Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine links not right


  • This topic is locked This topic is locked
23 replies to this topic

#1 norsch

norsch

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 08 February 2012 - 11:12 AM

Hi I was directed here from http://www.bleepingcomputer.com/forums/topic441633.html/page__gopid__2589132#entry2589132
for a few days whenever I click a link from a search I get directed to the wrong page, this happens with any search engine, I have tried IE, firefox and chrome, the result is always the same. A scan with AVG free finds nothing, also Malwarebytes finds nothing, also when searching for images only two rows are shown (aprox 16 images), also I can't alter "safe search" settings. Please help
here are the logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Baz at 15:26:32 on 2012-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2254 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Baz\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{24702907-3D25-4BA9-B6D4-1608947BF7DF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2DE10312-981B-4099-BBCB-7774A2111D20} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2DE10312-981B-4099-BBCB-7774A2111D20}\241696273747F67775966496 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2DE10312-981B-4099-BBCB-7774A2111D20}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2DE10312-981B-4099-BBCB-7774A2111D20}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2DE10312-981B-4099-BBCB-7774A2111D20}\2456C6B696E6F5E413F575962756C6563737F5549354835424 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9CC7CA53-8301-40B7-980E-B6A32F7C0180} : NameServer = 217.171.132.1 217.171.135.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO-X64: Freecorder - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\25x65cr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Baz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Baz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\25x65cr9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-2-2 1740696]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-7-9 21560]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-7-24 275840]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-30 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-5 652360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-30 136176]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-08 11:44:09 -------- d-----w- C:\Users\Baz\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 11:43:32 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 11:43:32 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-07 17:36:49 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7563.tmp
2012-02-07 10:40:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-07 10:36:40 -------- d-s---w- C:\ComboFix
2012-02-07 10:25:35 388096 ----a-r- C:\Users\Baz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 10:25:35 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-05 17:57:04 -------- d-----w- C:\Users\Baz\AppData\Roaming\Malwarebytes
2012-02-05 17:56:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-05 17:56:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 11:20:10 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-05 11:20:09 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-05 11:20:08 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-05 11:20:08 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-05 11:20:08 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-05 11:20:08 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-02-02 12:36:39 -------- d-----w- C:\Users\Baz\AppData\Roaming\Birdstep Technology
2012-02-02 12:36:18 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
2012-02-02 12:36:18 -------- d-----w- C:\Program Files (x86)\3 Mobile Broadband
2012-02-02 11:47:39 -------- d-----w- C:\Users\Baz\AppData\Roaming\AVG
2012-02-02 11:42:12 -------- d-----w- C:\Users\Baz\AppData\Roaming\AVG2012
2012-02-02 11:41:13 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-02 11:40:47 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-02-01 18:37:46 -------- d-----w- C:\$WINDOWS.~BT
2012-01-25 11:17:24 -------- d--h--w- C:\Users\Baz\AppData\Local\visi_coupon
2012-01-20 20:10:16 -------- d--h--w- C:\ProgramData\Sony Ericsson
2012-01-20 20:10:16 -------- d-----w- C:\Program Files (x86)\Sony Ericsson
2012-01-19 17:38:58 -------- d-----w- C:\ProgramData\AVG2012
2012-01-16 14:18:22 -------- d-----w- C:\Program Files (x86)\Garmin
2012-01-13 13:21:16 -------- d--h--w- C:\Users\Baz\AppData\Roaming\Garmin
2012-01-13 10:24:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-01-13 10:24:11 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-01-13 10:23:27 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-01-13 10:23:27 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-01-13 10:01:59 84992 ----a-w- C:\Windows\System32\dot3api.dll
2012-01-13 10:00:23 -------- d-----w- C:\Windows\System32\SPReview
2012-01-13 09:59:43 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-11 10:41:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 10:41:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 10:41:25 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 10:41:25 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 10:41:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 10:41:21 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 10:41:09 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 10:41:09 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-13 10:49:34 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-13 10:49:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-29 19:41:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 11:46:13 67156 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:35:24.51 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 16:02:05
Windows 6.1.7601 Service Pack 1
Running: nl6yhqc7.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186ec1008
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186ec1008 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 08 February 2012 - 07:06 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 09 February 2012 - 07:21 AM

Had no problem running combofix, I can't find any other anti-virus software on the computer, just avg 2012, computer still has same problems

ComboFix 12-02-09.02 - Baz 09/02/2012 11:14:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2448 [GMT 0:00]
Running from: c:\users\Baz\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 11:46 . 2012-02-09 11:46 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-02-09 11:46 . 2012-02-09 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 11:44 . 2012-02-08 11:44 -------- d-----w- c:\users\Baz\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 11:43 . 2012-02-08 11:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-08 11:43 . 2012-02-08 11:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-07 17:36 . 2012-02-07 17:36 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7563.tmp
2012-02-07 10:25 . 2012-02-07 10:25 388096 ----a-r- c:\users\Baz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 10:25 . 2012-02-07 10:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\Mozilla
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Roaming\AVG2012
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\FLVService
2012-02-05 17:57 . 2012-02-05 17:57 -------- d-----w- c:\users\Baz\AppData\Roaming\Malwarebytes
2012-02-05 17:56 . 2012-02-07 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 17:56 . 2012-02-05 17:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 11:20 . 2012-02-05 11:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-05 11:20 . 2012-02-05 11:20 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-05 11:20 . 2012-02-05 11:20 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-05 11:20 . 2012-02-05 11:20 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-02 12:36 . 2012-02-02 12:36 -------- d-----w- c:\users\Baz\AppData\Roaming\Birdstep Technology
2012-02-02 12:36 . 2012-02-02 12:36 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-02-02 12:36 . 2011-03-23 16:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-02-02 11:47 . 2012-02-02 11:47 -------- d-----w- c:\users\Baz\AppData\Roaming\AVG
2012-02-02 11:41 . 2012-02-02 11:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-02 11:40 . 2012-02-09 09:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-01 18:37 . 2012-02-01 18:37 -------- d-----w- C:\$WINDOWS.~BT
2012-01-25 11:17 . 2012-01-25 11:17 -------- d--h--w- c:\users\Baz\AppData\Local\visi_coupon
2012-01-20 20:10 . 2012-01-20 20:10 -------- d--h--w- c:\programdata\Sony Ericsson
2012-01-20 20:10 . 2012-01-20 20:10 -------- d-----w- c:\program files (x86)\Sony Ericsson
2012-01-19 17:38 . 2012-02-07 17:39 -------- d-----w- c:\programdata\AVG2012
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files\DIFX
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files (x86)\Garmin
2012-01-13 13:21 . 2012-01-16 12:51 -------- d--h--w- c:\users\Baz\AppData\Roaming\Garmin
2012-01-13 10:24 . 2010-11-20 05:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-01-13 10:24 . 2010-11-20 04:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-01-13 10:23 . 2010-11-20 05:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-01-13 10:23 . 2010-11-20 05:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-13 10:01 . 2010-11-20 05:26 171520 ----a-w- c:\windows\system32\fde.dll
2012-01-13 10:00 . 2012-01-13 10:00 -------- d-----w- c:\windows\system32\SPReview
2012-01-13 09:59 . 2012-01-13 09:59 -------- d-----w- c:\windows\system32\EventProviders
2012-01-11 10:41 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 10:41 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 10:41 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 10:41 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 10:41 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 10:41 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 10:41 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 10:41 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 03:09 . 2011-05-13 01:43 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-05 03:08 . 2011-05-13 01:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-05 02:08 . 2011-04-15 15:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-13 10:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-13 10:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-29 19:41 . 2011-12-29 13:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-15 01:32 . 2011-04-15 15:48 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 21:20 . 2011-12-13 21:20 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-13 11:46 . 2011-12-13 11:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-11-24 04:52 . 2011-12-14 10:48 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-12-21 296056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003Core.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003UA.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\25x65cr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-09 12:06:13
ComboFix-quarantined-files.txt 2012-02-09 12:06
ComboFix2.txt 2012-02-07 10:14
.
Pre-Run: 466,598,014,976 bytes free
Post-Run: 466,620,055,552 bytes free
.
- - End Of File - - 1502F97E974332C79C89251324DC2470

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 09 February 2012 - 08:44 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\programdata\Microsoft\Windows\DRM
c:\program files (x86)\Freecorder
c:\program files (x86)\ConduitEngine
c:\progra~2\BEARSH~1\MediaBar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 09 February 2012 - 11:44 AM

no problems running the script, computer still the same

ComboFix 12-02-09.02 - Baz 09/02/2012 14:54:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2166 [GMT 0:00]
Running from: c:\users\Baz\Downloads\ComboFix.exe
Command switches used :: c:\users\Baz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\BEARSH~1\MediaBar
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\Freecorder
c:\program files (x86)\Freecorder\Applian_Audio_Plugin.dll
c:\program files (x86)\Freecorder\audgopher.dll
c:\program files (x86)\Freecorder\audhook.dll
c:\program files (x86)\Freecorder\FCAudio.exe
c:\program files (x86)\Freecorder\FCConv.exe
c:\program files (x86)\Freecorder\FCSettings.exe
c:\program files (x86)\Freecorder\FCVideo.exe
c:\program files (x86)\Freecorder\ffmpeg.exe
c:\program files (x86)\Freecorder\FLVPlayer.exe
c:\program files (x86)\Freecorder\FLVSrvc.exe
c:\program files (x86)\Freecorder\freecorder.exe
c:\program files (x86)\Freecorder\Freecorder.xpi
c:\program files (x86)\Freecorder\FreecorderToolbarHelper.exe
c:\program files (x86)\Freecorder\FreecorderToolbarHelper1.exe
c:\program files (x86)\Freecorder\GottenAppsContextMenu.xml
c:\program files (x86)\Freecorder\INSTALL.LOG
c:\program files (x86)\Freecorder\lame_enc.dll
c:\program files (x86)\Freecorder\OtherAppsContextMenu.xml
c:\program files (x86)\Freecorder\prxtbFre0.dll
c:\program files (x86)\Freecorder\sdl.dll
c:\program files (x86)\Freecorder\SharedAppsContextMenu.xml
c:\program files (x86)\Freecorder\tbFre0.dll
c:\program files (x86)\Freecorder\tbFre1.dll
c:\program files (x86)\Freecorder\tbFree.dll
c:\program files (x86)\Freecorder\toolbar.cfg
c:\program files (x86)\Freecorder\ToolbarContextMenu.xml
c:\program files (x86)\Freecorder\uninstall.exe
c:\program files (x86)\Freecorder\Uninstall\IRIMG1.JPG
c:\program files (x86)\Freecorder\Uninstall\IRIMG2.JPG
c:\program files (x86)\Freecorder\Uninstall\uninstallFC4.dat
c:\program files (x86)\Freecorder\Uninstall\uninstallFC4.xml
c:\program files (x86)\Freecorder\UNWISE.EXE
c:\program files (x86)\Freecorder\VistaAudioLib.dll
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\7563.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 15:30 . 2012-02-09 15:30 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-02-09 15:30 . 2012-02-09 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 11:44 . 2012-02-08 11:44 -------- d-----w- c:\users\Baz\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 11:43 . 2012-02-08 11:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-08 11:43 . 2012-02-08 11:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-07 10:25 . 2012-02-07 10:25 388096 ----a-r- c:\users\Baz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 10:25 . 2012-02-07 10:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\Mozilla
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Roaming\AVG2012
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\FLVService
2012-02-05 17:57 . 2012-02-05 17:57 -------- d-----w- c:\users\Baz\AppData\Roaming\Malwarebytes
2012-02-05 17:56 . 2012-02-07 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 17:56 . 2012-02-05 17:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 11:20 . 2012-02-05 11:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-05 11:20 . 2012-02-05 11:20 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-05 11:20 . 2012-02-05 11:20 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-05 11:20 . 2012-02-05 11:20 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-02 12:36 . 2012-02-02 12:36 -------- d-----w- c:\users\Baz\AppData\Roaming\Birdstep Technology
2012-02-02 12:36 . 2012-02-02 12:36 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-02-02 12:36 . 2011-03-23 16:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-02-02 11:47 . 2012-02-02 11:47 -------- d-----w- c:\users\Baz\AppData\Roaming\AVG
2012-02-02 11:41 . 2012-02-02 11:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-02 11:40 . 2012-02-09 09:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-01 18:37 . 2012-02-01 18:37 -------- d-----w- C:\$WINDOWS.~BT
2012-01-25 11:17 . 2012-01-25 11:17 -------- d--h--w- c:\users\Baz\AppData\Local\visi_coupon
2012-01-20 20:10 . 2012-01-20 20:10 -------- d--h--w- c:\programdata\Sony Ericsson
2012-01-20 20:10 . 2012-01-20 20:10 -------- d-----w- c:\program files (x86)\Sony Ericsson
2012-01-19 17:38 . 2012-02-07 17:39 -------- d-----w- c:\programdata\AVG2012
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files\DIFX
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files (x86)\Garmin
2012-01-13 13:21 . 2012-01-16 12:51 -------- d--h--w- c:\users\Baz\AppData\Roaming\Garmin
2012-01-13 10:24 . 2010-11-20 05:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-01-13 10:24 . 2010-11-20 04:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-01-13 10:23 . 2010-11-20 05:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-01-13 10:23 . 2010-11-20 05:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-13 10:01 . 2010-11-20 05:26 171520 ----a-w- c:\windows\system32\fde.dll
2012-01-13 10:00 . 2012-01-13 10:00 -------- d-----w- c:\windows\system32\SPReview
2012-01-13 09:59 . 2012-01-13 09:59 -------- d-----w- c:\windows\system32\EventProviders
2012-01-11 10:41 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 10:41 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 10:41 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 10:41 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 10:41 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 10:41 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 10:41 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 10:41 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 03:09 . 2011-05-13 01:43 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-05 03:08 . 2011-05-13 01:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-05 02:08 . 2011-04-15 15:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-13 10:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-13 10:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-29 19:41 . 2011-12-29 13:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-15 01:32 . 2011-04-15 15:48 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 21:20 . 2011-12-13 21:20 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-13 11:46 . 2011-12-13 11:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-11-24 04:52 . 2011-12-14 10:48 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_11.47.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-07 13:50 . 2012-02-09 15:50 35802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-09 15:50 35710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-09 10:21 . 2012-02-09 14:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 10:21 . 2012-02-08 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 10:21 . 2012-02-08 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-09 10:21 . 2012-02-09 14:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-08 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-09 14:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-09 23:02 . 2012-02-09 15:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 23:02 . 2012-02-08 12:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 23:02 . 2012-02-08 12:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-09 23:02 . 2012-02-09 15:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-07 13:16 . 2012-02-09 15:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-07 13:16 . 2012-02-08 12:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-30 11:38 . 2012-02-09 15:50 9356 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1173059759-332112944-699048419-1003_UserData.bin
- 2012-02-08 12:39 . 2012-02-08 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-09 15:48 . 2012-02-09 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-09 15:48 . 2012-02-09 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-08 12:39 . 2012-02-08 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-12-21 296056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003Core.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003UA.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\25x65cr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\Freecorder\prxtbFre0.dll
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\Freecorder\prxtbFre0.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
Toolbar-10 - (no file)
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files (x86)\Freecorder\prxtbFre0.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Freecorder Toolbar - c:\program files (x86)\Freecorder\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-02-09 16:10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 16:10
ComboFix2.txt 2012-02-09 12:06
ComboFix3.txt 2012-02-07 10:14
.
Pre-Run: 466,522,079,232 bytes free
Post-Run: 466,234,384,384 bytes free
.
- - End Of File - - BB6D5E81A2D75C5E27ACB147907FBEA3

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 09 February 2012 - 08:34 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 10 February 2012 - 04:33 AM

computer seems to be better only managed to use for half minuite as at work

09:06:34.0427 8804 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:06:36.0428 8804 ============================================================
09:06:36.0428 8804 Current date / time: 2012/02/10 09:06:36.0428
09:06:36.0428 8804 SystemInfo:
09:06:36.0428 8804
09:06:36.0429 8804 OS Version: 6.1.7601 ServicePack: 1.0
09:06:36.0429 8804 Product type: Workstation
09:06:36.0429 8804 ComputerName: BAZ-PC
09:06:36.0429 8804 UserName: Baz
09:06:36.0429 8804 Windows directory: C:\Windows
09:06:36.0429 8804 System windows directory: C:\Windows
09:06:36.0429 8804 Running under WOW64
09:06:36.0429 8804 Processor architecture: Intel x64
09:06:36.0429 8804 Number of processors: 2
09:06:36.0429 8804 Page size: 0x1000
09:06:36.0429 8804 Boot type: Normal boot
09:06:36.0429 8804 ============================================================
09:06:37.0352 8804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:06:37.0368 8804 \Device\Harddisk0\DR0:
09:06:37.0369 8804 MBR used
09:06:37.0369 8804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
09:06:37.0397 8804 Initialize success
09:06:37.0397 8804 ============================================================
09:06:50.0968 1328 ============================================================
09:06:50.0968 1328 Scan started
09:06:50.0968 1328 Mode: Manual;
09:06:50.0968 1328 ============================================================
09:06:52.0033 1328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:06:52.0037 1328 1394ohci - ok
09:06:52.0098 1328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:06:52.0109 1328 ACPI - ok
09:06:52.0185 1328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:06:52.0187 1328 AcpiPmi - ok
09:06:52.0263 1328 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
09:06:52.0265 1328 ACPIService - ok
09:06:52.0381 1328 ADIHdAudAddService (0fa60a409e1c8ab9a81901311d15393d) C:\Windows\system32\drivers\ADIHdAud.sys
09:06:52.0389 1328 ADIHdAudAddService - ok
09:06:52.0433 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:06:52.0441 1328 adp94xx - ok
09:06:52.0468 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:06:52.0474 1328 adpahci - ok
09:06:52.0497 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:06:52.0502 1328 adpu320 - ok
09:06:52.0575 1328 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:06:52.0583 1328 AFD - ok
09:06:52.0617 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:06:52.0620 1328 agp440 - ok
09:06:52.0680 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:06:52.0681 1328 aliide - ok
09:06:52.0694 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:06:52.0697 1328 amdide - ok
09:06:52.0749 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:06:52.0751 1328 AmdK8 - ok
09:06:52.0761 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:06:52.0765 1328 AmdPPM - ok
09:06:52.0822 1328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:06:52.0825 1328 amdsata - ok
09:06:52.0867 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:06:52.0872 1328 amdsbs - ok
09:06:52.0893 1328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:06:52.0894 1328 amdxata - ok
09:06:52.0935 1328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:06:52.0939 1328 AppID - ok
09:06:52.0994 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:06:52.0997 1328 arc - ok
09:06:53.0020 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:06:53.0042 1328 arcsas - ok
09:06:53.0089 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:06:53.0091 1328 AsyncMac - ok
09:06:53.0141 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:06:53.0141 1328 atapi - ok
09:06:53.0215 1328 AVerAVF2 (59e75082dc7da252592ec3489a2cf4ea) C:\Windows\system32\DRIVERS\AVerAVF2.sys
09:06:53.0244 1328 AVerAVF2 - ok
09:06:53.0320 1328 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:06:53.0323 1328 AVGIDSDriver - ok
09:06:53.0366 1328 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:06:53.0367 1328 AVGIDSEH - ok
09:06:53.0387 1328 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:06:53.0389 1328 AVGIDSFilter - ok
09:06:53.0421 1328 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:06:53.0426 1328 Avgldx64 - ok
09:06:53.0446 1328 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:06:53.0447 1328 Avgmfx64 - ok
09:06:53.0469 1328 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:06:53.0470 1328 Avgrkx64 - ok
09:06:53.0503 1328 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:06:53.0511 1328 Avgtdia - ok
09:06:53.0669 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:06:53.0701 1328 b06bdrv - ok
09:06:53.0731 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:06:53.0764 1328 b57nd60a - ok
09:06:53.0849 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:06:53.0854 1328 Beep - ok
09:06:53.0924 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:06:53.0926 1328 blbdrive - ok
09:06:53.0974 1328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:06:53.0976 1328 bowser - ok
09:06:53.0997 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:06:54.0000 1328 BrFiltLo - ok
09:06:54.0009 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:06:54.0019 1328 BrFiltUp - ok
09:06:54.0106 1328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:06:54.0130 1328 BridgeMP - ok
09:06:54.0148 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:06:54.0152 1328 Brserid - ok
09:06:54.0163 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:06:54.0167 1328 BrSerWdm - ok
09:06:54.0176 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:06:54.0180 1328 BrUsbMdm - ok
09:06:54.0193 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:06:54.0197 1328 BrUsbSer - ok
09:06:54.0292 1328 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:06:54.0295 1328 BthEnum - ok
09:06:54.0400 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:06:54.0406 1328 BTHMODEM - ok
09:06:54.0463 1328 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:06:54.0465 1328 BthPan - ok
09:06:54.0520 1328 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:06:54.0529 1328 BTHPORT - ok
09:06:54.0575 1328 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:06:54.0578 1328 BTHUSB - ok
09:06:54.0620 1328 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
09:06:54.0623 1328 btusbflt - ok
09:06:54.0787 1328 catchme - ok
09:06:54.0823 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:06:54.0825 1328 cdfs - ok
09:06:54.0879 1328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:06:54.0883 1328 cdrom - ok
09:06:54.0948 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:06:54.0950 1328 circlass - ok
09:06:54.0982 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:06:54.0988 1328 CLFS - ok
09:06:55.0073 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:06:55.0075 1328 CmBatt - ok
09:06:55.0108 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:06:55.0119 1328 cmdide - ok
09:06:55.0169 1328 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:06:55.0176 1328 CNG - ok
09:06:55.0191 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:06:55.0193 1328 Compbatt - ok
09:06:55.0241 1328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:06:55.0243 1328 CompositeBus - ok
09:06:55.0268 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:06:55.0270 1328 crcdisk - ok
09:06:55.0335 1328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:06:55.0337 1328 DfsC - ok
09:06:55.0354 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:06:55.0357 1328 discache - ok
09:06:55.0387 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:06:55.0389 1328 Disk - ok
09:06:55.0444 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:06:55.0445 1328 drmkaud - ok
09:06:55.0505 1328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:06:55.0528 1328 DXGKrnl - ok
09:06:55.0612 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:06:55.0673 1328 ebdrv - ok
09:06:55.0721 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:06:55.0730 1328 elxstor - ok
09:06:55.0751 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:06:55.0753 1328 ErrDev - ok
09:06:55.0829 1328 ewusbmbb (334c907536e815e56cd13108a6d5fb9d) C:\Windows\system32\DRIVERS\ewusbwwan.sys
09:06:55.0836 1328 ewusbmbb - ok
09:06:55.0877 1328 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
09:06:55.0880 1328 ew_hwusbdev - ok
09:06:55.0910 1328 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
09:06:55.0911 1328 ew_usbenumfilter - ok
09:06:55.0926 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:06:55.0931 1328 exfat - ok
09:06:55.0959 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:06:55.0963 1328 fastfat - ok
09:06:55.0991 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:06:55.0995 1328 fdc - ok
09:06:56.0011 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:06:56.0014 1328 FileInfo - ok
09:06:56.0048 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:06:56.0050 1328 Filetrace - ok
09:06:56.0059 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:06:56.0064 1328 flpydisk - ok
09:06:56.0115 1328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:06:56.0120 1328 FltMgr - ok
09:06:56.0142 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:06:56.0145 1328 FsDepends - ok
09:06:56.0166 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:06:56.0168 1328 Fs_Rec - ok
09:06:56.0232 1328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:06:56.0282 1328 fvevol - ok
09:06:56.0319 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:06:56.0321 1328 gagp30kx - ok
09:06:56.0419 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:06:56.0421 1328 hcw85cir - ok
09:06:56.0460 1328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:06:56.0466 1328 HdAudAddService - ok
09:06:56.0495 1328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:06:56.0498 1328 HDAudBus - ok
09:06:56.0531 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:06:56.0533 1328 HidBatt - ok
09:06:56.0572 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:06:56.0575 1328 HidBth - ok
09:06:56.0615 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:06:56.0617 1328 HidIr - ok
09:06:56.0681 1328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:06:56.0683 1328 HidUsb - ok
09:06:56.0733 1328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:06:56.0736 1328 HpSAMD - ok
09:06:56.0790 1328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:06:56.0811 1328 HTTP - ok
09:06:56.0872 1328 huawei_enumerator (1642c62f1fd5e1ff44608283994a7bb8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:06:56.0874 1328 huawei_enumerator - ok
09:06:56.0927 1328 hwdatacard (04d1de1e8ace40ca396502c90524e945) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:06:56.0932 1328 hwdatacard - ok
09:06:56.0966 1328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:06:56.0967 1328 hwpolicy - ok
09:06:57.0058 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:06:57.0061 1328 i8042prt - ok
09:06:57.0109 1328 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
09:06:57.0112 1328 iaStor - ok
09:06:57.0145 1328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:06:57.0151 1328 iaStorV - ok
09:06:57.0174 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:06:57.0176 1328 iirsp - ok
09:06:57.0225 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:06:57.0227 1328 intelide - ok
09:06:57.0249 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:06:57.0252 1328 intelppm - ok
09:06:57.0286 1328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:06:57.0289 1328 IpFilterDriver - ok
09:06:57.0327 1328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:06:57.0329 1328 IPMIDRV - ok
09:06:57.0347 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:06:57.0350 1328 IPNAT - ok
09:06:57.0401 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:06:57.0403 1328 IRENUM - ok
09:06:57.0444 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:06:57.0447 1328 isapnp - ok
09:06:57.0473 1328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:06:57.0478 1328 iScsiPrt - ok
09:06:57.0522 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:06:57.0524 1328 kbdclass - ok
09:06:57.0545 1328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:06:57.0547 1328 kbdhid - ok
09:06:57.0594 1328 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:06:57.0596 1328 KSecDD - ok
09:06:57.0618 1328 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:06:57.0622 1328 KSecPkg - ok
09:06:57.0640 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:06:57.0642 1328 ksthunk - ok
09:06:57.0705 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:06:57.0707 1328 lltdio - ok
09:06:57.0733 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:06:57.0736 1328 LSI_FC - ok
09:06:57.0753 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:06:57.0756 1328 LSI_SAS - ok
09:06:57.0771 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:06:57.0774 1328 LSI_SAS2 - ok
09:06:57.0787 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:06:57.0791 1328 LSI_SCSI - ok
09:06:57.0822 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:06:57.0824 1328 luafv - ok
09:06:57.0852 1328 MBAMProtector - ok
09:06:57.0887 1328 mdvrmng - ok
09:06:57.0915 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:06:57.0917 1328 megasas - ok
09:06:57.0950 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:06:57.0956 1328 MegaSR - ok
09:06:57.0983 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:06:57.0986 1328 Modem - ok
09:06:58.0010 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:06:58.0031 1328 monitor - ok
09:06:58.0069 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:06:58.0071 1328 mouclass - ok
09:06:58.0131 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:06:58.0133 1328 mouhid - ok
09:06:58.0173 1328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:06:58.0176 1328 mountmgr - ok
09:06:58.0235 1328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:06:58.0241 1328 mpio - ok
09:06:58.0280 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:06:58.0284 1328 mpsdrv - ok
09:06:58.0330 1328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:06:58.0334 1328 MRxDAV - ok
09:06:58.0373 1328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:06:58.0376 1328 mrxsmb - ok
09:06:58.0418 1328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:06:58.0423 1328 mrxsmb10 - ok
09:06:58.0443 1328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:06:58.0446 1328 mrxsmb20 - ok
09:06:58.0480 1328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:06:58.0481 1328 msahci - ok
09:06:58.0509 1328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:06:58.0512 1328 msdsm - ok
09:06:58.0544 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:06:58.0545 1328 Msfs - ok
09:06:58.0567 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:06:58.0570 1328 mshidkmdf - ok
09:06:58.0605 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:06:58.0606 1328 msisadrv - ok
09:06:58.0652 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:06:58.0654 1328 MSKSSRV - ok
09:06:58.0697 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:06:58.0699 1328 MSPCLOCK - ok
09:06:58.0722 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:06:58.0724 1328 MSPQM - ok
09:06:58.0764 1328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:06:58.0771 1328 MsRPC - ok
09:06:58.0796 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:06:58.0796 1328 mssmbios - ok
09:06:58.0820 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:06:58.0854 1328 MSTEE - ok
09:06:58.0876 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:06:58.0878 1328 MTConfig - ok
09:06:58.0893 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:06:58.0894 1328 Mup - ok
09:06:58.0951 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:06:58.0957 1328 NativeWifiP - ok
09:06:59.0011 1328 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:06:59.0050 1328 NDIS - ok
09:06:59.0098 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:06:59.0108 1328 NdisCap - ok
09:06:59.0153 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:06:59.0156 1328 NdisTapi - ok
09:06:59.0205 1328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:06:59.0208 1328 Ndisuio - ok
09:06:59.0232 1328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:06:59.0236 1328 NdisWan - ok
09:06:59.0281 1328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:06:59.0283 1328 NDProxy - ok
09:06:59.0306 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:06:59.0307 1328 NetBIOS - ok
09:06:59.0358 1328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:06:59.0364 1328 NetBT - ok
09:06:59.0495 1328 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
09:06:59.0520 1328 netr28ux - ok
09:06:59.0597 1328 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
09:06:59.0618 1328 netr28x - ok
09:06:59.0641 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:06:59.0644 1328 nfrd960 - ok
09:06:59.0693 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:06:59.0694 1328 Npfs - ok
09:06:59.0718 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:06:59.0720 1328 nsiproxy - ok
09:06:59.0798 1328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:06:59.0833 1328 Ntfs - ok
09:06:59.0853 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:06:59.0854 1328 Null - ok
09:07:00.0141 1328 nvlddmkm (8efef6e580b94845a196a368ef5be82a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:07:00.0385 1328 nvlddmkm - ok
09:07:00.0434 1328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:07:00.0438 1328 nvraid - ok
09:07:00.0498 1328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:07:00.0502 1328 nvstor - ok
09:07:00.0521 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:07:00.0524 1328 nv_agp - ok
09:07:00.0548 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:07:00.0550 1328 ohci1394 - ok
09:07:00.0572 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:07:00.0575 1328 Parport - ok
09:07:00.0614 1328 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:07:00.0616 1328 partmgr - ok
09:07:00.0644 1328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:07:00.0647 1328 pci - ok
09:07:00.0663 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:07:00.0664 1328 pciide - ok
09:07:00.0683 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:07:00.0688 1328 pcmcia - ok
09:07:00.0704 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:07:00.0705 1328 pcw - ok
09:07:00.0733 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:07:00.0750 1328 PEAUTH - ok
09:07:00.0826 1328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:07:00.0829 1328 PptpMiniport - ok
09:07:00.0849 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:07:00.0851 1328 Processor - ok
09:07:00.0930 1328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:07:00.0934 1328 Psched - ok
09:07:00.0981 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:07:01.0026 1328 ql2300 - ok
09:07:01.0048 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:07:01.0051 1328 ql40xx - ok
09:07:01.0080 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:07:01.0082 1328 QWAVEdrv - ok
09:07:01.0135 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:07:01.0139 1328 RasAcd - ok
09:07:01.0169 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:07:01.0173 1328 RasAgileVpn - ok
09:07:01.0218 1328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:07:01.0222 1328 Rasl2tp - ok
09:07:01.0245 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:07:01.0247 1328 RasPppoe - ok
09:07:01.0270 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:07:01.0273 1328 RasSstp - ok
09:07:01.0298 1328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:07:01.0303 1328 rdbss - ok
09:07:01.0325 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:07:01.0328 1328 rdpbus - ok
09:07:01.0344 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:01.0346 1328 RDPCDD - ok
09:07:01.0394 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:07:01.0396 1328 RDPENCDD - ok
09:07:01.0419 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:07:01.0421 1328 RDPREFMP - ok
09:07:01.0460 1328 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:07:01.0465 1328 RDPWD - ok
09:07:01.0509 1328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:07:01.0513 1328 rdyboost - ok
09:07:01.0574 1328 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:07:01.0578 1328 RFCOMM - ok
09:07:01.0631 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:07:01.0634 1328 rspndr - ok
09:07:01.0705 1328 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:07:01.0710 1328 RTL8167 - ok
09:07:01.0777 1328 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:07:01.0779 1328 SASDIFSV - ok
09:07:01.0794 1328 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:07:01.0796 1328 SASKUTIL - ok
09:07:01.0835 1328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:07:01.0837 1328 sbp2port - ok
09:07:01.0858 1328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:07:01.0860 1328 scfilter - ok
09:07:01.0886 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:07:01.0888 1328 secdrv - ok
09:07:01.0915 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:07:01.0918 1328 Serenum - ok
09:07:01.0934 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:07:01.0937 1328 Serial - ok
09:07:01.0970 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:07:01.0972 1328 sermouse - ok
09:07:02.0013 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:07:02.0015 1328 sffdisk - ok
09:07:02.0031 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:07:02.0033 1328 sffp_mmc - ok
09:07:02.0055 1328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:07:02.0057 1328 sffp_sd - ok
09:07:02.0077 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:07:02.0080 1328 sfloppy - ok
09:07:02.0108 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:07:02.0131 1328 SiSRaid2 - ok
09:07:02.0150 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:07:02.0152 1328 SiSRaid4 - ok
09:07:02.0200 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:07:02.0203 1328 Smb - ok
09:07:02.0237 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:07:02.0238 1328 spldr - ok
09:07:02.0301 1328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:07:02.0308 1328 srv - ok
09:07:02.0330 1328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:07:02.0336 1328 srv2 - ok
09:07:02.0360 1328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:07:02.0369 1328 srvnet - ok
09:07:02.0420 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:07:02.0423 1328 stexstor - ok
09:07:02.0488 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:07:02.0490 1328 swenum - ok
09:07:02.0580 1328 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:07:02.0615 1328 Tcpip - ok
09:07:02.0697 1328 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:07:02.0709 1328 TCPIP6 - ok
09:07:02.0756 1328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:07:02.0758 1328 tcpipreg - ok
09:07:02.0781 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:07:02.0783 1328 TDPIPE - ok
09:07:02.0804 1328 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:07:02.0806 1328 TDTCP - ok
09:07:02.0846 1328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:07:02.0849 1328 tdx - ok
09:07:02.0871 1328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:07:02.0873 1328 TermDD - ok
09:07:02.0952 1328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:02.0955 1328 tssecsrv - ok
09:07:03.0006 1328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:07:03.0009 1328 TsUsbFlt - ok
09:07:03.0064 1328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:07:03.0067 1328 tunnel - ok
09:07:03.0122 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:07:03.0125 1328 uagp35 - ok
09:07:03.0158 1328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:07:03.0165 1328 udfs - ok
09:07:03.0189 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:07:03.0192 1328 uliagpkx - ok
09:07:03.0214 1328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:07:03.0216 1328 umbus - ok
09:07:03.0237 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:07:03.0240 1328 UmPass - ok
09:07:03.0259 1328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:03.0262 1328 usbccgp - ok
09:07:03.0304 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:07:03.0307 1328 usbcir - ok
09:07:03.0327 1328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:07:03.0330 1328 usbehci - ok
09:07:03.0384 1328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:07:03.0391 1328 usbhub - ok
09:07:03.0413 1328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:07:03.0415 1328 usbohci - ok
09:07:03.0459 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:07:03.0461 1328 usbprint - ok
09:07:03.0496 1328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:03.0499 1328 USBSTOR - ok
09:07:03.0523 1328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
09:07:03.0525 1328 usbuhci - ok
09:07:03.0584 1328 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:07:03.0588 1328 usbvideo - ok
09:07:03.0629 1328 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
09:07:03.0631 1328 usb_rndisx - ok
09:07:03.0681 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:07:03.0683 1328 vdrvroot - ok
09:07:03.0703 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:03.0705 1328 vga - ok
09:07:03.0722 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:07:03.0725 1328 VgaSave - ok
09:07:03.0746 1328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:07:03.0750 1328 vhdmp - ok
09:07:03.0786 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:07:03.0789 1328 viaide - ok
09:07:03.0808 1328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:07:03.0811 1328 volmgr - ok
09:07:03.0861 1328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:07:03.0866 1328 volmgrx - ok
09:07:03.0881 1328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:07:03.0885 1328 volsnap - ok
09:07:03.0909 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:07:03.0913 1328 vsmraid - ok
09:07:03.0939 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:07:03.0941 1328 vwifibus - ok
09:07:03.0962 1328 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:07:03.0965 1328 vwififlt - ok
09:07:04.0005 1328 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:07:04.0006 1328 vwifimp - ok
09:07:04.0036 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:07:04.0039 1328 WacomPen - ok
09:07:04.0078 1328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:04.0081 1328 WANARP - ok
09:07:04.0086 1328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:04.0087 1328 Wanarpv6 - ok
09:07:04.0152 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:07:04.0154 1328 Wd - ok
09:07:04.0182 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:07:04.0202 1328 Wdf01000 - ok
09:07:04.0260 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:07:04.0262 1328 WfpLwf - ok
09:07:04.0288 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:07:04.0290 1328 WIMMount - ok
09:07:04.0369 1328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
09:07:04.0371 1328 WinUsb - ok
09:07:04.0408 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:07:04.0410 1328 WmiAcpi - ok
09:07:04.0470 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:07:04.0477 1328 ws2ifsl - ok
09:07:04.0524 1328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:07:04.0527 1328 WudfPf - ok
09:07:04.0551 1328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:04.0556 1328 WUDFRd - ok
09:07:04.0656 1328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:07:04.0683 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:07:04.0683 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:07:04.0707 1328 Boot (0x1200) (78b02cadd1292ed3e3f9ab98264fb844) \Device\Harddisk0\DR0\Partition0
09:07:04.0709 1328 \Device\Harddisk0\DR0\Partition0 - ok
09:07:04.0711 1328 ============================================================
09:07:04.0711 1328 Scan finished
09:07:04.0711 1328 ============================================================
09:07:04.0724 8772 Detected object count: 1
09:07:04.0724 8772 Actual detected object count: 1
09:07:25.0333 8772 \Device\Harddisk0\DR0\# - copied to quarantine
09:07:25.0333 8772 \Device\Harddisk0\DR0 - copied to quarantine
09:07:25.0565 8772 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:07:25.0567 8772 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
09:07:25.0569 8772 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
09:07:25.0570 8772 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
09:07:25.0572 8772 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
09:07:25.0574 8772 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
09:07:25.0576 8772 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
09:07:25.0578 8772 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
09:07:25.0579 8772 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
09:07:25.0581 8772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:07:25.0583 8772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:07:25.0585 8772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:07:25.0588 8772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:07:25.0591 8772 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
09:07:25.0592 8772 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
09:07:25.0594 8772 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
09:07:25.0596 8772 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
09:07:25.0630 8772 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
09:07:25.0649 8772 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
09:07:25.0704 8772 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
09:07:25.0776 8772 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
09:07:25.0795 8772 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
09:07:25.0973 8772 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
09:07:25.0976 8772 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
09:07:25.0979 8772 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
09:07:25.0998 8772 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
09:07:26.0006 8772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
09:07:26.0008 8772 \Device\Harddisk0\DR0 - ok
09:07:26.0385 8772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
09:07:30.0373 8204 Deinitialize success

#8 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 10 February 2012 - 05:00 AM

computer seems to be better only managed to use for half minuite as at work

09:06:34.0427 8804 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:06:36.0428 8804 ============================================================
09:06:36.0428 8804 Current date / time: 2012/02/10 09:06:36.0428
09:06:36.0428 8804 SystemInfo:
09:06:36.0428 8804
09:06:36.0429 8804 OS Version: 6.1.7601 ServicePack: 1.0
09:06:36.0429 8804 Product type: Workstation
09:06:36.0429 8804 ComputerName: BAZ-PC
09:06:36.0429 8804 UserName: Baz
09:06:36.0429 8804 Windows directory: C:\Windows
09:06:36.0429 8804 System windows directory: C:\Windows
09:06:36.0429 8804 Running under WOW64
09:06:36.0429 8804 Processor architecture: Intel x64
09:06:36.0429 8804 Number of processors: 2
09:06:36.0429 8804 Page size: 0x1000
09:06:36.0429 8804 Boot type: Normal boot
09:06:36.0429 8804 ============================================================
09:06:37.0352 8804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:06:37.0368 8804 \Device\Harddisk0\DR0:
09:06:37.0369 8804 MBR used
09:06:37.0369 8804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
09:06:37.0397 8804 Initialize success
09:06:37.0397 8804 ============================================================
09:06:50.0968 1328 ============================================================
09:06:50.0968 1328 Scan started
09:06:50.0968 1328 Mode: Manual;
09:06:50.0968 1328 ============================================================
09:06:52.0033 1328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:06:52.0037 1328 1394ohci - ok
09:06:52.0098 1328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:06:52.0109 1328 ACPI - ok
09:06:52.0185 1328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:06:52.0187 1328 AcpiPmi - ok
09:06:52.0263 1328 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
09:06:52.0265 1328 ACPIService - ok
09:06:52.0381 1328 ADIHdAudAddService (0fa60a409e1c8ab9a81901311d15393d) C:\Windows\system32\drivers\ADIHdAud.sys
09:06:52.0389 1328 ADIHdAudAddService - ok
09:06:52.0433 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:06:52.0441 1328 adp94xx - ok
09:06:52.0468 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:06:52.0474 1328 adpahci - ok
09:06:52.0497 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:06:52.0502 1328 adpu320 - ok
09:06:52.0575 1328 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:06:52.0583 1328 AFD - ok
09:06:52.0617 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:06:52.0620 1328 agp440 - ok
09:06:52.0680 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:06:52.0681 1328 aliide - ok
09:06:52.0694 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:06:52.0697 1328 amdide - ok
09:06:52.0749 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:06:52.0751 1328 AmdK8 - ok
09:06:52.0761 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:06:52.0765 1328 AmdPPM - ok
09:06:52.0822 1328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:06:52.0825 1328 amdsata - ok
09:06:52.0867 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:06:52.0872 1328 amdsbs - ok
09:06:52.0893 1328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:06:52.0894 1328 amdxata - ok
09:06:52.0935 1328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:06:52.0939 1328 AppID - ok
09:06:52.0994 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:06:52.0997 1328 arc - ok
09:06:53.0020 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:06:53.0042 1328 arcsas - ok
09:06:53.0089 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:06:53.0091 1328 AsyncMac - ok
09:06:53.0141 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:06:53.0141 1328 atapi - ok
09:06:53.0215 1328 AVerAVF2 (59e75082dc7da252592ec3489a2cf4ea) C:\Windows\system32\DRIVERS\AVerAVF2.sys
09:06:53.0244 1328 AVerAVF2 - ok
09:06:53.0320 1328 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:06:53.0323 1328 AVGIDSDriver - ok
09:06:53.0366 1328 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:06:53.0367 1328 AVGIDSEH - ok
09:06:53.0387 1328 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:06:53.0389 1328 AVGIDSFilter - ok
09:06:53.0421 1328 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:06:53.0426 1328 Avgldx64 - ok
09:06:53.0446 1328 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:06:53.0447 1328 Avgmfx64 - ok
09:06:53.0469 1328 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:06:53.0470 1328 Avgrkx64 - ok
09:06:53.0503 1328 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:06:53.0511 1328 Avgtdia - ok
09:06:53.0669 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:06:53.0701 1328 b06bdrv - ok
09:06:53.0731 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:06:53.0764 1328 b57nd60a - ok
09:06:53.0849 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:06:53.0854 1328 Beep - ok
09:06:53.0924 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:06:53.0926 1328 blbdrive - ok
09:06:53.0974 1328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:06:53.0976 1328 bowser - ok
09:06:53.0997 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:06:54.0000 1328 BrFiltLo - ok
09:06:54.0009 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:06:54.0019 1328 BrFiltUp - ok
09:06:54.0106 1328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:06:54.0130 1328 BridgeMP - ok
09:06:54.0148 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:06:54.0152 1328 Brserid - ok
09:06:54.0163 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:06:54.0167 1328 BrSerWdm - ok
09:06:54.0176 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:06:54.0180 1328 BrUsbMdm - ok
09:06:54.0193 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:06:54.0197 1328 BrUsbSer - ok
09:06:54.0292 1328 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:06:54.0295 1328 BthEnum - ok
09:06:54.0400 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:06:54.0406 1328 BTHMODEM - ok
09:06:54.0463 1328 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:06:54.0465 1328 BthPan - ok
09:06:54.0520 1328 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:06:54.0529 1328 BTHPORT - ok
09:06:54.0575 1328 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:06:54.0578 1328 BTHUSB - ok
09:06:54.0620 1328 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
09:06:54.0623 1328 btusbflt - ok
09:06:54.0787 1328 catchme - ok
09:06:54.0823 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:06:54.0825 1328 cdfs - ok
09:06:54.0879 1328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:06:54.0883 1328 cdrom - ok
09:06:54.0948 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:06:54.0950 1328 circlass - ok
09:06:54.0982 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:06:54.0988 1328 CLFS - ok
09:06:55.0073 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:06:55.0075 1328 CmBatt - ok
09:06:55.0108 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:06:55.0119 1328 cmdide - ok
09:06:55.0169 1328 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:06:55.0176 1328 CNG - ok
09:06:55.0191 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:06:55.0193 1328 Compbatt - ok
09:06:55.0241 1328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:06:55.0243 1328 CompositeBus - ok
09:06:55.0268 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:06:55.0270 1328 crcdisk - ok
09:06:55.0335 1328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:06:55.0337 1328 DfsC - ok
09:06:55.0354 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:06:55.0357 1328 discache - ok
09:06:55.0387 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:06:55.0389 1328 Disk - ok
09:06:55.0444 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:06:55.0445 1328 drmkaud - ok
09:06:55.0505 1328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:06:55.0528 1328 DXGKrnl - ok
09:06:55.0612 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:06:55.0673 1328 ebdrv - ok
09:06:55.0721 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:06:55.0730 1328 elxstor - ok
09:06:55.0751 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:06:55.0753 1328 ErrDev - ok
09:06:55.0829 1328 ewusbmbb (334c907536e815e56cd13108a6d5fb9d) C:\Windows\system32\DRIVERS\ewusbwwan.sys
09:06:55.0836 1328 ewusbmbb - ok
09:06:55.0877 1328 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
09:06:55.0880 1328 ew_hwusbdev - ok
09:06:55.0910 1328 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
09:06:55.0911 1328 ew_usbenumfilter - ok
09:06:55.0926 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:06:55.0931 1328 exfat - ok
09:06:55.0959 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:06:55.0963 1328 fastfat - ok
09:06:55.0991 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:06:55.0995 1328 fdc - ok
09:06:56.0011 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:06:56.0014 1328 FileInfo - ok
09:06:56.0048 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:06:56.0050 1328 Filetrace - ok
09:06:56.0059 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:06:56.0064 1328 flpydisk - ok
09:06:56.0115 1328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:06:56.0120 1328 FltMgr - ok
09:06:56.0142 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:06:56.0145 1328 FsDepends - ok
09:06:56.0166 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:06:56.0168 1328 Fs_Rec - ok
09:06:56.0232 1328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:06:56.0282 1328 fvevol - ok
09:06:56.0319 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:06:56.0321 1328 gagp30kx - ok
09:06:56.0419 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:06:56.0421 1328 hcw85cir - ok
09:06:56.0460 1328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:06:56.0466 1328 HdAudAddService - ok
09:06:56.0495 1328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:06:56.0498 1328 HDAudBus - ok
09:06:56.0531 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:06:56.0533 1328 HidBatt - ok
09:06:56.0572 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:06:56.0575 1328 HidBth - ok
09:06:56.0615 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:06:56.0617 1328 HidIr - ok
09:06:56.0681 1328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:06:56.0683 1328 HidUsb - ok
09:06:56.0733 1328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:06:56.0736 1328 HpSAMD - ok
09:06:56.0790 1328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:06:56.0811 1328 HTTP - ok
09:06:56.0872 1328 huawei_enumerator (1642c62f1fd5e1ff44608283994a7bb8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:06:56.0874 1328 huawei_enumerator - ok
09:06:56.0927 1328 hwdatacard (04d1de1e8ace40ca396502c90524e945) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:06:56.0932 1328 hwdatacard - ok
09:06:56.0966 1328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:06:56.0967 1328 hwpolicy - ok
09:06:57.0058 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:06:57.0061 1328 i8042prt - ok
09:06:57.0109 1328 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
09:06:57.0112 1328 iaStor - ok
09:06:57.0145 1328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:06:57.0151 1328 iaStorV - ok
09:06:57.0174 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:06:57.0176 1328 iirsp - ok
09:06:57.0225 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:06:57.0227 1328 intelide - ok
09:06:57.0249 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:06:57.0252 1328 intelppm - ok
09:06:57.0286 1328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:06:57.0289 1328 IpFilterDriver - ok
09:06:57.0327 1328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:06:57.0329 1328 IPMIDRV - ok
09:06:57.0347 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:06:57.0350 1328 IPNAT - ok
09:06:57.0401 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:06:57.0403 1328 IRENUM - ok
09:06:57.0444 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:06:57.0447 1328 isapnp - ok
09:06:57.0473 1328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:06:57.0478 1328 iScsiPrt - ok
09:06:57.0522 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:06:57.0524 1328 kbdclass - ok
09:06:57.0545 1328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:06:57.0547 1328 kbdhid - ok
09:06:57.0594 1328 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:06:57.0596 1328 KSecDD - ok
09:06:57.0618 1328 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:06:57.0622 1328 KSecPkg - ok
09:06:57.0640 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:06:57.0642 1328 ksthunk - ok
09:06:57.0705 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:06:57.0707 1328 lltdio - ok
09:06:57.0733 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:06:57.0736 1328 LSI_FC - ok
09:06:57.0753 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:06:57.0756 1328 LSI_SAS - ok
09:06:57.0771 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:06:57.0774 1328 LSI_SAS2 - ok
09:06:57.0787 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:06:57.0791 1328 LSI_SCSI - ok
09:06:57.0822 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:06:57.0824 1328 luafv - ok
09:06:57.0852 1328 MBAMProtector - ok
09:06:57.0887 1328 mdvrmng - ok
09:06:57.0915 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:06:57.0917 1328 megasas - ok
09:06:57.0950 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:06:57.0956 1328 MegaSR - ok
09:06:57.0983 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:06:57.0986 1328 Modem - ok
09:06:58.0010 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:06:58.0031 1328 monitor - ok
09:06:58.0069 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:06:58.0071 1328 mouclass - ok
09:06:58.0131 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:06:58.0133 1328 mouhid - ok
09:06:58.0173 1328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:06:58.0176 1328 mountmgr - ok
09:06:58.0235 1328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:06:58.0241 1328 mpio - ok
09:06:58.0280 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:06:58.0284 1328 mpsdrv - ok
09:06:58.0330 1328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:06:58.0334 1328 MRxDAV - ok
09:06:58.0373 1328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:06:58.0376 1328 mrxsmb - ok
09:06:58.0418 1328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:06:58.0423 1328 mrxsmb10 - ok
09:06:58.0443 1328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:06:58.0446 1328 mrxsmb20 - ok
09:06:58.0480 1328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:06:58.0481 1328 msahci - ok
09:06:58.0509 1328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:06:58.0512 1328 msdsm - ok
09:06:58.0544 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:06:58.0545 1328 Msfs - ok
09:06:58.0567 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:06:58.0570 1328 mshidkmdf - ok
09:06:58.0605 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:06:58.0606 1328 msisadrv - ok
09:06:58.0652 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:06:58.0654 1328 MSKSSRV - ok
09:06:58.0697 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:06:58.0699 1328 MSPCLOCK - ok
09:06:58.0722 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:06:58.0724 1328 MSPQM - ok
09:06:58.0764 1328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:06:58.0771 1328 MsRPC - ok
09:06:58.0796 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:06:58.0796 1328 mssmbios - ok
09:06:58.0820 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:06:58.0854 1328 MSTEE - ok
09:06:58.0876 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:06:58.0878 1328 MTConfig - ok
09:06:58.0893 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:06:58.0894 1328 Mup - ok
09:06:58.0951 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:06:58.0957 1328 NativeWifiP - ok
09:06:59.0011 1328 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:06:59.0050 1328 NDIS - ok
09:06:59.0098 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:06:59.0108 1328 NdisCap - ok
09:06:59.0153 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:06:59.0156 1328 NdisTapi - ok
09:06:59.0205 1328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:06:59.0208 1328 Ndisuio - ok
09:06:59.0232 1328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:06:59.0236 1328 NdisWan - ok
09:06:59.0281 1328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:06:59.0283 1328 NDProxy - ok
09:06:59.0306 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:06:59.0307 1328 NetBIOS - ok
09:06:59.0358 1328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:06:59.0364 1328 NetBT - ok
09:06:59.0495 1328 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
09:06:59.0520 1328 netr28ux - ok
09:06:59.0597 1328 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
09:06:59.0618 1328 netr28x - ok
09:06:59.0641 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:06:59.0644 1328 nfrd960 - ok
09:06:59.0693 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:06:59.0694 1328 Npfs - ok
09:06:59.0718 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:06:59.0720 1328 nsiproxy - ok
09:06:59.0798 1328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:06:59.0833 1328 Ntfs - ok
09:06:59.0853 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:06:59.0854 1328 Null - ok
09:07:00.0141 1328 nvlddmkm (8efef6e580b94845a196a368ef5be82a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:07:00.0385 1328 nvlddmkm - ok
09:07:00.0434 1328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:07:00.0438 1328 nvraid - ok
09:07:00.0498 1328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:07:00.0502 1328 nvstor - ok
09:07:00.0521 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:07:00.0524 1328 nv_agp - ok
09:07:00.0548 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:07:00.0550 1328 ohci1394 - ok
09:07:00.0572 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:07:00.0575 1328 Parport - ok
09:07:00.0614 1328 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:07:00.0616 1328 partmgr - ok
09:07:00.0644 1328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:07:00.0647 1328 pci - ok
09:07:00.0663 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:07:00.0664 1328 pciide - ok
09:07:00.0683 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:07:00.0688 1328 pcmcia - ok
09:07:00.0704 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:07:00.0705 1328 pcw - ok
09:07:00.0733 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:07:00.0750 1328 PEAUTH - ok
09:07:00.0826 1328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:07:00.0829 1328 PptpMiniport - ok
09:07:00.0849 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:07:00.0851 1328 Processor - ok
09:07:00.0930 1328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:07:00.0934 1328 Psched - ok
09:07:00.0981 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:07:01.0026 1328 ql2300 - ok
09:07:01.0048 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:07:01.0051 1328 ql40xx - ok
09:07:01.0080 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:07:01.0082 1328 QWAVEdrv - ok
09:07:01.0135 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:07:01.0139 1328 RasAcd - ok
09:07:01.0169 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:07:01.0173 1328 RasAgileVpn - ok
09:07:01.0218 1328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:07:01.0222 1328 Rasl2tp - ok
09:07:01.0245 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:07:01.0247 1328 RasPppoe - ok
09:07:01.0270 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:07:01.0273 1328 RasSstp - ok
09:07:01.0298 1328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:07:01.0303 1328 rdbss - ok
09:07:01.0325 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:07:01.0328 1328 rdpbus - ok
09:07:01.0344 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:01.0346 1328 RDPCDD - ok
09:07:01.0394 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:07:01.0396 1328 RDPENCDD - ok
09:07:01.0419 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:07:01.0421 1328 RDPREFMP - ok
09:07:01.0460 1328 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:07:01.0465 1328 RDPWD - ok
09:07:01.0509 1328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:07:01.0513 1328 rdyboost - ok
09:07:01.0574 1328 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:07:01.0578 1328 RFCOMM - ok
09:07:01.0631 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:07:01.0634 1328 rspndr - ok
09:07:01.0705 1328 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:07:01.0710 1328 RTL8167 - ok
09:07:01.0777 1328 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:07:01.0779 1328 SASDIFSV - ok
09:07:01.0794 1328 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:07:01.0796 1328 SASKUTIL - ok
09:07:01.0835 1328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:07:01.0837 1328 sbp2port - ok
09:07:01.0858 1328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:07:01.0860 1328 scfilter - ok
09:07:01.0886 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:07:01.0888 1328 secdrv - ok
09:07:01.0915 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:07:01.0918 1328 Serenum - ok
09:07:01.0934 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:07:01.0937 1328 Serial - ok
09:07:01.0970 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:07:01.0972 1328 sermouse - ok
09:07:02.0013 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:07:02.0015 1328 sffdisk - ok
09:07:02.0031 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:07:02.0033 1328 sffp_mmc - ok
09:07:02.0055 1328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:07:02.0057 1328 sffp_sd - ok
09:07:02.0077 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:07:02.0080 1328 sfloppy - ok
09:07:02.0108 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:07:02.0131 1328 SiSRaid2 - ok
09:07:02.0150 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:07:02.0152 1328 SiSRaid4 - ok
09:07:02.0200 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:07:02.0203 1328 Smb - ok
09:07:02.0237 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:07:02.0238 1328 spldr - ok
09:07:02.0301 1328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:07:02.0308 1328 srv - ok
09:07:02.0330 1328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:07:02.0336 1328 srv2 - ok
09:07:02.0360 1328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:07:02.0369 1328 srvnet - ok
09:07:02.0420 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:07:02.0423 1328 stexstor - ok
09:07:02.0488 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:07:02.0490 1328 swenum - ok
09:07:02.0580 1328 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:07:02.0615 1328 Tcpip - ok
09:07:02.0697 1328 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:07:02.0709 1328 TCPIP6 - ok
09:07:02.0756 1328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:07:02.0758 1328 tcpipreg - ok
09:07:02.0781 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:07:02.0783 1328 TDPIPE - ok
09:07:02.0804 1328 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:07:02.0806 1328 TDTCP - ok
09:07:02.0846 1328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:07:02.0849 1328 tdx - ok
09:07:02.0871 1328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:07:02.0873 1328 TermDD - ok
09:07:02.0952 1328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:02.0955 1328 tssecsrv - ok
09:07:03.0006 1328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:07:03.0009 1328 TsUsbFlt - ok
09:07:03.0064 1328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:07:03.0067 1328 tunnel - ok
09:07:03.0122 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:07:03.0125 1328 uagp35 - ok
09:07:03.0158 1328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:07:03.0165 1328 udfs - ok
09:07:03.0189 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:07:03.0192 1328 uliagpkx - ok
09:07:03.0214 1328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:07:03.0216 1328 umbus - ok
09:07:03.0237 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:07:03.0240 1328 UmPass - ok
09:07:03.0259 1328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:03.0262 1328 usbccgp - ok
09:07:03.0304 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:07:03.0307 1328 usbcir - ok
09:07:03.0327 1328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:07:03.0330 1328 usbehci - ok
09:07:03.0384 1328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:07:03.0391 1328 usbhub - ok
09:07:03.0413 1328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:07:03.0415 1328 usbohci - ok
09:07:03.0459 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:07:03.0461 1328 usbprint - ok
09:07:03.0496 1328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:03.0499 1328 USBSTOR - ok
09:07:03.0523 1328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
09:07:03.0525 1328 usbuhci - ok
09:07:03.0584 1328 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:07:03.0588 1328 usbvideo - ok
09:07:03.0629 1328 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
09:07:03.0631 1328 usb_rndisx - ok
09:07:03.0681 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:07:03.0683 1328 vdrvroot - ok
09:07:03.0703 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:03.0705 1328 vga - ok
09:07:03.0722 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:07:03.0725 1328 VgaSave - ok
09:07:03.0746 1328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:07:03.0750 1328 vhdmp - ok
09:07:03.0786 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:07:03.0789 1328 viaide - ok
09:07:03.0808 1328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:07:03.0811 1328 volmgr - ok
09:07:03.0861 1328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:07:03.0866 1328 volmgrx - ok
09:07:03.0881 1328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:07:03.0885 1328 volsnap - ok
09:07:03.0909 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:07:03.0913 1328 vsmraid - ok
09:07:03.0939 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:07:03.0941 1328 vwifibus - ok
09:07:03.0962 1328 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:07:03.0965 1328 vwififlt - ok
09:07:04.0005 1328 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:07:04.0006 1328 vwifimp - ok
09:07:04.0036 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:07:04.0039 1328 WacomPen - ok
09:07:04.0078 1328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:04.0081 1328 WANARP - ok
09:07:04.0086 1328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:04.0087 1328 Wanarpv6 - ok
09:07:04.0152 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:07:04.0154 1328 Wd - ok
09:07:04.0182 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:07:04.0202 1328 Wdf01000 - ok
09:07:04.0260 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:07:04.0262 1328 WfpLwf - ok
09:07:04.0288 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:07:04.0290 1328 WIMMount - ok
09:07:04.0369 1328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
09:07:04.0371 1328 WinUsb - ok
09:07:04.0408 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:07:04.0410 1328 WmiAcpi - ok
09:07:04.0470 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:07:04.0477 1328 ws2ifsl - ok
09:07:04.0524 1328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:07:04.0527 1328 WudfPf - ok
09:07:04.0551 1328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:04.0556 1328 WUDFRd - ok
09:07:04.0656 1328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:07:04.0683 1328 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:07:04.0683 1328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:07:04.0707 1328 Boot (0x1200) (78b02cadd1292ed3e3f9ab98264fb844) \Device\Harddisk0\DR0\Partition0
09:07:04.0709 1328 \Device\Harddisk0\DR0\Partition0 - ok
09:07:04.0711 1328 ============================================================
09:07:04.0711 1328 Scan finished
09:07:04.0711 1328 ============================================================
09:07:04.0724 8772 Detected object count: 1
09:07:04.0724 8772 Actual detected object count: 1
09:07:25.0333 8772 \Device\Harddisk0\DR0\# - copied to quarantine
09:07:25.0333 8772 \Device\Harddisk0\DR0 - copied to quarantine
09:07:25.0565 8772 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:07:25.0567 8772 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
09:07:25.0569 8772 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
09:07:25.0570 8772 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
09:07:25.0572 8772 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
09:07:25.0574 8772 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
09:07:25.0576 8772 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
09:07:25.0578 8772 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
09:07:25.0579 8772 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
09:07:25.0581 8772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:07:25.0583 8772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:07:25.0585 8772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:07:25.0588 8772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:07:25.0591 8772 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
09:07:25.0592 8772 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
09:07:25.0594 8772 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
09:07:25.0596 8772 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
09:07:25.0630 8772 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
09:07:25.0649 8772 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
09:07:25.0704 8772 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
09:07:25.0776 8772 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
09:07:25.0795 8772 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
09:07:25.0973 8772 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
09:07:25.0976 8772 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
09:07:25.0979 8772 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
09:07:25.0998 8772 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
09:07:26.0006 8772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
09:07:26.0008 8772 \Device\Harddisk0\DR0 - ok
09:07:26.0385 8772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
09:07:30.0373 8204 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 10 February 2012 - 06:14 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 10 February 2012 - 08:04 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 12:25:59
-----------------------------
12:25:59.594 OS Version: Windows x64 6.1.7601 Service Pack 1
12:25:59.594 Number of processors: 2 586 0x170A
12:25:59.595 ComputerName: BAZ-PC UserName: Baz
12:26:00.784 Initialize success
12:27:41.000 AVAST engine defs: 12021000
12:27:58.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:27:58.060 Disk 0 Vendor: ST350062 HP24 Size: 476940MB BusType: 3
12:27:58.076 Disk 0 MBR read successfully
12:27:58.080 Disk 0 MBR scan
12:27:58.098 Disk 0 Windows 7 default MBR code
12:27:58.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:27:58.119 Service scanning
12:27:59.510 Modules scanning
12:27:59.517 Disk 0 trace - called modules:
12:27:59.526 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:27:59.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005797060]
12:27:59.541 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ee050]
12:28:00.601 AVAST engine scan C:\Windows
12:28:05.138 AVAST engine scan C:\Windows\system32
12:31:15.434 AVAST engine scan C:\Windows\system32\drivers
12:31:32.877 AVAST engine scan C:\Users\Baz
12:33:19.656 AVAST engine scan C:\ProgramData
12:33:49.654 Scan finished successfully
12:44:38.000 Disk 0 MBR has been saved successfully to "C:\Users\Baz\Desktop\MBR.dat"
12:44:38.013 The log file has been saved successfully to "C:\Users\Baz\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 10 February 2012 - 12:55 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 10 February 2012 - 02:09 PM

computer seems to be running fine

ComboFix 12-02-09.02 - Baz 10/02/2012 18:16:22.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2688 [GMT 0:00]
Running from: c:\users\Baz\Downloads\ComboFix.exe
Command switches used :: c:\users\Baz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 18:26 . 2012-02-10 18:26 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-02-10 18:26 . 2012-02-10 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-10 09:07 . 2012-02-10 09:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 16:41 . 2012-02-09 16:41 -------- d-----w- c:\users\Baz\AppData\Roaming\Birdstep Technology
2012-02-09 16:40 . 2011-03-23 16:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-02-09 16:40 . 2012-02-09 16:40 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-02-08 11:44 . 2012-02-08 11:44 -------- d-----w- c:\users\Baz\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 11:43 . 2012-02-08 11:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-08 11:43 . 2012-02-08 11:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-07 10:25 . 2012-02-07 10:25 388096 ----a-r- c:\users\Baz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 10:25 . 2012-02-07 10:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\Mozilla
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Roaming\AVG2012
2012-02-06 21:56 . 2012-02-06 21:56 -------- d-----w- c:\users\Test\AppData\Local\FLVService
2012-02-05 17:57 . 2012-02-05 17:57 -------- d-----w- c:\users\Baz\AppData\Roaming\Malwarebytes
2012-02-05 17:56 . 2012-02-07 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 17:56 . 2012-02-05 17:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 11:20 . 2012-02-05 11:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-05 11:20 . 2012-02-05 11:20 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-05 11:20 . 2012-02-05 11:20 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-05 11:20 . 2012-02-05 11:20 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-05 11:20 . 2012-02-05 11:20 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-02 11:47 . 2012-02-02 11:47 -------- d-----w- c:\users\Baz\AppData\Roaming\AVG
2012-02-02 11:41 . 2012-02-02 11:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-02 11:40 . 2012-02-10 09:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-01 18:37 . 2012-02-01 18:37 -------- d-----w- C:\$WINDOWS.~BT
2012-01-25 11:17 . 2012-01-25 11:17 -------- d--h--w- c:\users\Baz\AppData\Local\visi_coupon
2012-01-20 20:10 . 2012-01-20 20:10 -------- d--h--w- c:\programdata\Sony Ericsson
2012-01-20 20:10 . 2012-01-20 20:10 -------- d-----w- c:\program files (x86)\Sony Ericsson
2012-01-19 17:38 . 2012-02-07 17:39 -------- d-----w- c:\programdata\AVG2012
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files\DIFX
2012-01-16 14:18 . 2012-02-01 19:15 -------- d-----w- c:\program files (x86)\Garmin
2012-01-13 13:21 . 2012-01-16 12:51 -------- d--h--w- c:\users\Baz\AppData\Roaming\Garmin
2012-01-13 10:24 . 2010-11-20 05:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-01-13 10:24 . 2010-11-20 04:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-01-13 10:23 . 2010-11-20 05:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-01-13 10:23 . 2010-11-20 05:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-13 10:01 . 2010-11-20 05:26 171520 ----a-w- c:\windows\system32\fde.dll
2012-01-13 10:00 . 2012-01-13 10:00 -------- d-----w- c:\windows\system32\SPReview
2012-01-13 09:59 . 2012-01-13 09:59 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 03:09 . 2011-05-13 01:43 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-05 03:08 . 2011-05-13 01:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-05 02:08 . 2011-04-15 15:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-13 10:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-13 10:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-29 19:41 . 2011-12-29 13:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-15 01:32 . 2011-04-15 15:48 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 21:20 . 2011-12-13 21:20 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-13 11:46 . 2011-12-13 11:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-11-24 04:52 . 2011-12-14 10:48 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 10:41 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 10:41 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-11 14:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:49 . 2012-01-11 14:59 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:44 . 2012-01-11 14:59 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 10:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-11 14:59 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-11 14:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-11 14:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-11 14:59 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-11 14:59 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-11 14:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-11 14:59 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 10:41 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-11 14:59 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-11 14:59 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-11 14:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-11 14:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_11.47.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-02-10 09:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-09 09:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-09 09:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-10 09:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-09 09:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-10 09:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 13:50 . 2012-02-10 09:11 36576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-10 09:11 35806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-09 10:21 . 2012-02-10 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 10:21 . 2012-02-08 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 10:21 . 2012-02-08 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-09 10:21 . 2012-02-10 09:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-08 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-10 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-09 23:02 . 2012-02-10 09:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 23:02 . 2012-02-08 12:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-12 01:38 . 2012-02-08 12:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-12 01:38 . 2012-02-09 16:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-12 01:38 . 2012-02-08 12:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-05-12 01:38 . 2012-02-09 16:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-05-12 01:38 . 2012-02-08 12:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-05-12 01:38 . 2012-02-09 16:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-04-09 23:02 . 2012-02-08 12:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-09 23:02 . 2012-02-10 09:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-07 13:16 . 2012-02-10 09:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-07 13:16 . 2012-02-08 12:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-30 11:38 . 2012-02-10 09:11 9670 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1173059759-332112944-699048419-1003_UserData.bin
- 2012-02-08 12:39 . 2012-02-08 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-10 09:08 . 2012-02-10 09:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-10 09:08 . 2012-02-10 09:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-08 12:39 . 2012-02-08 12:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-08 12:46 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-10 12:42 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-10 12:42 110208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-08 12:46 110208 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-02-06 21:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-09 16:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
c:\program files (x86)\Freecorder\prxtbFre0.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [BU]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [BU]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-12-21 296056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 18:41]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003Core.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173059759-332112944-699048419-1003UA.job
- c:\users\Baz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 20:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\25x65cr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-10 18:45:28
ComboFix-quarantined-files.txt 2012-02-10 18:45
ComboFix2.txt 2012-02-09 16:11
ComboFix3.txt 2012-02-09 12:06
ComboFix4.txt 2012-02-07 10:14
.
Pre-Run: 465,536,299,008 bytes free
Post-Run: 465,591,767,040 bytes free
.
- - End Of File - - AB1F90A5B0AC896FDBBC4BCC8AC62B5E

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 10 February 2012 - 03:06 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.4
Conduit Engine
Freecorder 4
Freecorder Toolbar
Java™ 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 norsch

norsch
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 10 February 2012 - 04:16 PM

no problems, computer seems ok

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Baz :: BAZ-PC [administrator]

Protection: Enabled

10/02/2012 20:59:28
mbam-log-2012-02-10 (20-59-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200035
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:27, on 10/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC7CA53-8301-40B7-980E-B6A32F7C0180}: NameServer = 217.171.132.1 217.171.135.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9494 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 10 February 2012 - 04:40 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users