-23 03:19 . 2011-12-23 03:20 53248 ----a-w- c:\windows\system32\palmdevc.dll
2011-12-23 03:19 . 2007-10-15 00:49 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-12-23 03:16 . 2011-12-23 03:16 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-27 00:04 . 2011-05-27 12:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-10 17:51 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 17:51 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-01-03 03:37 . 2011-05-01 02:01 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-22_16.25.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-22 20:26 . 2012-01-22 20:26 16384 c:\windows\temp\Perflib_Perfdata_688.dat
+ 2012-01-22 20:26 . 2012-01-22 20:26 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2012-01-22 20:26 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2012-01-22 16:25 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 00:24 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk.disabled
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ML^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\ML\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ML^Start Menu^Programs^Startup^setup_9.0.0.722_13.09.2010_12-24.lnk]
path=c:\documents and settings\ML\Start Menu\Programs\Startup\setup_9.0.0.722_13.09.2010_12-24.lnk
backup=c:\windows\pss\setup_9.0.0.722_13.09.2010_12-24.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxcdrdrf]
xby5tyvr [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\windows\pchealth [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 19:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-01 22:25 136176 ----atw- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 21:50 86016 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 12:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 21:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 19:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 19:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 22:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 21:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 15:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"MBAMService"=2 (0x2)
"AVP"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"GoToMyPC"=c:\program files\Citrix\GoToMyPC\g2svc.exe -logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\ML\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\ML\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 22123321;22123321;c:\windows\system32\drivers\22123321.sys [9/15/2010 8:28 AM 128016]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [1/19/2012 4:47 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/19/2012 4:47 PM 86224]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [6/24/2011 8:16 PM 61440]
S0 22123322;22123322 Boot Guard Driver;c:\windows\system32\DRIVERS\22123322.sys --> c:\windows\system32\DRIVERS\22123322.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434777315-1682499820-4023185622-1007Core.job
- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-01 22:25]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434777315-1682499820-4023185622-1007UA.job
- c:\documents and settings\ML\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-01 22:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: ameritrade.com
Trusted Zone: fox.com
Trusted Zone: fox.com\www
Trusted Zone: tdameritrade.com
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\documents and settings\ML\Application Data\Mozilla\Firefox\Profiles\92wzgla4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_Bar\prxtbvsha.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_Bar\prxtbvsha.dll
Toolbar-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_Bar\prxtbvsha.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - c:\program files\vshare.tv_Bar\prxtbvsha.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-vshare.tv_Bar Toolbar - c:\program files\vshare.tv_Bar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5648)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MozyHome\mozybackup.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-22 15:41:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 20:41
ComboFix2.txt 2012-01-22 16:40
ComboFix3.txt 2010-01-08 15:58
.
Pre-Run: 155,302,600,704 bytes free
Post-Run: 155,289,481,216 bytes free
.
- - End Of File - - 630EAE0410E3AD4E139F4C2E96C826DD

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 04:16 PM

Hello

How are things running?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 22 January 2012 - 04:28 PM

16:21:42.0812 4200 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:21:43.0078 4200 ============================================================
16:21:43.0078 4200 Current date / time: 2012/01/22 16:21:43.0078
16:21:43.0078 4200 SystemInfo:
16:21:43.0078 4200
16:21:43.0078 4200 OS Version: 5.1.2600 ServicePack: 3.0
16:21:43.0078 4200 Product type: Workstation
16:21:43.0078 4200 ComputerName: OWNER
16:21:43.0078 4200 UserName: ML
16:21:43.0078 4200 Windows directory: C:\WINDOWS
16:21:43.0078 4200 System windows directory: C:\WINDOWS
16:21:43.0078 4200 Processor architecture: Intel x86
16:21:43.0078 4200 Number of processors: 2
16:21:43.0078 4200 Page size: 0x1000
16:21:43.0078 4200 Boot type: Normal boot
16:21:43.0078 4200 ============================================================
16:21:43.0640 4200 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:43.0687 4200 Initialize success
16:22:01.0875 4276 ============================================================
16:22:01.0875 4276 Scan started
16:22:01.0875 4276 Mode: Manual;
16:22:01.0875 4276 ============================================================
16:22:02.0187 4276 22123321 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\22123321.sys
16:22:02.0187 4276 22123321 - ok
16:22:02.0203 4276 22123322 - ok
16:22:02.0265 4276 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:22:02.0281 4276 61883 - ok
16:22:02.0281 4276 Abiosdsk - ok
16:22:02.0296 4276 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:22:02.0312 4276 abp480n5 - ok
16:22:02.0343 4276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:22:02.0343 4276 ACPI - ok
16:22:02.0375 4276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:22:02.0375 4276 ACPIEC - ok
16:22:02.0390 4276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:22:02.0406 4276 adpu160m - ok
16:22:02.0437 4276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:22:02.0437 4276 aec - ok
16:22:02.0484 4276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:22:02.0484 4276 AFD - ok
16:22:02.0546 4276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:22:02.0546 4276 agp440 - ok
16:22:02.0546 4276 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:22:02.0562 4276 agpCPQ - ok
16:22:02.0562 4276 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:22:02.0578 4276 Aha154x - ok
16:22:02.0578 4276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:22:02.0593 4276 aic78u2 - ok
16:22:02.0609 4276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:22:02.0625 4276 aic78xx - ok
16:22:02.0640 4276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:22:02.0640 4276 AliIde - ok
16:22:02.0656 4276 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:22:02.0656 4276 alim1541 - ok
16:22:02.0671 4276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:22:02.0671 4276 amdagp - ok
16:22:02.0703 4276 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:22:02.0703 4276 amsint - ok
16:22:02.0765 4276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:22:02.0781 4276 Arp1394 - ok
16:22:02.0781 4276 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:22:02.0796 4276 asc - ok
16:22:02.0796 4276 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:22:02.0796 4276 asc3350p - ok
16:22:02.0812 4276 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:22:02.0828 4276 asc3550 - ok
16:22:02.0843 4276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:22:02.0843 4276 AsyncMac - ok
16:22:02.0859 4276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:22:02.0859 4276 atapi - ok
16:22:02.0875 4276 Atdisk - ok
16:22:02.0953 4276 ati2mtag (9bbefce3d18cf3c6eaf4f13920f75200) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:22:02.0968 4276 ati2mtag - ok
16:22:03.0015 4276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:22:03.0031 4276 Atmarpc - ok
16:22:03.0046 4276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:22:03.0046 4276 audstub - ok
16:22:03.0078 4276 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:22:03.0078 4276 Avc - ok
16:22:03.0109 4276 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:22:03.0109 4276 avgntflt - ok
16:22:03.0140 4276 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:22:03.0140 4276 avipbb - ok
16:22:03.0156 4276 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:22:03.0156 4276 avkmgr - ok
16:22:03.0171 4276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:22:03.0171 4276 Beep - ok
16:22:03.0281 4276 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:22:03.0281 4276 BrScnUsb - ok
16:22:03.0281 4276 BTCFilterService - ok
16:22:03.0296 4276 catchme - ok
16:22:03.0343 4276 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:22:03.0359 4276 cbidf - ok
16:22:03.0359 4276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:22:03.0359 4276 cbidf2k - ok
16:22:03.0406 4276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:22:03.0406 4276 CCDECODE - ok
16:22:03.0421 4276 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:22:03.0421 4276 cd20xrnt - ok
16:22:03.0437 4276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:22:03.0437 4276 Cdaudio - ok
16:22:03.0437 4276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:22:03.0437 4276 Cdfs - ok
16:22:03.0484 4276 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:22:03.0484 4276 Cdrom - ok
16:22:03.0500 4276 Changer - ok
16:22:03.0562 4276 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:22:03.0562 4276 CmdIde - ok
16:22:03.0640 4276 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:22:03.0640 4276 Cpqarray - ok
16:22:03.0656 4276 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:22:03.0671 4276 dac2w2k - ok
16:22:03.0687 4276 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:22:03.0687 4276 dac960nt - ok
16:22:03.0734 4276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:22:03.0750 4276 Disk - ok
16:22:03.0796 4276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:22:03.0859 4276 dmboot - ok
16:22:03.0937 4276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:22:03.0937 4276 dmio - ok
16:22:03.0968 4276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:22:03.0968 4276 dmload - ok
16:22:04.0000 4276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:22:04.0000 4276 DMusic - ok
16:22:04.0015 4276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:22:04.0031 4276 dpti2o - ok
16:22:04.0031 4276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:22:04.0031 4276 drmkaud - ok
16:22:04.0156 4276 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
16:22:04.0171 4276 DSproct - ok
16:22:04.0187 4276 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:22:04.0203 4276 E100B - ok
16:22:04.0250 4276 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:22:04.0250 4276 e1express - ok
16:22:04.0328 4276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:22:04.0328 4276 Fastfat - ok
16:22:04.0375 4276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:22:04.0375 4276 Fdc - ok
16:22:04.0390 4276 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:22:04.0390 4276 FilterService - ok
16:22:04.0421 4276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:22:04.0421 4276 Fips - ok
16:22:04.0468 4276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:22:04.0468 4276 Flpydisk - ok
16:22:04.0531 4276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:22:04.0546 4276 FltMgr - ok
16:22:04.0656 4276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:22:04.0656 4276 Fs_Rec - ok
16:22:04.0671 4276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:22:04.0671 4276 Ftdisk - ok
16:22:04.0734 4276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:22:04.0734 4276 GEARAspiWDM - ok
16:22:04.0781 4276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:22:04.0781 4276 Gpc - ok
16:22:04.0796 4276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:22:04.0796 4276 HDAudBus - ok
16:22:04.0828 4276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:22:04.0828 4276 HidUsb - ok
16:22:04.0906 4276 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:22:04.0906 4276 hpn - ok
16:22:04.0968 4276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:22:04.0968 4276 HTTP - ok
16:22:04.0984 4276 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:22:04.0984 4276 i2omgmt - ok
16:22:05.0015 4276 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:22:05.0015 4276 i2omp - ok
16:22:05.0031 4276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:22:05.0031 4276 i8042prt - ok
16:22:05.0078 4276 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:22:05.0125 4276 ialm - ok
16:22:05.0203 4276 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
16:22:05.0203 4276 iastor - ok
16:22:05.0218 4276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:22:05.0218 4276 Imapi - ok
16:22:05.0234 4276 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:22:05.0234 4276 ini910u - ok
16:22:05.0250 4276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:22:05.0250 4276 IntelIde - ok
16:22:05.0296 4276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:22:05.0296 4276 intelppm - ok
16:22:05.0312 4276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:22:05.0312 4276 Ip6Fw - ok
16:22:05.0343 4276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:22:05.0343 4276 IpFilterDriver - ok
16:22:05.0359 4276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:22:05.0359 4276 IpInIp - ok
16:22:05.0390 4276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:22:05.0390 4276 IpNat - ok
16:22:05.0406 4276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:22:05.0406 4276 IPSec - ok
16:22:05.0421 4276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:22:05.0421 4276 IRENUM - ok
16:22:05.0437 4276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:22:05.0437 4276 isapnp - ok
16:22:05.0484 4276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:22:05.0484 4276 Kbdclass - ok
16:22:05.0484 4276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:22:05.0484 4276 kbdhid - ok
16:22:05.0531 4276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:22:05.0531 4276 kmixer - ok
16:22:05.0625 4276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:22:05.0625 4276 KSecDD - ok
16:22:05.0640 4276 lbrtfdc - ok
16:22:05.0671 4276 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:22:05.0671 4276 LHidFilt - ok
16:22:05.0812 4276 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
16:22:05.0812 4276 LMIInfo - ok
16:22:05.0875 4276 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
16:22:05.0890 4276 LMImirr - ok
16:22:05.0890 4276 LMIRfsClientNP - ok
16:22:05.0906 4276 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
16:22:05.0906 4276 LMIRfsDriver - ok
16:22:05.0937 4276 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
16:22:05.0937 4276 LMouFilt - ok
16:22:05.0953 4276 Lvckap - ok
16:22:05.0953 4276 lvpopflt - ok
16:22:06.0000 4276 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:22:06.0015 4276 LVPr2Mon - ok
16:22:06.0062 4276 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:22:06.0062 4276 LVRS - ok
16:22:06.0281 4276 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:22:06.0312 4276 LVUVC - ok
16:22:06.0328 4276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:22:06.0343 4276 mnmdd - ok
16:22:06.0375 4276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:22:06.0375 4276 Modem - ok
16:22:06.0375 4276 motccgp - ok
16:22:06.0390 4276 motccgpfl - ok
16:22:06.0406 4276 motmodem - ok
16:22:06.0406 4276 MotoSwitchService - ok
16:22:06.0421 4276 Motousbnet - ok
16:22:06.0421 4276 motusbdevice - ok
16:22:06.0453 4276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:22:06.0453 4276 Mouclass - ok
16:22:06.0468 4276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:22:06.0468 4276 mouhid - ok
16:22:06.0484 4276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:22:06.0484 4276 MountMgr - ok
16:22:06.0515 4276 mozyFilter (3ef80a284c61fdbc38c2ad16053619ac) C:\WINDOWS\system32\DRIVERS\mozy.sys
16:22:06.0515 4276 mozyFilter - ok
16:22:06.0562 4276 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:22:06.0562 4276 mraid35x - ok
16:22:06.0593 4276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:22:06.0593 4276 MRxDAV - ok
16:22:06.0640 4276 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:22:06.0656 4276 MSDV - ok
16:22:06.0656 4276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:22:06.0656 4276 Msfs - ok
16:22:06.0703 4276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:22:06.0703 4276 MSKSSRV - ok
16:22:06.0703 4276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:22:06.0718 4276 MSPCLOCK - ok
16:22:06.0734 4276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:22:06.0734 4276 MSPQM - ok
16:22:06.0781 4276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:22:06.0781 4276 mssmbios - ok
16:22:06.0781 4276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:22:06.0781 4276 MSTEE - ok
16:22:06.0812 4276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:22:06.0828 4276 Mup - ok
16:22:06.0859 4276 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
16:22:06.0859 4276 MXOPSWD - ok
16:22:06.0890 4276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:22:06.0890 4276 NABTSFEC - ok
16:22:06.0937 4276 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
16:22:06.0937 4276 NAL - ok
16:22:07.0031 4276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:22:07.0031 4276 NDIS - ok
16:22:07.0062 4276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:22:07.0062 4276 NdisIP - ok
16:22:07.0093 4276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:22:07.0093 4276 NdisTapi - ok
16:22:07.0125 4276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:22:07.0125 4276 Ndisuio - ok
16:22:07.0140 4276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:22:07.0140 4276 NdisWan - ok
16:22:07.0171 4276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:22:07.0171 4276 NDProxy - ok
16:22:07.0203 4276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:22:07.0203 4276 NetBIOS - ok
16:22:07.0234 4276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:22:07.0234 4276 NetBT - ok
16:22:07.0265 4276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:22:07.0265 4276 NIC1394 - ok
16:22:07.0281 4276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:22:07.0281 4276 Npfs - ok
16:22:07.0312 4276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:22:07.0312 4276 Ntfs - ok
16:22:07.0328 4276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:22:07.0328 4276 Null - ok
16:22:07.0421 4276 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:22:07.0562 4276 nv - ok
16:22:07.0625 4276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:22:07.0640 4276 NwlnkFlt - ok
16:22:07.0640 4276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:22:07.0656 4276 NwlnkFwd - ok
16:22:07.0656 4276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:22:07.0656 4276 ohci1394 - ok
16:22:07.0703 4276 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
16:22:07.0718 4276 PalmUSBD - ok
16:22:07.0718 4276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:22:07.0734 4276 Parport - ok
16:22:07.0734 4276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:22:07.0750 4276 PartMgr - ok
16:22:07.0765 4276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:22:07.0765 4276 ParVdm - ok
16:22:07.0781 4276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:22:07.0781 4276 PCI - ok
16:22:07.0796 4276 PCIDump - ok
16:22:07.0812 4276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:22:07.0828 4276 PCIIde - ok
16:22:07.0875 4276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:22:07.0875 4276 Pcmcia - ok
16:22:07.0953 4276 PDCOMP - ok
16:22:07.0953 4276 PDFRAME - ok
16:22:07.0968 4276 PDRELI - ok
16:22:07.0968 4276 PDRFRAME - ok
16:22:07.0984 4276 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:22:08.0000 4276 perc2 - ok
16:22:08.0031 4276 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:22:08.0031 4276 perc2hib - ok
16:22:08.0078 4276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:22:08.0078 4276 PptpMiniport - ok
16:22:08.0093 4276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:22:08.0093 4276 PSched - ok
16:22:08.0109 4276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:22:08.0109 4276 Ptilink - ok
16:22:08.0109 4276 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:22:08.0125 4276 PxHelp20 - ok
16:22:08.0156 4276 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:22:08.0171 4276 ql1080 - ok
16:22:08.0171 4276 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:22:08.0187 4276 Ql10wnt - ok
16:22:08.0187 4276 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:22:08.0203 4276 ql12160 - ok
16:22:08.0203 4276 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:22:08.0218 4276 ql1240 - ok
16:22:08.0218 4276 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:22:08.0234 4276 ql1280 - ok
16:22:08.0250 4276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:22:08.0250 4276 RasAcd - ok
16:22:08.0265 4276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:22:08.0265 4276 Rasl2tp - ok
16:22:08.0281 4276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:22:08.0281 4276 RasPppoe - ok
16:22:08.0296 4276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:22:08.0296 4276 Raspti - ok
16:22:08.0328 4276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:22:08.0328 4276 Rdbss - ok
16:22:08.0343 4276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:22:08.0343 4276 RDPCDD - ok
16:22:08.0359 4276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:22:08.0375 4276 rdpdr - ok
16:22:08.0406 4276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:22:08.0406 4276 RDPWD - ok
16:22:08.0437 4276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:22:08.0437 4276 redbook - ok
16:22:08.0484 4276 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:22:08.0484 4276 RimUsb - ok
16:22:08.0515 4276 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:22:08.0515 4276 RimVSerPort - ok
16:22:08.0531 4276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:22:08.0531 4276 ROOTMODEM - ok
16:22:08.0562 4276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:22:08.0578 4276 Secdrv - ok
16:22:08.0609 4276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:22:08.0609 4276 serenum - ok
16:22:08.0640 4276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:22:08.0640 4276 Serial - ok
16:22:08.0656 4276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:22:08.0671 4276 Sfloppy - ok
16:22:08.0671 4276 Simbad - ok
16:22:08.0718 4276 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:22:08.0734 4276 sisagp - ok
16:22:08.0750 4276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:22:08.0750 4276 SLIP - ok
16:22:08.0812 4276 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
16:22:08.0828 4276 sonypvs1 - ok
16:22:08.0859 4276 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:22:08.0859 4276 Sparrow - ok
16:22:08.0875 4276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:22:08.0875 4276 splitter - ok
16:22:08.0906 4276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:22:08.0906 4276 sr - ok
16:22:08.0968 4276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:22:08.0968 4276 Srv - ok
16:22:09.0062 4276 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:22:09.0062 4276 ssmdrv - ok
16:22:09.0140 4276 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
16:22:09.0156 4276 STHDA - ok
16:22:09.0187 4276 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:22:09.0187 4276 StillCam - ok
16:22:09.0234 4276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:22:09.0234 4276 streamip - ok
16:22:09.0250 4276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:22:09.0250 4276 swenum - ok
16:22:09.0250 4276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:22:09.0250 4276 swmidi - ok
16:22:09.0312 4276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:22:09.0312 4276 symc810 - ok
16:22:09.0328 4276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:22:09.0328 4276 symc8xx - ok
16:22:09.0343 4276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:22:09.0343 4276 sym_hi - ok
16:22:09.0359 4276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:22:09.0359 4276 sym_u3 - ok
16:22:09.0390 4276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:22:09.0390 4276 sysaudio - ok
16:22:09.0437 4276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:22:09.0437 4276 Tcpip - ok
16:22:09.0484 4276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:22:09.0484 4276 TDPIPE - ok
16:22:09.0500 4276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:22:09.0515 4276 TDTCP - ok
16:22:09.0546 4276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:22:09.0546 4276 TermDD - ok
16:22:09.0578 4276 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:22:09.0578 4276 TosIde - ok
16:22:09.0640 4276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:22:09.0640 4276 Udfs - ok
16:22:09.0671 4276 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:22:09.0687 4276 ultra - ok
16:22:09.0734 4276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:22:09.0750 4276 Update - ok
16:22:09.0796 4276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:22:09.0796 4276 usbaudio - ok
16:22:09.0843 4276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:22:09.0843 4276 usbccgp - ok
16:22:09.0859 4276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:22:09.0859 4276 usbehci - ok
16:22:09.0906 4276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:22:09.0906 4276 usbhub - ok
16:22:09.0984 4276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:22:09.0984 4276 usbprint - ok
16:22:10.0015 4276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:22:10.0031 4276 usbscan - ok
16:22:10.0078 4276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:22:10.0093 4276 USBSTOR - ok
16:22:10.0140 4276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:22:10.0140 4276 usbuhci - ok
16:22:10.0171 4276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:22:10.0187 4276 usbvideo - ok
16:22:10.0265 4276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:22:10.0265 4276 VgaSave - ok
16:22:10.0375 4276 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:22:10.0390 4276 viaagp - ok
16:22:10.0421 4276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:22:10.0421 4276 ViaIde - ok
16:22:10.0453 4276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:22:10.0453 4276 VolSnap - ok
16:22:10.0515 4276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:22:10.0531 4276 Wanarp - ok
16:22:10.0546 4276 wanatw - ok
16:22:10.0609 4276 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:22:10.0609 4276 Wdf01000 - ok
16:22:10.0609 4276 WDICA - ok
16:22:10.0656 4276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:22:10.0656 4276 wdmaud - ok
16:22:10.0734 4276 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:22:10.0734 4276 WinUSB - ok
16:22:10.0812 4276 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:22:10.0828 4276 WpdUsb - ok
16:22:10.0843 4276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:22:10.0843 4276 WS2IFSL - ok
16:22:10.0843 4276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:22:10.0859 4276 WSTCODEC - ok
16:22:10.0937 4276 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:22:10.0937 4276 WudfPf - ok
16:22:10.0984 4276 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:22:11.0000 4276 WudfRd - ok
16:22:11.0015 4276 zumbus - ok
16:22:11.0031 4276 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
16:22:11.0078 4276 \Device\Harddisk0\DR0 - ok
16:22:11.0109 4276 Boot (0x1200) (8abd7d870be3d32e23831e57ba3156b6) \Device\Harddisk0\DR0\Partition0
16:22:11.0109 4276 \Device\Harddisk0\DR0\Partition0 - ok
16:22:11.0109 4276 ============================================================
16:22:11.0109 4276 Scan finished
16:22:11.0109 4276 ============================================================
16:22:11.0109 4272 Detected object count: 0
16:22:11.0109 4272 Actual detected object count: 0
16:22:54.0578 1432 ============================================================
16:22:54.0578 1432 Scan started
16:22:54.0578 1432 Mode: Manual;
16:22:54.0578 1432 ============================================================
16:22:54.0828 1432 22123321 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\22123321.sys
16:22:54.0828 1432 22123321 - ok
16:22:54.0828 1432 22123322 - ok
16:22:54.0906 1432 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:22:54.0906 1432 61883 - ok
16:22:54.0906 1432 Abiosdsk - ok
16:22:54.0937 1432 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:22:54.0937 1432 abp480n5 - ok
16:22:54.0968 1432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:22:54.0968 1432 ACPI - ok
16:22:55.0000 1432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:22:55.0000 1432 ACPIEC - ok
16:22:55.0015 1432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:22:55.0015 1432 adpu160m - ok
16:22:55.0062 1432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:22:55.0062 1432 aec - ok
16:22:55.0109 1432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:22:55.0109 1432 AFD - ok
16:22:55.0156 1432 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:22:55.0156 1432 agp440 - ok
16:22:55.0203 1432 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:22:55.0218 1432 agpCPQ - ok
16:22:55.0234 1432 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:22:55.0234 1432 Aha154x - ok
16:22:55.0250 1432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:22:55.0250 1432 aic78u2 - ok
16:22:55.0265 1432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:22:55.0265 1432 aic78xx - ok
16:22:55.0296 1432 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:22:55.0296 1432 AliIde - ok
16:22:55.0296 1432 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:22:55.0296 1432 alim1541 - ok
16:22:55.0312 1432 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:22:55.0312 1432 amdagp - ok
16:22:55.0328 1432 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:22:55.0328 1432 amsint - ok
16:22:55.0390 1432 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:22:55.0390 1432 Arp1394 - ok
16:22:55.0406 1432 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:22:55.0406 1432 asc - ok
16:22:55.0406 1432 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:22:55.0406 1432 asc3350p - ok
16:22:55.0421 1432 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:22:55.0421 1432 asc3550 - ok
16:22:55.0453 1432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:22:55.0453 1432 AsyncMac - ok
16:22:55.0453 1432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:22:55.0453 1432 atapi - ok
16:22:55.0468 1432 Atdisk - ok
16:22:55.0578 1432 ati2mtag (9bbefce3d18cf3c6eaf4f13920f75200) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:22:55.0578 1432 ati2mtag - ok
16:22:55.0640 1432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:22:55.0640 1432 Atmarpc - ok
16:22:55.0687 1432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:22:55.0703 1432 audstub - ok
16:22:55.0718 1432 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:22:55.0718 1432 Avc - ok
16:22:55.0750 1432 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:22:55.0750 1432 avgntflt - ok
16:22:55.0781 1432 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:22:55.0781 1432 avipbb - ok
16:22:55.0796 1432 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:22:55.0796 1432 avkmgr - ok
16:22:55.0859 1432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:22:55.0859 1432 Beep - ok
16:22:55.0890 1432 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:22:55.0890 1432 BrScnUsb - ok
16:22:55.0937 1432 BTCFilterService - ok
16:22:55.0953 1432 catchme - ok
16:22:56.0015 1432 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:22:56.0015 1432 cbidf - ok
16:22:56.0015 1432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:22:56.0015 1432 cbidf2k - ok
16:22:56.0062 1432 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:22:56.0062 1432 CCDECODE - ok
16:22:56.0078 1432 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:22:56.0078 1432 cd20xrnt - ok
16:22:56.0125 1432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:22:56.0125 1432 Cdaudio - ok
16:22:56.0140 1432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:22:56.0140 1432 Cdfs - ok
16:22:56.0187 1432 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:22:56.0187 1432 Cdrom - ok
16:22:56.0187 1432 Changer - ok
16:22:56.0265 1432 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:22:56.0265 1432 CmdIde - ok
16:22:56.0343 1432 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:22:56.0343 1432 Cpqarray - ok
16:22:56.0375 1432 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:22:56.0375 1432 dac2w2k - ok
16:22:56.0390 1432 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:22:56.0390 1432 dac960nt - ok
16:22:56.0421 1432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:22:56.0421 1432 Disk - ok
16:22:56.0515 1432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:22:56.0515 1432 dmboot - ok
16:22:56.0593 1432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:22:56.0609 1432 dmio - ok
16:22:56.0625 1432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:22:56.0625 1432 dmload - ok
16:22:56.0671 1432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:22:56.0671 1432 DMusic - ok
16:22:56.0718 1432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:22:56.0718 1432 dpti2o - ok
16:22:56.0750 1432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:22:56.0750 1432 drmkaud - ok
16:22:56.0875 1432 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
16:22:56.0875 1432 DSproct - ok
16:22:56.0890 1432 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:22:56.0890 1432 E100B - ok
16:22:56.0937 1432 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:22:56.0937 1432 e1express - ok
16:22:57.0015 1432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:22:57.0015 1432 Fastfat - ok
16:22:57.0046 1432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:22:57.0062 1432 Fdc - ok
16:22:57.0093 1432 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:22:57.0093 1432 FilterService - ok
16:22:57.0156 1432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:22:57.0156 1432 Fips - ok
16:22:57.0203 1432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:22:57.0203 1432 Flpydisk - ok
16:22:57.0250 1432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:22:57.0250 1432 FltMgr - ok
16:22:57.0312 1432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:22:57.0312 1432 Fs_Rec - ok
16:22:57.0328 1432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:22:57.0328 1432 Ftdisk - ok
16:22:57.0390 1432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:22:57.0390 1432 GEARAspiWDM - ok
16:22:57.0437 1432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:22:57.0437 1432 Gpc - ok
16:22:57.0453 1432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:22:57.0453 1432 HDAudBus - ok
16:22:57.0468 1432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:22:57.0468 1432 HidUsb - ok
16:22:57.0531 1432 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:22:57.0531 1432 hpn - ok
16:22:57.0640 1432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:22:57.0640 1432 HTTP - ok
16:22:57.0671 1432 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:22:57.0671 1432 i2omgmt - ok
16:22:57.0734 1432 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:22:57.0734 1432 i2omp - ok
16:22:57.0750 1432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:22:57.0750 1432 i8042prt - ok
16:22:57.0812 1432 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:22:57.0812 1432 ialm - ok
16:22:57.0875 1432 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
16:22:57.0875 1432 iastor - ok
16:22:57.0890 1432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:22:57.0890 1432 Imapi - ok
16:22:57.0906 1432 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:22:57.0906 1432 ini910u - ok
16:22:57.0921 1432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:22:57.0921 1432 IntelIde - ok
16:22:57.0968 1432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:22:57.0968 1432 intelppm - ok
16:22:57.0984 1432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:22:57.0984 1432 Ip6Fw - ok
16:22:58.0000 1432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:22:58.0000 1432 IpFilterDriver - ok
16:22:58.0015 1432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:22:58.0015 1432 IpInIp - ok
16:22:58.0031 1432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:22:58.0031 1432 IpNat - ok
16:22:58.0046 1432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:22:58.0046 1432 IPSec - ok
16:22:58.0062 1432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:22:58.0062 1432 IRENUM - ok
16:22:58.0078 1432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:22:58.0078 1432 isapnp - ok
16:22:58.0109 1432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:22:58.0109 1432 Kbdclass - ok
16:22:58.0125 1432 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:22:58.0125 1432 kbdhid - ok
16:22:58.0156 1432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:22:58.0156 1432 kmixer - ok
16:22:58.0187 1432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:22:58.0187 1432 KSecDD - ok
16:22:58.0203 1432 lbrtfdc - ok
16:22:58.0234 1432 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:22:58.0250 1432 LHidFilt - ok
16:22:58.0390 1432 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
16:22:58.0390 1432 LMIInfo - ok
16:22:58.0468 1432 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
16:22:58.0484 1432 LMImirr - ok
16:22:58.0484 1432 LMIRfsClientNP - ok
16:22:58.0500 1432 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
16:22:58.0500 1432 LMIRfsDriver - ok
16:22:58.0531 1432 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
16:22:58.0531 1432 LMouFilt - ok
16:22:58.0531 1432 Lvckap - ok
16:22:58.0546 1432 lvpopflt - ok
16:22:58.0593 1432 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:22:58.0593 1432 LVPr2Mon - ok
16:22:58.0656 1432 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:22:58.0656 1432 LVRS - ok
16:22:58.0859 1432 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:22:58.0906 1432 LVUVC - ok
16:22:58.0968 1432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:22:58.0968 1432 mnmdd - ok
16:22:59.0031 1432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:22:59.0031 1432 Modem - ok
16:22:59.0046 1432 motccgp - ok
16:22:59.0046 1432 motccgpfl - ok
16:22:59.0062 1432 motmodem - ok
16:22:59.0078 1432 MotoSwitchService - ok
16:22:59.0078 1432 Motousbnet - ok
16:22:59.0093 1432 motusbdevice - ok
16:22:59.0125 1432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:22:59.0125 1432 Mouclass - ok
16:22:59.0140 1432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:22:59.0140 1432 mouhid - ok
16:22:59.0140 1432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:22:59.0140 1432 MountMgr - ok
16:22:59.0187 1432 mozyFilter (3ef80a284c61fdbc38c2ad16053619ac) C:\WINDOWS\system32\DRIVERS\mozy.sys
16:22:59.0203 1432 mozyFilter - ok
16:22:59.0265 1432 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:22:59.0265 1432 mraid35x - ok
16:22:59.0281 1432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:22:59.0296 1432 MRxDAV - ok
16:22:59.0343 1432 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:22:59.0343 1432 MSDV - ok
16:22:59.0343 1432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:22:59.0343 1432 Msfs - ok
16:22:59.0390 1432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:22:59.0390 1432 MSKSSRV - ok
16:22:59.0406 1432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:22:59.0406 1432 MSPCLOCK - ok
16:22:59.0421 1432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:22:59.0421 1432 MSPQM - ok
16:22:59.0453 1432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:22:59.0453 1432 mssmbios - ok
16:22:59.0468 1432 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:22:59.0468 1432 MSTEE - ok
16:22:59.0500 1432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:22:59.0500 1432 Mup - ok
16:22:59.0546 1432 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
16:22:59.0546 1432 MXOPSWD - ok
16:22:59.0578 1432 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:22:59.0578 1432 NABTSFEC - ok
16:22:59.0609 1432 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
16:22:59.0609 1432 NAL - ok
16:22:59.0625 1432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:22:59.0625 1432 NDIS - ok
16:22:59.0656 1432 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:22:59.0656 1432 NdisIP - ok
16:22:59.0687 1432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:22:59.0687 1432 NdisTapi - ok
16:22:59.0718 1432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:22:59.0718 1432 Ndisuio - ok
16:22:59.0734 1432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:22:59.0734 1432 NdisWan - ok
16:22:59.0765 1432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:22:59.0765 1432 NDProxy - ok
16:22:59.0812 1432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:22:59.0812 1432 NetBIOS - ok
16:22:59.0843 1432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:22:59.0843 1432 NetBT - ok
16:22:59.0875 1432 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:22:59.0875 1432 NIC1394 - ok
16:22:59.0906 1432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:22:59.0906 1432 Npfs - ok
16:22:59.0968 1432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:22:59.0984 1432 Ntfs - ok
16:23:00.0000 1432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:23:00.0000 1432 Null - ok
16:23:00.0093 1432 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:23:00.0109 1432 nv - ok
16:23:00.0156 1432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:23:00.0156 1432 NwlnkFlt - ok
16:23:00.0218 1432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:23:00.0218 1432 NwlnkFwd - ok
16:23:00.0218 1432 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:23:00.0218 1432 ohci1394 - ok
16:23:00.0265 1432 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
16:23:00.0265 1432 PalmUSBD - ok
16:23:00.0281 1432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:23:00.0281 1432 Parport - ok
16:23:00.0296 1432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:23:00.0296 1432 PartMgr - ok
16:23:00.0312 1432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:23:00.0312 1432 ParVdm - ok
16:23:00.0328 1432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:23:00.0328 1432 PCI - ok
16:23:00.0328 1432 PCIDump - ok
16:23:00.0359 1432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:23:00.0359 1432 PCIIde - ok
16:23:00.0406 1432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:23:00.0406 1432 Pcmcia - ok
16:23:00.0421 1432 PDCOMP - ok
16:23:00.0421 1432 PDFRAME - ok
16:23:00.0437 1432 PDRELI - ok
16:23:00.0437 1432 PDRFRAME - ok
16:23:00.0468 1432 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:23:00.0468 1432 perc2 - ok
16:23:00.0515 1432 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:23:00.0515 1432 perc2hib - ok
16:23:00.0562 1432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:23:00.0562 1432 PptpMiniport - ok
16:23:00.0578 1432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:23:00.0578 1432 PSched - ok
16:23:00.0593 1432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:23:00.0593 1432 Ptilink - ok
16:23:00.0609 1432 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:23:00.0609 1432 PxHelp20 - ok
16:23:00.0640 1432 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:23:00.0640 1432 ql1080 - ok
16:23:00.0640 1432 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:23:00.0640 1432 Ql10wnt - ok
16:23:00.0656 1432 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:23:00.0656 1432 ql12160 - ok
16:23:00.0671 1432 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:23:00.0671 1432 ql1240 - ok
16:23:00.0687 1432 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:23:00.0687 1432 ql1280 - ok
16:23:00.0687 1432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:23:00.0703 1432 RasAcd - ok
16:23:00.0718 1432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:23:00.0718 1432 Rasl2tp - ok
16:23:00.0734 1432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:23:00.0734 1432 RasPppoe - ok
16:23:00.0750 1432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:23:00.0750 1432 Raspti - ok
16:23:00.0765 1432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:23:00.0781 1432 Rdbss - ok
16:23:00.0781 1432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:23:00.0781 1432 RDPCDD - ok
16:23:00.0812 1432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:23:00.0812 1432 rdpdr - ok
16:23:00.0843 1432 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:23:00.0843 1432 RDPWD - ok
16:23:00.0890 1432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:23:00.0890 1432 redbook - ok
16:23:00.0968 1432 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:23:00.0968 1432 RimUsb - ok
16:23:01.0031 1432 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:23:01.0031 1432 RimVSerPort - ok
16:23:01.0046 1432 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:23:01.0046 1432 ROOTMODEM - ok
16:23:01.0093 1432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:23:01.0093 1432 Secdrv - ok
16:23:01.0140 1432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:23:01.0140 1432 serenum - ok
16:23:01.0156 1432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:23:01.0156 1432 Serial - ok
16:23:01.0218 1432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:23:01.0218 1432 Sfloppy - ok
16:23:01.0234 1432 Simbad - ok
16:23:01.0281 1432 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:23:01.0281 1432 sisagp - ok
16:23:01.0312 1432 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:23:01.0312 1432 SLIP - ok
16:23:01.0375 1432 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
16:23:01.0375 1432 sonypvs1 - ok
16:23:01.0421 1432 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:23:01.0421 1432 Sparrow - ok
16:23:01.0453 1432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:23:01.0453 1432 splitter - ok
16:23:01.0468 1432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:23:01.0468 1432 sr - ok
16:23:01.0546 1432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:23:01.0546 1432 Srv - ok
16:23:01.0593 1432 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:23:01.0593 1432 ssmdrv - ok
16:23:01.0703 1432 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
16:23:01.0703 1432 STHDA - ok
16:23:01.0734 1432 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:23:01.0734 1432 StillCam - ok
16:23:01.0781 1432 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:23:01.0781 1432 streamip - ok
16:23:01.0781 1432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:23:01.0781 1432 swenum - ok
16:23:01.0796 1432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:23:01.0796 1432 swmidi - ok
16:23:01.0859 1432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:23:01.0859 1432 symc810 - ok
16:23:01.0859 1432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:23:01.0859 1432 symc8xx - ok
16:23:01.0875 1432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:23:01.0875 1432 sym_hi - ok
16:23:01.0890 1432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:23:01.0890 1432 sym_u3 - ok
16:23:01.0921 1432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:23:01.0921 1432 sysaudio - ok
16:23:01.0984 1432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:23:01.0984 1432 Tcpip - ok
16:23:02.0015 1432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:23:02.0015 1432 TDPIPE - ok
16:23:02.0046 1432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:23:02.0046 1432 TDTCP - ok
16:23:02.0046 1432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:23:02.0046 1432 TermDD - ok
16:23:02.0093 1432 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:23:02.0093 1432 TosIde - ok
16:23:02.0171 1432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:23:02.0171 1432 Udfs - ok
16:23:02.0218 1432 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:23:02.0218 1432 ultra - ok
16:23:02.0265 1432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:23:02.0265 1432 Update - ok
16:23:02.0328 1432 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:23:02.0328 1432 usbaudio - ok
16:23:02.0406 1432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:23:02.0421 1432 usbccgp - ok
16:23:02.0437 1432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:23:02.0437 1432 usbehci - ok
16:23:02.0468 1432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:23:02.0468 1432 usbhub - ok
16:23:02.0500 1432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:23:02.0500 1432 usbprint - ok
16:23:02.0562 1432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:23:02.0562 1432 usbscan - ok
16:23:02.0593 1432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:23:02.0593 1432 USBSTOR - ok
16:23:02.0656 1432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:23:02.0656 1432 usbuhci - ok
16:23:02.0687 1432 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:23:02.0687 1432 usbvideo - ok
16:23:02.0718 1432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:23:02.0718 1432 VgaSave - ok
16:23:02.0796 1432 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:23:02.0812 1432 viaagp - ok
16:23:02.0859 1432 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:23:02.0859 1432 ViaIde - ok
16:23:02.0890 1432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:23:02.0890 1432 VolSnap - ok
16:23:02.0921 1432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:23:02.0921 1432 Wanarp - ok
16:23:02.0921 1432 wanatw - ok
16:23:03.0000 1432 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:23:03.0000 1432 Wdf01000 - ok
16:23:03.0000 1432 WDICA - ok
16:23:03.0015 1432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:23:03.0015 1432 wdmaud - ok
16:23:03.0078 1432 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:23:03.0078 1432 WinUSB - ok
16:23:03.0156 1432 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:23:03.0156 1432 WpdUsb - ok
16:23:03.0234 1432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:23:03.0234 1432 WS2IFSL - ok
16:23:03.0250 1432 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:23:03.0250 1432 WSTCODEC - ok
16:23:03.0312 1432 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:23:03.0312 1432 WudfPf - ok
16:23:03.0375 1432 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:23:03.0375 1432 WudfRd - ok
16:23:03.0406 1432 zumbus - ok
16:23:03.0437 1432 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
16:23:03.0468 1432 \Device\Harddisk0\DR0 - ok
16:23:03.0500 1432 Boot (0x1200) (8abd7d870be3d32e23831e57ba3156b6) \Device\Harddisk0\DR0\Partition0
16:23:03.0500 1432 \Device\Harddisk0\DR0\Partition0 - ok
16:23:03.0500 1432 ============================================================
16:23:03.0500 1432 Scan finished
16:23:03.0500 1432 ============================================================
16:23:03.0500 6008 Detected object count: 0
16:23:03.0500 6008 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 04:29 PM

How are things running?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 22 January 2012 - 04:33 PM

Update:

I just got a pop up from Avira saying that a Malware has been found.

Edited by dira, 22 January 2012 - 05:22 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 05:50 PM

Hello

Location is very important, we have backup folders and system restore that it could be reading



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Conduit Engine
StreamTorrent 1.0
Viewpoint Media Player


and click on remove


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 22 January 2012 - 06:59 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:49:55 PM, on 1/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Veetle\Player\player.exe
C:\Program Files\Veetle\Player\VeetleNet.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9280 bytes

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ML :: OWNER [administrator]

1/22/2012 6:34:22 PM
mbam-log-2012-01-22 (18-34-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242418
Time elapsed: 10 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


So far nothing popped up & PC seems to be working fine. Processes are high and I see some programs that aren't in use & are still showing in the processes. I don't want to touch anything because I don't know what I'm doing

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 22 January 2012 - 08:43 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 23 January 2012 - 09:18 AM

I ran the scan and it came up clean with no log. However, Avira still had a popup stating that there was a Malware found

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 23 January 2012 - 10:01 AM

Hello


"Avira still had a popup stating that there was a Malware found"

Let me have the location please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 23 January 2012 - 03:42 PM

I rebooted my computer and now its not there anymore. It comes and goes so if it pops up again I will let you know the location.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users